Details
Content
Dependencies
Version History

Upload files using polling, the service supports Microsoft Office files, as well as PDF, SWF, archives and executables. Active content will be cleaned from any documents that you upload (Microsoft Office and PDF files only). Query on existing IOCs, file status, analysis, reports. Download files from the database. Supports both appliance and cloud. Supported Threat Emulation versions are any R80x.

Check Point Threat Emulation (SandBlast) Pack

What does this pack do?

Uses Threat Emulation to perform remote analysis on a sandbox.
Uploads files to a virtual sandbox.
Opens files and monitors them in multiple OS versions and Microsoft Office versions.
Saves malicious files in the ThreatCloud.
Provides a safe file without active content while the original file is inspected by Threat Emulation. If it is safe it can be downloaded.

Check Point Threat Emulation (SandBlast) Pack

What does this pack do?

Uses Threat Emulation to perform remote analysis on a sandbox.
Uploads files to a virtual sandbox.
Opens files and monitors them in multiple OS versions and Microsoft Office versions.
Saves malicious files in the ThreatCloud.
Provides a safe file without active content while the original file is inspected by Threat Emulation. If it is safe it can be downloaded.

Integrations

Name	Description
Check Point Threat Emulation (SandBlast)	Uploads files using polling. The service supports Microsoft Office files, as well as PDF, SWF, archives, and executables. Active content will be cleaned from any documents that you upload (Microsoft Office and PDF files only). Queries on existing IOCs, file status, analysis, and reports. Downloads files from the database. Supports both appliance and cloud. Supported Threat Emulation versions are any R80x.

Name

Description

Check Point Threat Emulation (SandBlast)

Uploads files using polling. The service supports Microsoft Office files, as well as PDF, SWF, archives, and executables. Active content will be cleaned from any documents that you upload (Microsoft Office and PDF files only). Queries on existing IOCs, file status, analysis, and reports. Downloads files from the database. Supports both appliance and cloud. Supported Threat Emulation versions are any R80x.

Integrations

Name	Description
Check Point Threat Emulation (SandBlast)	Uploads files using polling. The service supports Microsoft Office files, as well as PDF, SWF, archives, and executables. Active content will be cleaned from any documents that you upload (Microsoft Office and PDF files only). Queries on existing IOCs, file status, analysis, and reports. Downloads files from the database. Supports both appliance and cloud. Supported Threat Emulation versions are any R80x.

Name

Description

Check Point Threat Emulation (SandBlast)

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	August 16, 2022
Last Release	March 23, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

Check Point Threat Emulation (SandBlast)

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.