Netskope Help

Cloud Sandbox Analysis

Behavior-based analysis is a key technology for security teams to detect advanced threats. By detonating suspicious files in a controlled, sandbox environment, files can be monitored for actual malicious behavior. Netskope's cloud based dynamic sandbox analysis engine is immune to malware evasion techniques and is built on Netskope's high-performance, cloud-scale security platform.


An advanced threat protection license is required to use cloud sandbox analysis.

To view the Cloud Sandbox Analysis, go to Incidents > Malware. Click on an item on the Malware page, which opens a page with details about the malware. In the File Name column, click on the file name, which opens the Summary page. The Netskope Cloud Sandbox section of this page shows:

  • Observed Behavior: Shows file activity observed in the sandbox.

  • Screenshots: Shows what appeared on the user's monitor during detection process.

  • Processes Monitored: Shows the entire flow of what occurred when the malware was detected.

  • Sandbox Files Dropped: Shows the hashes and file names of the files in the sandbox.

  • Accessed Hosts: Shows the geo-location of the host that accessed the file including the host name, IP address, country, and protocol.