Hi Jakub,
Thank you for your question. First, let me stress that the CAS was built as a file analyzer, and not a URL analyzer, and so its functionality is built on analyzing files, and the behavior of a file when it is open.
When a file is detonated in the sandbox, unaided by a python script, it is simply opened. That is it. If you open a file in Windows, and it doesn't start automatically opening every URL in the document, don't expect anything different out of the sandbox. The ability to have any different results is going to depend on your knowledge of Windows and your knowledge of Python.
As you may be aware, you can use Python scripts with your detonation. (More on the structure
here). There are a few that come with the CAS, such as ghost_user.py, which helps navigate installers. You can also customize Windows itself with certain behaviors. In order to have URLs opened on any .pdf or word doc that you drop, you would need to come up with a way using those constraints.
I currently haven't seen it done before, so I couldn't tell you how to do it, or whether it is possible.If you were able to accomplish it though, it would count as one detonation, and be one task. Do note that the default timeout on the sandbox is set for 60 seconds, and so if you put too many urls in, they might not all detonate.
Hope this helps!
Original Message:
Sent: 08-31-2020 03:22 AM
From: Jakub B
Subject: CAS detonation capabilities
Hi Jacob
Thank you for your answer and i have another
What with case like dropping file like .pdf or .word format with URLs inside this file also will be analyzed separately per task.
Original Message:
Sent: 08-27-2020 03:18 PM
From: Jacob M
Subject: CAS detonation capabilities
Hi Jakub,
The Sandbox is going to analyze one URL per task. You can submit multiple URLs as a task, but the CAS will divide them up into individual tasks - so submitting 1 task with 6 URLs will result in 6 tasks.
Original Message:
Sent: 08-21-2020 04:26 AM
From: Jakub Banaszek
Subject: CAS detonation capabilities
Hi everyone
Maybe some of you know How many maximum URL detonations can the CA S500-A1 perform in one task?
Thank you and best regards