Response Action for generic submission of files to sandbox

[oi-m8]

Many organisations tend to have an on-prem or online service that provides a sandbox for detonation of potentially malicious files. Would it be a good idea to have a RA for a generic submission of a file to a service like this?

[yugoslavskiy]

Hello @oi-m8! Thank you very much for your contribution! I am sorry for the delayed response.
We had a discussion on a similar proposal here:

Response actions should be more generic (tool agnostic).

At the moment there are multiple RAs for file analysis (RA2313: Analyse Windows PE, RA2315: Analyse Unix ELF etc).
Sandbox, RE, strings etc — these are all methods of file analysis, and could be a part of future sub-actions.

I will close the PR, but let's keep the issue open and get back to it as soon as we will move to sub-actions.

Thank you once again 🙏