MAA riskscore shown in Task list differs from the Report


Article ID: 168363


Updated On:


Malware Analysis Software - MA


Sometimes the MAA User interface will show a task with a risk score value that is not identical to the risk score you will see when opening the task report, "Latest 100 High Risk Tasks"


Risk scores are regenerated for a task each time the report is accessed from the UI or RAPI.  The risk scores in the Task Lists ("My Tasks" and "Latest 100 High Risk Tasks") will still show the score from the time when the task was run.

If after running a task the behavioral patterns are updated, and one or more patterns that are relevant for this task changed their risk score, you may see this discrepancy.


If you need to have the risk score values for a task identical in reports and Task Lists you need to update that data.

API command:
$ curl -X POST <maa-ip-address>/rapi/tasks/<task-id>/risk_score?token=<api-token>

The JSON response should look like this, where "global_risk_score" will equal the newly set riskscore from the latest pattern matching:

  "api_version": 5, 
  "exec_time": 0.7827, 
  "request": "POST /tasks/21/risk_score", 
  "results": [
      "global_risk_score": 7, 
      "owner_risk_score": 1
  "results_count": 1, 
  "server_time": "2015-01-21T13:17:15.558641"