# Create Threat

Creates custom threats with given arguments

About

Create Threat endpoint creates a custom threat with specified objectives and actions. You can create a threat by giving it a name, defining objectives with action sequences, and setting result conditions.

  • At least one objective with actions must be provided
  • result_condition defines the overall threat-success criteria
  • Actions within objectives are executed based on their defined conditions

Action IDs: You can get available action IDs from the Action Details endpoint to browse and filter actions.

After creation of the threat, you can use threat id and summary response for further usage.

Example for Basic Threat Creation

Create a simple threat with a single objective containing two actions.

curl --location 'https://api.picussecurity.com/v1/threat-library/threats' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "Apidoc-Example-Threat",
    "result_condition": "OBJ1",
    "objectives": [
        {
            "name": "Collection",
            "result_condition": "A1 AND A2",
            "action_ids": [
                33042,
                33041
            ]
        }
    ]
}'
{
    "threat": {
        "id": 110668,
        "display_id": 183671,
        "created_at": "2025-06-24T07:19:23.72964766Z",
        "name": "Apidoc-Example-Threat",
        "severity": "Medium",
        "tags": [
            "Custom"
        ],
        "affected_os": [
            "Windows"
        ],
        "description": ""
    }
}

Required Fields

Name

  • Required: Yes
  • Type: String
  • Max Length: 255 characters
  • Description: The name of the custom threat

Result Condition

  • Required: Yes
  • Type: String
  • Description: Defines the overall success criteria for the threat using boolean logic
  • Examples: "OBJ1", "OBJ1 AND OBJ2", "(OBJ1 OR OBJ2) AND OBJ3"

Objectives

  • Required: Yes
  • Type: Array
  • Min Items: 1
  • Max Items: 100
  • Description: Contains the attack objectives with their associated actions

Objective Fields:

  • name (required): Identifier for the objective (e.g., "Collection", "A1")
  • action_ids (required): Array of action IDs to execute (min: 1, max: 100)
  • result_condition (required): Boolean logic for objective success (e.g., "A1 AND A2")

Optional Fields

Description

  • Required: No
  • Type: String
  • Max Length: 2500 characters
  • Description: Detailed explanation of the threat

Severity

  • Required: No (defaults to "Medium")
  • Type: String
  • Options:
    • "High": Critical threats that pose significant security risks
    • "Medium": Moderate threats with potential security impact
    • "Low": Minor threats with limited security implications

Affected Operating Systems

  • Required: No (defaults to ["Windows"])
  • Type: Array
  • Max Items: 10
  • Options:
    • "Windows": Microsoft Windows operating systems
    • "Linux": Linux-based operating systems
    • "macOS": Apple macOS operating systems

Tags

  • Required: No
  • Type: Array
  • Max Items: 50
  • Description: Custom tags for categorization (automatically includes "Custom" tag)
  • Examples: ["APT 10", "Defense Evasion", "Credential Access"]

Threat Actor ID

  • Required: No
  • Type: Integer
  • Max Value: 10000
  • Description: Associates the threat with a known threat actor (0 for unknown)

From Campaign

  • Required: No
  • Type: Integer
  • Description: Creates threat based on existing campaign template
Language
Credentials
Header
Click Try It! to start a request and see the response here!