MAA riskscore shown in Task list differs from the Report

book

Article ID: 168363

calendar_today

Updated On:

Products

Malware Analysis Software - MA

Issue/Introduction

Sometimes the MAA User interface will show a task with a risk score value that is not identical to the risk score you will see when opening the task report, "Latest 100 High Risk Tasks"

Cause

Risk scores are regenerated for a task each time the report is accessed from the UI or RAPI.  The risk scores in the Task Lists ("My Tasks" and "Latest 100 High Risk Tasks") will still show the score from the time when the task was run.

If after running a task the behavioral patterns are updated, and one or more patterns that are relevant for this task changed their risk score, you may see this discrepancy.

Resolution

If you need to have the risk score values for a task identical in reports and Task Lists you need to update that data.

API command:
$ curl -X POST <maa-ip-address>/rapi/tasks/<task-id>/risk_score?token=<api-token>

The JSON response should look like this, where "global_risk_score" will equal the newly set riskscore from the latest pattern matching:

{
  "api_version": 5, 
  "exec_time": 0.7827, 
  "request": "POST /tasks/21/risk_score", 
  "results": [
    {
      "global_risk_score": 7, 
      "owner_risk_score": 1
    }
  ], 
  "results_count": 1, 
  "server_time": "2015-01-21T13:17:15.558641"
}