<h3>Operationalize Detection and Respond to Evasive Threats Natively Inside Anomali ThreatStream</h3>
<h2>Detect Unknown Threats</h2>
<p>Anomali Sandbox performs deep analysis of evasive and unknown threats, enriches the results with threat intelligence, and delivers actionable indicators of compromise (IOCs), enabling your security team to better understand sophisticated malware attacks and strengthen defenses. Multiple threat analysis technologies combine to detect unknown, zero-day and evasive malware.</p>
<h2>Respond Faster</h2>
<p>Save time and make all security teams more effective with easy-to-understand reports, actionable IOCs and seamless integration. With your Anomali Sandbox a natively integrated component of your ThreatStream threat intelligence platform, insights are automatically included where you need them and where everybody can access them, with no wasted effort or risk of compartmentalization of the data with a specific team, and included findings immediately accompany any established workflow.</p>
<h2>Get Complete Threat Visibility</h2>
<p>Uncover the full attack lifecycle with in-depth insight into all file, network, memory and process activity, and inform all stages of the ThreatStream security lifecycle with sandboxing insights.</p>
<ul>
<li>Collect new internal threat intelligence from detonations of files and URLs targeting your organization</li>
<li>Enrich your understanding by associating newly discovered IOCs with existing intel</li>
<li>Augment your investigations by exploring the attack infrastructure of malicious files and URLs</li>
<li>Fully operationalize the acquired intelligence by automatically curating and disseminating IOCs from detonations to your security controls</li>
</ul>
<p><img alt="" class="img-fluid" src="https://www.anomali.com/images/uploads/resources/anomali-sandbox-diagram.png" /></p>
<h2>Anomali Sanbox Benefits</h2>
<h3>Turbocharge Your ThreatStream Instance</h3>
<p>The embedded sandboxing capability in ThreatStream significantly enhances detection and investigations along several dimensions, including:</p>
<ul>
<li>Automated phishing email detonation</li>
<li>Import IOCs automatically from Sandbox into</li>
<li>ThreatStream</li>
<li>Macula scan IOCs for scoring and False Positive removal</li>
<li>Automatically initiate Investigations</li>
<li>Automatically generate Threat Bulletins</li>
<li>Automatically push IOCs to security controls</li>
<li>Automatically push IOCs to Anomali Match</li>
<li>Optionally share detonation results with the Anomali community</li>
</ul>
<h3>Sandbox Capabilities</h3>
<ul>
<li>Anomali’s detection capability combines</li>
<li>Deep analysis of suspected malware</li>
<li>Deep analysis of URLs to detect phishing</li>
<li>Cross platform analysis — Microsoft Windows and Mac OS</li>
<li>Detailed detonation reports:
<ul>
<li>Screen shots</li>
<li>PCAP</li>
<li>Dropped files</li>
<li>Signatures</li>
<li>Network analysis</li>
<li>Behavior analysis</li>
</ul>
</li>
</ul>
<h2>Use Cases</h2>
<h3>Malware Analysis</h3>
<p>Adversaries are employing sophisticated techniques to avoid detection of malicious files and email attachments, including ransomware, trojans and worms. ThreatStream’s integrated sandbox:</p>
<ul>
<li>Allows you to automatically ingest and analyze suspected malware files and generate detailed reports of the findings.</li>
<li>Can automatically harvest malicious IOCs discovered during detonation, curate them with Macula, and feed these into security controls for blocking/detection</li>
</ul>
<h3>Threat Response</h3>
<p>Sandbox malware analysis can expose behavior and IOCs that threat hunters can use to find similar activity, such as access to a particular network connection, port or domain.</p>
<ul>
<li>ThreatStream can automatically harvest malicious IOCs discovered during detonation, curate them with Macula, and automatically feed these into your SIEM for threat hunting</li>
<li>Match can automatically use sandbox detonation data to retrospectively search historic firewall and proxy logs or other SIEM data to find threats that have penetrated the network</li>
</ul>
