Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox

Implementing Cisco Cybersecurity Operations (210-255)

Both Cisco AMP Threat Grid and Cuckoo Sandbox are malware analysis tools. They can both execute a piece of malware and report on what the malware tries to do. Cisco AMP Threat Grid can either be on-premises as an appliance or a cloud server. Cuckoo Sandbox is an open-source project that is available to run on Windows, Linux, and macOS.

For Threat Grid, I don’t have access to get screenshots, but there is a good video from Cisco. This video gives a good overview of the tool that should get one familiar enough for the objective.

The TrustedSec blog has a good overview of what you will see with Cuckoo Sandbox’s reports. They go on in a second post to give a good set of instructions to setup Cuckoo Sandbox in your own lab.