TXSandbox

Provides highly accurate, static and behavioral analysis on unknown files and URLs, in order to detect zero day threats

OVERVIEW

TXSandbox is a next generation sandbox that features multiple classifiers for increased accuracy, lower false positives and more adaptable PE/NonPE file coverage.   It runs in a Linux docker container, or in any type of VM and can be deployed on-premise, or in private and public clouds, such as AWS. It doesn’t require Microsoft Windows licenses which can save a lot of costs for large deployments. Access is via a Web GUI or Restful API for integration with existing products, such as IPS/IDS, FW and WAF.

HIGHLIGHTS

  • Dual analytic engine to ensure highest detection rates for URL analysis
  • Very high accuracy and low false positive rates
  • Automatically filters out malicious URL links and malicious file attachments embedded in emails
  • Runs static analysis on injected code
  • Runs static analysis on embedded shell code inside of Non-PE files to detect zero day exploits
  • Runs in Linux docker container
  • Easy to manage and scale
  • Analyzes PE files without requiring Windows license fee

DEPLOYMENT

  • OnPremise/Private Cloud/Public Cloud
  • Prepare a physical or VMware Server with minimum of 16 cores, 32G RAM , 2T HD, 1x1G NIC
  • Download iso image from TriagingX support
  • Install and configure the sandbox
  • Provide ip address, user name and pwd
  • It will automatically install all needed modules

OPERATIONS

  • Launch internet browser, such as IE, FireFox or Chrome, and type in the url for the TXSandbox’s server address
  • Click upload sample button to load file(s) for behavior analysis
  • Sit back and wait for the analysis process complete
  • Go to TXSandbox’s dashboard to view the final report.
  • It can also generate the analysis report in PDF file format
  • Alternatively, you can use restful API to upload sample file/url, and retrieve the analysis results

SPECIFICATIONS

Target System :                Windows XP, Windows 7, Windows 8/10
Sandbox Server :             Physical, VMWare Server
Interface :                         Rest API
Report Format :              PDF