post https://api.picussecurity.com/v1/simulations
Creates the simulation with given information
About
Create Simulation endpoint creates and runs a simulation as requested; scheduled or instant.
You can create a simulation by giving your simulation a name and adding the template ID, agent ID. You can also make your protocol configurations and enrich your simulation with detection analytics by adding integration information. You cannot create a simulation with the same agent, template, protocol, integrations, and schedule unless you include the parameter force:true in the request body.
- schedule_now or schedule should be given
Attack Modules
- Network Infiltration module_id = 1
- Windows Endpoint Scenario module_id = 2
- Web Application module_id = 3
- Email module_id = 4
- Data Exfiltration module_id = 5
- Linux Endpoint Scenario module_id = 6
- macOS Endpoint Scenario module_id = 7
Example for Endpoint Attacks
Create scheduled simulation which runs on day 1,3 and 4 of the week
No protocol and obfuscation_method for Endpoint Attack
curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "Endpoint Attacks Test - 1",
"agent_id": 2874,
"template_id": 5832,
"protocols": [],
"obfuscation_methods": [],
"schedule": {
"frequency": "WEEKLY",
"start_time": 1655984364,
"day_of_week": [
1,
3,
4
],
"frequency_interval": 1
}
}'
{
"simulation": {
"id": 5865,
"name": "Endpoint Attacks Test - 1",
"description": "",
"schedule_id": 3421,
"agent_id": 2874,
"is_active": true,
"integrations": null,
"protocols": null,
"obfuscation_methods": null,
"template_id": 5832
},
"run_info": {
"id": 14288,
"status": "SCHEDULED",
"browser": ""
},
"run_immediately": false,
"simulation_already_exist": false
}
Example for Data Exfiltration Attack
module_id should be 5 for Data Exfiltration Attack
Available protocols {"http", "https", "tcp"}
Available obfuscation_methods {"b64", "xor"}
curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "Data Exfiltration Attack Test - 1",
"agent_id": 1489,
"template_id": 5834,
"protocols": [
{
"module_id": 5,
"protocols": [
"https",
"tcp"
]
}
],
"obfuscation_methods": [
"b64"
],
"schedule": {
"frequency": "ONCE",
"start_time": 16681931901,
"day_of_week": [],
"day_of_month": []
}
}'
{
"simulation": {
"id": 5866,
"name": "Untitled Simulation - 82142142",
"description": "",
"schedule_id": 3429,
"agent_id": 1489,
"is_active": true,
"integrations": null,
"protocols": [
{
"module_id": 5,
"protocols": [
"https",
"tcp"
]
}
],
"obfuscation_methods": [
"b64"
],
"template_id": 5834
},
"run_info": {
"id": 14289,
"status": "SCHEDULED",
"browser": ""
},
"run_immediately": false,
"simulation_already_exist": false
}
Example for Network Infiltration Attack
module_id should be 1 for Network Infiltration Attack
Available protocols {"http", "https"}
curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "Network Infiltration Attack Test - 1",
"agent_id": 2874,
"template_id": 5831,
"integrations": [
1816,
1585
],
"protocols": [
{
"module_id": 1,
"protocols": [
"https",
"http"
]
}
],
"obfuscation_methods": [],
"schedule": {
"frequency": "ONCE",
"start_time": 16681931901,
"day_of_week": [],
"day_of_month": []
},
"force": true
}'
{
"simulation": {
"id": 5864,
"name": "Network Infiltration Attack Test - 1",
"description": "",
"schedule_id": 386,
"agent_id": 2874,
"is_active": true,
"integrations": [
1816,
1585
],
"protocols": [
{
"module_id": 1,
"protocols": [
"https",
"http"
]
}
],
"obfuscation_methods": null,
"template_id": 5831
},
"run_info": {
"id": 14287,
"status": "SCHEDULED",
"browser": ""
},
"run_immediately": true,
"simulation_already_exist": false
}
Example for Web Application Attack
module_id should be 3 for Web Application Attack
Available protocols {"http", "https"}
curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "Web Application Attack Test - 1",
"template_id": 4710,
"agent_id": 2182,
"integrations": [],
"protocols": [
{
"module_id": 3,
"protocols": [
"http",
"https"
]
}
],
"schedule_now": true,
"force": true
}'
{
"simulation": {
"id": 4212,
"name": "Web Application Attack Test - 1",
"description": "",
"schedule_id": 384,
"agent_id": 2182,
"is_active": true,
"integrations": [],
"protocols": [
{
"module_id": 3,
"protocols": [
"http",
"https"
]
}
],
"obfuscation_methods": null,
"template_id": 4710
},
"run_info": {
"id": 11515,
"status": "SCHEDULED",
"browser": ""
},
"run_immediately": true,
"simulation_already_exist": false
}
Example for Email Attack
module_id should be 4 for Data Exfiltration Attack
Available protocols {"Attachment", "URL"}
curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "Email Sim",
"template_id": 3966,
"agent_id": 2426,
"integrations": [],
"schedule_now":true,
"protocols": [
{
"module_id": 4,
"protocols": ["Attachment","URL"]
}]
}'
{
"simulation": {
"id": 13583,
"name": "Email Sim",
"description": "",
"schedule_id": 150,
"agent_id": 2426,
"is_active": true,
"integrations": [],
"protocols": [
{
"module_id": 4,
"protocols": [
"Attachment",
"URL"
]
}
],
"obfuscation_methods": null,
"template_id": 3966
},
"run_info": {
"id": 29013,
"status": "SCHEDULED",
"browser": ""
},
"run_immediately": true,
"simulation_already_exist": false
}
Example for Browser Agent Simulation
Create browser simulation from api
curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "Browser Simulation",
"template_id": 3965, //includes only network infiltration module
"agent_id": 197, //simulation agent id
"integrations": [],
"schedule_now":true,
"protocols": [
{
"module_id": 1,
"protocols": ["https"]
}
]
}'
{
"simulation": {
"id": 13584,
"name": "Browser Simulation",
"description": "",
"schedule_id": 150,
"agent_id": 197,
"is_active": true,
"integrations": [],
"protocols": [
{
"module_id": 1,
"protocols": [
"https"
]
}
],
"obfuscation_methods": null,
"template_id": 3965
},
"run_info": {
"id": 29014,
"status": "SCHEDULED",
"browser": ""
},
"run_immediately": true,
"simulation_already_exist": false
}
Example for already exist simulation
Instant simulation that is already exist with the same agent, template, protocol, integrations.
curl --location --request POST 'https://api.picussecurity.com/v1/simulations' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "Network Infiltration Attack Test - 2",
"agent_id": 2874,
"template_id": 5831,
"integrations": [
1816,
1585
],
"protocols": [
{
"module_id": 1,
"protocols": [
"https",
"http"
]
}
],
"obfuscation_methods": [],
"schedule_now":true,
}'
{
"simulation": {
"id": 5864,
"name": "Network Infiltration Attack Test -2",
"description": "",
"schedule_id": 386,
"agent_id": 2874,
"is_active": true,
"integrations": [
1816,
1585
],
"protocols": [
{
"module_id": 1,
"protocols": [
"https",
"http"
]
}
],
"obfuscation_methods": null,
"template_id": 5831
},
"run_info": {
"id": 14287,
"status": "SCHEDULED",
"browser": ""
},
"run_immediately": true,
"simulation_already_exist": true
}
go to https://app.picussecurity.com/scv/simulations/details/{simulation_id} url for starting simulation with changing simulation_id.