post https://api.picussecurity.com/v1/threat-library/threats
Creates custom threats with given arguments
About
Create Threat endpoint creates a custom threat with specified objectives and actions. You can create a threat by giving it a name, defining objectives with action sequences, and setting result conditions.
- At least one objective with actions must be provided
- result_condition defines the overall threat-success criteria
- Actions within objectives are executed based on their defined conditions
Action IDs: You can get available action IDs from the Action Details endpoint to browse and filter actions.
After creation of the threat, you can use threat id and summary response for further usage.
Example for Basic Threat Creation
Create a simple threat with a single objective containing two actions.
curl --location 'https://api.picussecurity.com/v1/threat-library/threats' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "Apidoc-Example-Threat",
"result_condition": "OBJ1",
"objectives": [
{
"name": "Collection",
"result_condition": "A1 AND A2",
"action_ids": [
33042,
33041
]
}
]
}'
{
"threat": {
"id": 110668,
"display_id": 183671,
"created_at": "2025-06-24T07:19:23.72964766Z",
"name": "Apidoc-Example-Threat",
"severity": "Medium",
"tags": [
"Custom"
],
"affected_os": [
"Windows"
],
"description": ""
}
}
Required Fields
Name
- Required: Yes
- Type: String
- Max Length: 255 characters
- Description: The name of the custom threat
Result Condition
- Required: Yes
- Type: String
- Description: Defines the overall success criteria for the threat using boolean logic
- Examples:
"OBJ1"
,"OBJ1 AND OBJ2"
,"(OBJ1 OR OBJ2) AND OBJ3"
Objectives
- Required: Yes
- Type: Array
- Min Items: 1
- Max Items: 100
- Description: Contains the attack objectives with their associated actions
Objective Fields:
- name (required): Identifier for the objective (e.g., "Collection", "A1")
- action_ids (required): Array of action IDs to execute (min: 1, max: 100)
- result_condition (required): Boolean logic for objective success (e.g., "A1 AND A2")
Optional Fields
Description
- Required: No
- Type: String
- Max Length: 2500 characters
- Description: Detailed explanation of the threat
Severity
- Required: No (defaults to "Medium")
- Type: String
- Options:
"High"
: Critical threats that pose significant security risks"Medium"
: Moderate threats with potential security impact"Low"
: Minor threats with limited security implications
Affected Operating Systems
- Required: No (defaults to ["Windows"])
- Type: Array
- Max Items: 10
- Options:
"Windows"
: Microsoft Windows operating systems"Linux"
: Linux-based operating systems"macOS"
: Apple macOS operating systems
Tags
- Required: No
- Type: Array
- Max Items: 50
- Description: Custom tags for categorization (automatically includes "Custom" tag)
- Examples:
["APT 10", "Defense Evasion", "Credential Access"]
Threat Actor ID
- Required: No
- Type: Integer
- Max Value: 10000
- Description: Associates the threat with a known threat actor (0 for unknown)
From Campaign
- Required: No
- Type: Integer
- Description: Creates threat based on existing campaign template