About

Create Simulation endpoint creates and runs a simulation as requested; scheduled or instant.
You can create a simulation by giving your simulation a name and adding the template ID, agent ID. You can also make your protocol configurations and enrich your simulation with detection analytics by adding integration information. You cannot create a simulation with the same agent, template, protocol, integrations, and schedule unless you include the parameter force:true in the request body.

schedule_now or schedule should be given

Attack Modules

Network Infiltration module_id = 1
Windows Endpoint Scenario module_id = 2
Web Application module_id = 3
Email module_id = 4
Data Exfiltration module_id = 5
Linux Endpoint Scenario module_id = 6
macOS Endpoint Scenario module_id = 7

Example for Endpoint Attacks

Create scheduled simulation which runs on day 1,3 and 4 of the week

No protocol and obfuscation_method for Endpoint Attack

curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "Endpoint Attacks Test - 1",
    "agent_id": 2874,
    "template_id": 5832,
    "protocols": [],
    "obfuscation_methods": [],
    "schedule": {
        "frequency": "WEEKLY",
        "start_time": 1655984364,
        "day_of_week": [
            1,
            3,
            4
        ],
        "frequency_interval": 1
    }
}'

{
    "simulation": {
        "id": 5865,
        "name": "Endpoint Attacks Test - 1",
        "description": "",
        "schedule_id": 3421,
        "agent_id": 2874,
        "is_active": true,
        "integrations": null,
        "protocols": null,
        "obfuscation_methods": null,
        "template_id": 5832
    },
    "run_info": {
        "id": 14288,
        "status": "SCHEDULED",
        "browser": ""
    },
    "run_immediately": false,
    "simulation_already_exist": false
}

Example for Data Exfiltration Attack

module_id should be 5 for Data Exfiltration Attack

Available protocols {"http", "https", "tcp"}

Available obfuscation_methods {"b64", "xor"}

curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "Data Exfiltration Attack Test - 1",
    "agent_id": 1489,
    "template_id": 5834,
    "protocols": [
        {
            "module_id": 5,
            "protocols": [
                "https",
                "tcp"
            ]
        }
    ],
    "obfuscation_methods": [
        "b64"
    ],
    "schedule": {
        "frequency": "ONCE",
        "start_time": 16681931901,
        "day_of_week": [],
        "day_of_month": []
    }
}'

{
    "simulation": {
        "id": 5866,
        "name": "Untitled Simulation - 82142142",
        "description": "",
        "schedule_id": 3429,
        "agent_id": 1489,
        "is_active": true,
        "integrations": null,
        "protocols": [
            {
                "module_id": 5,
                "protocols": [
                    "https",
                    "tcp"
                ]
            }
        ],
        "obfuscation_methods": [
            "b64"
        ],
        "template_id": 5834
    },
    "run_info": {
        "id": 14289,
        "status": "SCHEDULED",
        "browser": ""
    },
    "run_immediately": false,
    "simulation_already_exist": false
}

Example for Network Infiltration Attack

module_id should be 1 for Network Infiltration Attack

Available protocols {"http", "https"}

curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "Network Infiltration Attack Test - 1",
    "agent_id": 2874,
    "template_id": 5831,
    "integrations": [
        1816,
        1585
    ],
    "protocols": [
        {
            "module_id": 1,
            "protocols": [
                "https",
                "http"
            ]
        }
    ],
    "obfuscation_methods": [],
     "schedule": {
        "frequency": "ONCE",
        "start_time": 16681931901,
        "day_of_week": [],
        "day_of_month": []
    },
    "force": true
}'

{
    "simulation": {
        "id": 5864,
        "name": "Network Infiltration Attack Test - 1",
        "description": "",
        "schedule_id": 386,
        "agent_id": 2874,
        "is_active": true,
        "integrations": [
            1816,
            1585
        ],
        "protocols": [
            {
                "module_id": 1,
                "protocols": [
                    "https",
                    "http"
                ]
            }
        ],
        "obfuscation_methods": null,
        "template_id": 5831
    },
    "run_info": {
        "id": 14287,
        "status": "SCHEDULED",
        "browser": ""
    },
    "run_immediately": true,
    "simulation_already_exist": false
}

