Intezer Sandbox

The OpenCTI Intezer Sandbox enrichment connector allows automatic enrichment of Artifact observables by submitting suspicious files for dynamic analysis. It retrieves detailed sandbox detonation results, associates detected malware families, and assigns maliciousness verdicts (Malicious, Suspicious, Trusted, Unknown) to observables. The connector automatically correlates findings within OpenCTI by creating or updating Malware entities and establishing relationships between artifacts and threat families, enhancing the overall threat intelligence context.