1. home icon for breadcrumbs >
  2. Search Tokens >
  3. Sandbox Search Tokens

Sandbox Search Tokens

You can use the following search tokens in the Sandbox Analyzer tab:

sandbox.analysis.resultsandbox.analysis.result

Use this token to retrieve the result of a sandbox analysis. Choose from Analysing, Clean, Error_Processing_File, In Queue, In Progress, Malicious, Queued, Submitted_to_Sandbox.

Examples

To see the sandbox analysis result as malicious, see the following example:

sandbox.analysis.result: MALICIOUS

To see the sandbox analysis result in analysis, see the following example:

sandbox.analysis.result: ANALYSING

 sandbox.assetname sandbox.assetname

Use this token to identify the asset being analyzed in the sandbox environment. The asset could be a file, application, or other item under investigation.

Example

To show all events having this asset name

sandbox.assetname:DESKTOP-V3RH7I2

sandbox.usersandbox.user

Use this token to identify the user linked to the sandbox analysis. It helps track who initiated the analysis, owns the asset, or monitors operations, ensuring accountability and simplifying reporting in multi-user environments.

Example

To show all events having this user name

sandbox.user:JOHN DOE

sandbox.analysis.remarkssandbox.analysis.remarks

Use this token to capture remarks or additional details about the sandbox analysis. It provides insights not covered in the primary result, including special conditions, limitations, or analyst observations.

Example

To show all events having this remark

sandbox.analysis.remarks"Analysis performed with restricted permissions."

sandbox.filepath.samplesandbox.filepath.sample

Use this token to identify the sample file path for sandbox analysis, ensuring accurate tracking and association with the results.

Example

To show all events having this file path

sandbox.filepath.sample:StorageCassdbbeforeTruncate.zip

sandbox.url.samplesandbox.url.sample

Use this token to specify the sample's URL (file, web page, or resource) being analyzed in the sandbox. It helps track the sample's location, ensuring accurate association with the analysis results.

Example

To show all events having this URL

sandbox.url.sample:"https://secure-site.com/analysis/sample.pdf"

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.