Example for Web Application Attack

module_id should be 3 for Web Application Attack

Available protocols {"http", "https"}

curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "Web Application Attack Test - 1",
    "template_id": 4710,
    "agent_id": 2182,
    "integrations": [],
    "protocols": [
        {
            "module_id": 3,
            "protocols": [
                "http",
                "https"
            ]
        }
    ],
    "schedule_now": true,
    "force": true
}'

{
    "simulation": {
        "id": 4212,
        "name": "Web Application Attack Test - 1",
        "description": "",
        "schedule_id": 384,
        "agent_id": 2182,
        "is_active": true,
        "integrations": [],
        "protocols": [
            {
                "module_id": 3,
                "protocols": [
                    "http",
                    "https"
                ]
            }
        ],
        "obfuscation_methods": null,
        "template_id": 4710
    },
    "run_info": {
        "id": 11515,
        "status": "SCHEDULED",
        "browser": ""
    },
    "run_immediately": true,
    "simulation_already_exist": false
}

Example for Email Attack

module_id should be 4 for Email Attack

Available protocols {"Attachment", "URL"}

curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "Email Sim",
    "template_id": 3966,
    "agent_id": 2426,
    "integrations": [],
    "schedule_now":true,
    "protocols": [
      {
        "module_id": 4,
        "protocols": ["Attachment","URL"]
      }]
}'

{
    "simulation": {
        "id": 13583,
        "name": "Email Sim",
        "description": "",
        "schedule_id": 150,
        "agent_id": 2426,
        "is_active": true,
        "integrations": [],
        "protocols": [
            {
                "module_id": 4,
                "protocols": [
                    "Attachment",
                    "URL"
                ]
            }
        ],
        "obfuscation_methods": null,
        "template_id": 3966
    },
    "run_info": {
        "id": 29013,
        "status": "SCHEDULED",
        "browser": ""
    },
    "run_immediately": true,
    "simulation_already_exist": false
}

Example for Browser Agent Simulation

Create browser simulation from api

curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "Browser Simulation",
    "template_id": 3965, //includes only network infiltration module
    "agent_id": 197, //simulation agent id
    "integrations": [],
    "schedule_now":true,
    "protocols": [
      {
        "module_id": 1,
        "protocols": ["https"]
      }
    ]
}'

{
    "simulation": {
        "id": 13584,
        "name": "Browser Simulation",
        "description": "",
        "schedule_id": 150,
        "agent_id": 197,
        "is_active": true,
        "integrations": [],
        "protocols": [
            {
                "module_id": 1,
                "protocols": [
                    "https"
                ]
            }
        ],
        "obfuscation_methods": null,
        "template_id": 3965
    },
    "run_info": {
        "id": 29014,
        "status": "SCHEDULED",
        "browser": ""
    },
    "run_immediately": true,
    "simulation_already_exist": false
}

Example for already exist simulation

Instant simulation that is already exist with the same agent, template, protocol, integrations.

curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "Network Infiltration Attack Test - 2",
    "agent_id": 2874,
    "template_id": 5831,
    "integrations": [
        1816,
        1585
    ],
    "protocols": [
        {
            "module_id": 1,
            "protocols": [
                "https",
                "http"
            ]
        }
    ],
    "obfuscation_methods": [],
     "schedule_now":true,
}'

{
    "simulation": {
        "id": 5864,
        "name": "Network Infiltration Attack Test -2",
        "description": "",
        "schedule_id": 386,
        "agent_id": 2874,
        "is_active": true,
        "integrations": [
            1816,
            1585
        ],
        "protocols": [
            {
                "module_id": 1,
                "protocols": [
                    "https",
                    "http"
                ]
            }
        ],
        "obfuscation_methods": null,
        "template_id": 5831
    },
    "run_info": {
        "id": 14287,
        "status": "SCHEDULED",
        "browser": ""
    },
    "run_immediately": true,
    "simulation_already_exist": true
}

go to https://app.picussecurity.com/scv/simulations/details/{simulation_id} url for starting simulation with changing simulation_id.