get_ai_summaries
Retrieve AI-generated reasoning summaries for specific malware analysis runs from Joe Sandbox to understand detection insights and behavioral analysis results.
Instructions
Retrieve the AI summaries for a specific analysis run, either from cache or by downloading it.
Joe Sandbox analyses may run on multiple system configurations (e.g., different Windows/Linux variants).
Each run is indexed in the `runs` array of the analysis metadata. This function retrieves the report
corresponding to a specific run.
Args:
webid: The submission ID of the analysis (unique identifier).
run (optional, default = 0): The index of the analysis run to retrieve the report for.
Use 0 for the first run, 1 for the second, etc.
If not specified, defaults to 0 (the first run).
Returns:
A dictionary containing AI reasoning summaries with fields:
- webid: The analysis ID
- run: The run index
- reasonings: List of AI reasoning entries
- count: Number of reasoning entries found
Notes:
- Reports are cached in memory by key: "{webid}-{run}".
- Use `run` to distinguish between different environments used during analysis.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| webid | Yes | ||
| run | No |
Input Schema (JSON Schema)
{
"properties": {
"run": {
"default": 0,
"title": "Run",
"type": "integer"
},
"webid": {
"title": "Webid",
"type": "string"
}
},
"required": [
"webid"
],
"type": "object"
}