top title background image

Joe Security Solutions

Analyst Workspace with Joe Sandbox Cloud Pro, Joe Reverser and Joe Lab

From Suspicious Artifacts to Actionable Investigation Context

Joe Security products fit together around the analyst workflow: collect suspicious artifacts and telemetry, execute and enrich them automatically, extract cyber evidence, and validate difficult cases in a dedicated lab.

Technical Intake

  • Email artifactsEML, MSG, headers, HTML bodies, attachments, URLs and abuse mailbox intake
  • Web indicatorsURLs, redirect chains, domains, forms and landing pages
  • Endpoint signalsQuarantine events, EDR/XDR hits, user reports and suspicious paths
  • Installers and packagesInstallers, updaters, MSI, EXE, PKG, DMG and bundled payloads
  • Malware samplesPE, ELF and Mach-O files, documents, PDFs, scripts, archives and APKs
Analysis pipeline

Detonate, Trace, Enrich and Reverse

Joe Sandbox Cloud Pro executes the artifact and captures behavioral telemetry. Joe Reverser adds code-level and phishing reasoning. Joe Lab gives analysts a controlled bare-metal path for evasive or hands-on cases.

Static triageHashes, strings, imports, packers Runtime traceProcess, file, registry, network Cyber enrichmentATT&CK, IOCs, signatures, score Deep diveReverse engineering and lab validation
  1. Behavior captureObserve execution, screenshots, dropped files, memory and network activity.
  2. Threat correlationMap findings to IOCs, detection logic, malware behavior and ATT&CK techniques.
  3. Analyst validationUse Reverser Q&A and Joe Lab when a case needs code-level or bare-metal proof.

Cyber Evidence

  • IOCs and networkHashes, domains, IPs, URLs, DNS, HTTP(S), extracted files and PCAP
  • Detection logicYara, Sigma, Suricata/Snort, behavioral signatures and ATT&CK context
  • Malware behaviorProcess trees, persistence, payloads, configs, C2 and code-level findings
  • Memory and packet evidenceMemory dumps, extracted files, network captures and PCAP
  • Visual and web artifactsScreenshots, video recordings, DOM tree and rendered phishing content
  • Reports and exportsReadable verdicts, JSON/XML, STIX report, API data and enrichment for downstream tools

Products for Every Stage of Malware Investigation

Joe Sandbox Cloud Pro is the automated dynamic analysis platform, Joe Reverser reveals functionality beyond dynamic analysis, and Joe Lab gives analysts dedicated bare-metal machines for manual malware work.

Automated analysis platform Private cloud service for automated dynamic file and URL analysis, detailed reports, IOCs, exports and API-driven integrations. Dynamic analysis Files and URLs REST API Detect intake Mail Monitor intake
  • Dynamically executes files and URLs in controlled Windows, macOS and Linux analysis environments
  • Produces behavior, screenshots, detections, IOCs and downloadable reports
  • Keeps samples and analysis data private, with no third-party sample sharing
  • Includes Joe Sandbox Detect for endpoint and user-submission intake, plus Joe Sandbox Mail Monitor for mailbox intake
Agentic reverse engineering Standalone agentic AI analyst for automated malware reverse engineering and phishing analysis when analysts need code-level answers. Reverse engineering Agentic AI Full binary view Q&A
  • Automatically reverse-engineers files and analyzes URLs and emails for phishing threats
  • Dynamically selects reverse engineering and malware analysis tools for each task
  • Generates comprehensive reports with readable findings and an interactive Q&A interface
  • Reveals functionality beyond the partial view provided by dynamic analysis
Dedicated analyst lab Cloud-based malware analysis lab with dedicated 24x7 bare-metal machines for manual malware work, endpoint testing and long-term observation. 24x7 access Bare metal VNC PCAP
  • Dedicated Windows 10 and Windows 11 x64 bare-metal machines, not virtual machines
  • Browser-based VNC and full web-based file system access for hands-on investigation
  • Configurable anonymized Internet access, Internet simulation, PCAP and screenshots
  • Save machine states and reset to a known good state for repeated analysis and detection testing

Plugin Capabilities Included with Joe Sandbox Cloud Pro

The capabilities below are shown as part of Joe Sandbox Cloud Pro in this overview, covering evasive malware, machine-learning verdicts, phishing detection, endpoint alert validation and automated email intake.

Most Popular Bundles

Joe Sandbox Cloud Pro

Joe Sandbox Cloud Pro

The usual starting point: automated private analysis for files and URLs, rich reports, integrations, and the included Joe Sandbox Cloud Pro plugin set.

Joe Sandbox Cloud Pro + Joe Lab

Automation plus hands-on validation

Pair Joe Sandbox Cloud Pro reports and intake workflows with a dedicated browser-accessible lab for evasive samples, long-running observation and endpoint testing.

Joe Sandbox Cloud Pro + Joe Reverser + Joe Lab

Ultimate analyst suite

Use Joe Sandbox Cloud Pro for automated analysis, Joe Reverser for deep code and phishing explanations, and Joe Lab for controlled bare-metal manual work.