Skip to main content

Cape Sandbox

Download With Dependencies

CAPE Sandbox is an open-source software for automating the analysis of suspicious files.

Cape Sandbox

CAPE Sandbox is an open-source software for automating the analysis of suspicious files. It provides comprehensive malware analysis capabilities, including behavioral analysis, memory forensics, and network traffic capture.

What does this pack do?

This pack includes the Cape Sandbox integration that enables you to:

Cape Sandbox Integration

  • Submit files for analysis - Upload suspicious files to CAPE Sandbox for automated malware analysis, including support for PCAP files.
  • Submit URLs for analysis - Analyze potentially malicious URLs in a controlled sandbox environment.
  • Retrieve analysis reports - Access detailed analysis reports in multiple formats (JSON, MAEC, metadata, lite).
  • Download artifacts - Download samples, PCAP files, and screenshots from completed analyses.
  • Manage analysis tasks - List, view, and delete analysis tasks.
  • Monitor sandbox status - Check the operational status of CAPE/Cuckoo machines and overall system health.
  • View file information - Query file details by Task ID, MD5, or SHA256 hash.

For more information

Cape Sandbox

CAPE Sandbox is an open-source software for automating the analysis of suspicious files. It provides comprehensive malware analysis capabilities, including behavioral analysis, memory forensics, and network traffic capture.

What does this pack do?

This pack includes the Cape Sandbox integration that enables you to:

Cape Sandbox Integration

  • Submit files for analysis - Upload suspicious files to CAPE Sandbox for automated malware analysis, including support for PCAP files.
  • Submit URLs for analysis - Analyze potentially malicious URLs in a controlled sandbox environment.
  • Retrieve analysis reports - Access detailed analysis reports in multiple formats (JSON, MAEC, metadata, lite).
  • Download artifacts - Download samples, PCAP files, and screenshots from completed analyses.
  • Manage analysis tasks - List, view, and delete analysis tasks.
  • Monitor sandbox status - Check the operational status of CAPE/Cuckoo machines and overall system health.
  • View file information - Query file details by Task ID, MD5, or SHA256 hash.

For more information

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedNovember 11, 2025
Last ReleaseNovember 11, 2025
Malware
Threat Intelligence Management
Incident Response
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.