# Create Threat

Creates custom threats with given arguments

About

Create Threat endpoint creates a custom threat with specified objectives and actions. You can create a threat by giving it a name, defining objectives with action sequences, and setting result conditions.

  • At least one objective with actions must be provided
  • result_condition defines the overall threat-success criteria
  • Actions within objectives are executed based on their defined conditions

Action IDs: You can get available action IDs from the Action Details endpoint to browse and filter actions.

After creation of the threat, you can use threat id and summary response for further usage.

Example for Basic Threat Creation

Create a simple threat with a single objective containing two actions.

curl --location 'https://api.picussecurity.com/v1/threat-library/threats' \
--header 'Authorization: Bearer access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "Apidoc-Example-Threat",
    "result_condition": "OBJ1",
    "objectives": [
        {
            "name": "Collection",
            "result_condition": "A1 AND A2",
            "action_ids": [
                33042,
                33041
            ]
        }
    ]
}'
{
    "threat": {
        "id": 110668,
        "display_id": 183671,
        "created_at": "2025-06-24T07:19:23.72964766Z",
        "name": "Apidoc-Example-Threat",
        "severity": "Medium",
        "tags": [
            "Custom"
        ],
        "affected_os": [
            "Windows"
        ],
        "description": ""
    }
}

Fields

Field NameRequiredTypeConstraintsDefault ValueOptions/ExamplesDescription
name✅ YesStringMax 255 characters--The name of the custom threat
result_condition✅ YesString--"OBJ1", "OBJ1 AND OBJ2", "(OBJ1 OR OBJ2) AND OBJ3"Defines the overall success criteria for the threat using boolean logic
objectives✅ YesArrayMin: 1, Max: 100 items-See objective sub-fields belowContains the attack objectives with their associated actions
objectives.name✅ YesString--"Collection", "A1"Identifier for the objective
objectives.action_ids✅ YesArrayMin: 1, Max: 100 items--Array of action IDs to execute
objectives.result_condition✅ YesString--"A1 AND A2"Boolean logic for objective success
description❌ NoStringMax 2500 characters--Detailed explanation of the threat
severity❌ NoStringMust be one of the options"Medium""High" (Critical threats), "Medium" (Moderate threats), "Low" (Minor threats)Risk level of the threat
affected_operating_systems❌ NoArrayMax 10 items["Windows"]"Windows" (Microsoft Windows), "Linux" (Linux-based), "macOS" (Apple macOS)Operating systems affected by the threat
tags❌ NoArrayMax 50 items-["APT 10", "Defense Evasion", "Credential Access"]Custom tags for categorization (automatically includes "Custom" tag)
threat_actor_id❌ NoIntegerMax value: 10000-0 (for unknown)Associates the threat with a known threat actor
from_campaign❌ NoInteger---Creates threat based on existing campaign template
Language
Credentials
Header
Click Try It! to start a request and see the response here!