Sandboxes are a great tool with two primary uses: 1.) A tool to assist malware analyst during their analysis and 2.) A first line security tool for Tier 1/Level 1 (T1/L1) analysts to help determine if a file exhibits malicious behavior and to rate the severity of an incident. It is the later use that I am going to focus on. When used correctly, sandboxes can enhance a T1/L1 analysts ability to detect and classify incidents for an organizations’ Security Operation Centers (SOC).