# Create Threat

Creates custom threats with given arguments

About

Create Threat endpoint creates a custom threat with specified objectives and actions. You can create a threat by giving it a name, defining objectives with action sequences, and setting result conditions.

  • At least one objective with actions must be provided
  • result_condition defines the overall threat-success criteria
  • Actions within objectives are executed based on their defined conditions

Action IDs: You can get available action IDs from the Action Details endpoint to browse and filter actions.

After creation of the threat, you can use threat id and summary response for further usage.

Example for Basic Threat Creation

Create a simple threat with a single objective containing two actions.

curl --location 'https://api.picussecurity.com/v1/threat-library/threats' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "Apidoc-Example-Threat",
    "result_condition": "OBJ1",
    "objectives": [
        {
            "name": "Collection",
            "result_condition": "A1 AND A2",
            "action_ids": [
                33042,
                33041
            ]
        }
    ]
}'
{
    "threat": {
        "id": 110668,
        "display_id": 183671,
        "created_at": "2025-06-24T07:19:23.72964766Z",
        "name": "Apidoc-Example-Threat",
        "severity": "Medium",
        "tags": [
            "Custom"
        ],
        "affected_os": [
            "Windows"
        ],
        "description": ""
    }
}

Fields

Field Name

Required

Type

Constraints

Default Value

Options/Examples

Description

name

Yes

String

Max 255 characters

-

-

The name of the custom threat

result_condition

Yes

String

-

-

"OBJ1"

,

"OBJ1 AND OBJ2"

,

"(OBJ1 OR OBJ2) AND OBJ3"

Defines the overall success criteria for the threat using boolean logic

objectives

Yes

Array

Min: 1, Max: 100 items

-

See objective sub-fields below

Contains the attack objectives with their associated actions

objectives.name

Yes

String

-

-

"Collection"

,

"A1"

Identifier for the objective

objectives.action_ids

Yes

Array

Min: 1, Max: 100 items

-

-

Array of action IDs to execute

objectives.result_condition

Yes

String

-

-

"A1 AND A2"

Boolean logic for objective success

description

No

String

Max 2500 characters

-

-

Detailed explanation of the threat

severity

No

String

Must be one of the options

"Medium"

"High"

(Critical threats),

"Medium"

(Moderate threats),

"Low"

(Minor threats)

Risk level of the threat

affected_operating_systems

No

Array

Max 10 items

["Windows"]

"Windows"

(Microsoft Windows),

"Linux"

(Linux-based),

"macOS"

(Apple macOS)

Operating systems affected by the threat

tags

No

Array

Max 50 items

-

["APT 10", "Defense Evasion", "Credential Access"]

Custom tags for categorization (automatically includes "Custom" tag)

threat_actor_id

No

Integer

Max value: 10000

-

0

(for unknown)

Associates the threat with a known threat actor

from_campaign

No

Integer

-

-

-

Creates threat based on existing campaign template

Language
Credentials
Header
Click Try It! to start a request and see the response here!