Action Details; Action Id, Action Display Id, Action Name, Action Release Date, Action Description, Action Affected Os, Action Affected Products, Action Affected Platforms, Action Category, Attack Module, Mitres, Unified Kill Chains, Module Based Details, Owasp, Reference Links

About

This endpoint takes action_ids and returns given actions in the response.

You can use Action Details List endpoint to reach out data such as; Action Id, Action Display Id, Release Date, Description, Affected OS, Affected Products, Affected Platforms, Category, Attack Module and other details including MITRE ATT&CK and Unified Kill Chain phases.

Example

Get details of the actions 1,2 and 3 which is given as a query parameter

curl --request GET \
     --url 'https://api.picussecurity.com/v1/threat-library/actions?action_ids=1,2,3' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer access_token'
{
    "actions": [
        {
            "id": 1,
            "created_at": 1608038833000,
            "updated_at": 1697556337840,
            "display_id": 5262098,
            "name": "Get System Information Variant-1",
            "description": "",
            "release_date": 1612436646,
            "affected_os": [
                "Windows"
            ],
            "affected_products": [
                "Microsoft Windows"
            ],
            "affected_platforms": [
                {
                    "name": "Windows 10",
                    "os": "Windows",
                    "architecture": "64-bit"
                },
                {
                    "name": "Windows 11",
                    "os": "Windows",
                    "architecture": "64-bit"
                },
                {
                    "name": "Windows Server 2019",
                    "os": "Windows",
                    "architecture": "64-bit"
                },
                {
                    "name": "Windows Server 2016",
                    "os": "Windows",
                    "architecture": "64-bit"
                },
                {
                    "name": "Windows Server 2022",
                    "os": "Windows",
                    "architecture": "64-bit"
                }
            ],
            "attack_category": "Attack Scenario",
            "attack_module": "Endpoint Scenario",
            "frameworks": {
                "mitre": {
                    "tactic_id": "TA0007",
                    "tactic": "Discovery",
                    "technique": "System Network Configuration Discovery",
                    "technique_id": "T1016"
                },
                "ukc": {
                    "phase": "Discovery",
                    "stage": "Network Propagation"
                }
            },
            "module_based_details": {
                "processes": [
                    {
                        "id": 6713,
                        "path": "powershell.exe",
                        "arguments": "-c \"Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName . | Select-Object -Property [a-z]* -ExcludeProperty IPX*,WINS*\""
                    }
                ]
            },
						"tags": [
                "Custom"
            ],
            "references": {}
        },
        {
            "id": 2,
            "created_at": 1608730591000,
            "updated_at": 1698798936300,
            "display_id": 5253512,
            "name": "Gather Information about Target Domain using Adfind.bat",
            "description": "In this action, an attacker is trying together information about the target domain by using Adfind.exe script.",
            "release_date": 1612436699,
            "affected_os": [
                "Windows"
            ],
            "affected_products": [
                "Microsoft Windows"
            ],
            "affected_platforms": [
                {
                    "name": "Windows Server 2022",
                    "os": "Windows",
                    "architecture": "64-bit"
                },
                {
                    "name": "Windows 11",
                    "os": "Windows",
                    "architecture": "64-bit"
                },
                {
                    "name": "Windows Server 2019",
                    "os": "Windows",
                    "architecture": "64-bit"
                },
                {
                    "name": "Windows Server 2016",
                    "os": "Windows",
                    "architecture": "64-bit"
                },
                {
                    "name": "Windows 10",
                    "os": "Windows",
                    "architecture": "64-bit"
                }
            ],
            "attack_category": "Attack Scenario",
            "attack_module": "Endpoint Scenario",
            "frameworks": {
                "mitre": {
                    "tactic_id": "TA0007",
                    "tactic": "Discovery",
                    "technique": "Remote System Discovery",
                    "technique_id": "T1018"
                },
                "ukc": {
                    "phase": "Discovery",
                    "stage": "Network Propagation"
                }
            },
            "module_based_details": {
                "processes": [
                    {
                        "id": 3,
                        "path": "cmd.exe",
                        "arguments": "/c \"%TMP%\\adfind.bat\""
                    }
                ]
            },
						"tags": [
                "Network"
            ],
            "references": {}
        },
        {
            "id": 3,
            "created_at": 1634903854000,
            "updated_at": 1708095841354,
            "display_id": 541733,
            "name": "XSS Evasion via title HTML Tag",
            "description": "This attack contains a payload of the XSS which include title HTML tag. title tag doesn't interpret inline HTML and attacker can use this payload without using any quote char in attributes. An attacker can use such an XSS attack to send a malicious script to an unsuspecting user. Because the end user's browser thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site.",
            "release_date": 1635248233,
            "affected_os": [
                "Windows",
                "macOS",
                "Linux"
            ],
            "tags": [
                "XSS Evasion"
            ],
            "cwe": "CWE-79",
            "attack_category": "Web Application",
            "attack_module": "Web Application",
            "owasp": "Injection",
            "module_based_details": {},
            "references": {
                "cwe_reference": {
                    "name": "CWE-79",
                    "link": "https://cwe.mitre.org/data/definitions/79"
                }
            }
        }
    ]
}
Language
Credentials
Header
Click Try It! to start a request and see the response here!