Risk Tolerance Levels
Spectra Analyze > Administration > Users & Personalization > Risk Tolerance Levels
Risk tolerance levels determine how aggressively Spectra Analyze classifies samples by configuring which analysis sources contribute to the final classification. Spectra Analyze provides multiple risk tolerance levels, each with different analysis sources and thresholds. For more context on how classification and risk factors work together, see the Classification guide.
- The availability of analysis sources depends on your appliance configuration.
- RL Cloud Sandbox results are weighed more heavily and can classify a sample as malicious even if other sources do not.
Higher sensitivity levels include more sources and lower thresholds, which increases detection rates but may also increase false positives.
Default risk tolerance level
ReversingLabs Default is the default configuration that provides balanced detection without additional analysis sources. In this case, only RL Cloud Sandbox can change the final classification from Suspicious to Malicious.
Risk tolerance levels comparison
| Analysis Source | ReversingLabs Default | High | Medium | Low |
|---|---|---|---|---|
| Auxiliary Analysis | No impact | Score >1000: Malicious Score >700: Suspicious | Score >700: Malicious Score >300: Suspicious | Score >700: Malicious Score >300: Suspicious |
| Network Data | No impact | Apply payload classification to URL. | Apply payload classification to URL and consult at least two 3rd party reputation sources. | Apply payload classification to URL and consult at least one 3rd party reputation source. |
| RL Cloud Sandbox | Can change Suspicious to Malicious (setting can be enabled on integration page). | Score >7: Malicious Score >5: Suspicious | Score >5: Malicious Score >3: Suspicious | Score >5: Malicious Score >3: Suspicious |
| Joe Sandbox | No impact | Score >8: Malicious Score >5: Suspicious | Score >6: Malicious Score >3: Suspicious | Score >6: Malicious Score >3: Suspicious |
| YARA | No impact | YARA Forge Core Ruleset | YARA Forge Extended Ruleset | YARA Forge Full Ruleset |
Selecting a risk tolerance level
To select a risk tolerance level:
- Go to Administration > Users & Personalization > Risk Tolerance Levels.
- Review the available risk tolerance levels and their respective settings.
- Click the desired risk tolerance level to select it.
- Click Apply changes to save the selection, or Discard to cancel.
The active risk tolerance level is indicated with an (Active) label.
Configuring a risk tolerance level
To configure a risk tolerance level:
- Go to Administration > Users & Personalization > Risk Tolerance Levels.
- Click Configure on the desired risk tolerance level to expand the configuration options.
- Select or clear the checkboxes next to each analysis source to enable or disable them:
- Auxiliary Analysis
- Network Data
- RL Cloud Sandbox
- Joe Sandbox
- YARA
- Click Apply changes to save the configuration, or Discard to cancel.