API Reference
Start typing to search…

# Action Details

get
https://api.picussecurity.com/v1/threat-library/actions/

Action Details; Action Id, Action Display Id, Action Name, Action Release Date, Action Description, Action Affected Os, Action Affected Products, Action Affected Platforms, Action Category, Attack Module, Mitres, Unified Kill Chains, Module Based Details, Owasp, Reference Links, Keyword Queries

About

Reach details of the endpoint Action Details List using this endpoint as in Picus Threat Library. The endpoint returns data such as; Action Id, Release Date, Description, Affected OS, Affected Products, Affected Platforms, Category, Attack Module and other details including MITRE ATT&CK and Unified Kill Chain phases.

Example

Get action details for action id is 1.

curl --request GET \
     --url https://api.picussecurity.com/v1/threat-library/actions/1 \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer access_token'
{
    "id": 1,
    "created_at": 1608038833000,
    "updated_at": 1702633045601,
    "display_id": 5262098,
    "name": "Get System Information Variant-1",
    "description": "",
    "release_date": 1667975767034,
    "affected_os": [
        "Windows"
    ],
    "affected_platforms": [
        {
            "name": "Windows 10",
            "os": "Windows",
            "architecture": "64-bit"
        },
        {
            "name": "Windows Server 2016",
            "os": "Windows",
            "architecture": "64-bit"
        },
        {
            "name": "Windows Server 2019",
            "os": "Windows",
            "architecture": "64-bit"
        },
        {
            "name": "Windows 11",
            "os": "Windows",
            "architecture": "64-bit"
        },
        {
            "name": "Windows Server 2022",
            "os": "Windows",
            "architecture": "64-bit"
        }
    ],
    "attack_category": "Attack Scenario",
    "attack_module": "Endpoint Scenario",
    "attack_module_id": 2,
    "frameworks": {
        "mitre": {
            "tactic_id": "TA0007",
            "tactic": "Discovery",
            "technique": "System Network Configuration Discovery",
            "technique_id": "T1016"
        },
        "ukc": {
            "phase": "Discovery",
            "stage": "Network Propagation"
        }
    },
    "module_based_details": {
        "processes": [
            {
                "id": 6712,
                "path": "powershell.exe",
                "arguments": "-c \"Get-WmiObject -ClassName Win32_OperatingSystem\""
            },
            {
                "id": 6713,
                "path": "powershell.exe",
                "arguments": "-c \"Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName . | Select-Object -Property [a-z]* -ExcludeProperty IPX*,WINS*\""
            }
        ]
    },
    "references": {},
    "keyword_queries": [
        {
            "id": 19324,
            "query": "(\"powershell\" AND \"Get-WmiObject\" AND (\"Win32_OperatingSystem\" OR \"Win32_NetworkAdapterConfiguration\"))",
            "type": "Default"
        }
    ]
}
Language
Credentials
Header
Click Try It! to start a request and see the response here!