The expansion module joesandbox_query usually produces a huge number of attributes and objects and some of them generates a lot of noise (e.g.: private IP addresses).
Could it be possible to filter the indicators returned by the module?
In the JSON generated by JoeSandbox API I see the field "@malicious" for some entries. It might be useful to give the opportunity to choose to get only the indicators tagged as malicious by JoeSandbox.
The expansion module joesandbox_query usually produces a huge number of attributes and objects and some of them generates a lot of noise (e.g.: private IP addresses).
Could it be possible to filter the indicators returned by the module?
In the JSON generated by JoeSandbox API I see the field "@malicious" for some entries. It might be useful to give the opportunity to choose to get only the indicators tagged as malicious by JoeSandbox.