Overview MetaDefender Sandbox API Reference Release Notes
Getting Started
Deployment & Usage
Support
Configuration
2.1.0
Search this version
Configuration
Configuration
Architectural Overview
Features
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
File / Folder Structure
Copy Markdown
Open in ChatGPT
Open in Claude
Sandbox will be installed in the /home/sandbox/sandbox directory by default.
If the default options are used, the following top-level folders will be created:
- logs: Contains logfiles collected from various components, see: Logging
- broker: Contains the "broker" component
- transform: Contains the "transform" analyzer engine
- webservice: Contains the Sandbox webservice that implements the top-level Sandbox API
- webservice-front: Contains the Sandbox frontend
- THIRD-PARTY: Contains license information from open-source libraries
The descriptions of potentially relevant folders in /home/sandbox/sandbox/transform are provided for informational purposes only:
- consumers: This is where a group of Python scripts reside, which can consume reporting data and generate informational signals of different severity levels. These "signals" are often referred to as behavior indicators / signatures by different security vendors. The term "signal" is used to underline the fact that a lot of reporting contains much "noise" (redundant information) of which the relevant signals need to be extracted.
- external: This folder has a variety of definitions (e.g. a list of UUIDs, MITRE techniques/tactics or local whitelists/blacklists). These files are actively maintained, and new versions are provided with each update.
- lib: This folder contains a variety of third-party libraries that are used by the processor node. Do not modify this folder.
- parser: This folder contains a variety of external scripts / integrations that are used by the processor node. Do not modify this folder.
- thirdparty: This folder contains a variety of third-party software not relevant to the core functionality. Do not modify this folder.
- yara: This folder contains a variety of third party and local YARA rules, which are compiled to a master index file and used against the input file and extracted artifacts. In general, do not modify this folder, although it is possible to add custom YARA Rules here.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on
Was this page helpful?
Next to read:
APISee the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message
