Flushing the whole MA sandbox queue using RAPI

RAPI is Remote Application Programming Interface, or Remote API. The first thing we want to do is create an API token.

CAS# ma-actions api-key create role administrator user admin

Note that keys are not stored on the system in plain text and cannot be retrieved later.
Created new API Key: 82feb6789a7c421cbe13e0e7f12345cc (Key ID 01J6DY0SR871M5B1DAXMNT2D30)

So, now we have this key from my CAS/MA system, 82feb6789a7c421cbe13e0e7f12345cc (randomly written alpha numeric characters, not a real key). This is very important, like it says, you can't retrieve this from the system again. Now that we have that, issue commands to the system directly with this; that's RAPI.

So, to purge the CAS-MA queue, run the following curl command:

$ curl -k -X POST -H "X-API-TOKEN:82feb6789a7c421cbe13e0e7f12345cc" https://<appliance_IP_address>:8082/rapi/system/purge_task_queues
{
  "api_version": 10,
  "exec_time": 0.8011,
  "request": "POST /system/purge_task_queues",
  "results": [
    true
  ],
  "results_count": 1,
  "server_time": "2024-09-12T11:08:56.454067"

that just dumped my entire MA task queue, pretty nifty. To see a complete list of API functions for performing malware analysis, go to the following URL: https://<appliance_IP_address
>:8082/rapi/system/documentation

Reference: Content Analysis APIs (broadcom.com)

If there is infinite sandboxing after flushing the queue, please make sure IntelliVM execution time is defined, Configure Content Analysis Task Settings (broadcom.com)