About

Simulation Run Result - Threats - Objectives - Actions endpoint returns simulation result based on threats. Threats for prevention and detection results, Attacker's Objectives for prevention and detection results and Actions for detection results are included as in Picus Platform.

Example

Get threat-objective-action result for simulation id is 1 and page size is 2, page is 2

curl --request GET \
     --url 'https://api.picussecurity.com/v1/simulations/1/run/latest/threats?limit=2&offset=2' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer access_token'

{
  "threats": [
    {
      "threat_id": 4168,
      "threat_name": "Mimikatz",
      "started_at": 1654793193000,
      "completed_at": 1654793197000,
      "prevention": "unblocked",
      "objectives": [
        {
          "objective_id": 5165,
          "objective_name": "Initial Access",
          "prevention": "achieved",
          "actions": [
            {
              "action_id": 2421,
              "action_name": "Execute Mimikatz DPAPI module",
              "prevention": "unblocked",
              "node_id": 2,
              "has_detection_analysis": true,
              "detection_analysis": {
                "has_log_analysis": true,
                "has_alert_analysis": true,
                "log_result": "Not Logged",
                "alert_result": "Alerted",
                "integrations": [
                  {
                    "integration_id": 110,
                    "product_name": "Crowdstrike",
                    "has_log_analysis": false,
                    "has_alert_analysis": true,
                    "alert_result": "Not Alerted"
                  },
                  {
                    "integration_id": 134,
                    "product_name": "Sentinel One",
                    "has_log_analysis": true,
                    "has_alert_analysis": true,
                    "log_result": "Not Logged",
                    "alert_result": "Alerted"
                  }
                ]
              }
            }
          ]
        }
      ],
      "has_detection_analysis": true,
      "detection_analysis": {
        "has_log_analysis": true,
        "has_alert_analysis": true,
        "log_result": "Not Logged",
        "alert_result": "Alerted",
        "integrations": [
          {
            "integration_id": 133,
            "product_name": "Elasticsearch SIEM",
            "has_log_analysis": true,
            "has_alert_analysis": true
          },
          {
            "integration_id": 134,
            "product_name": "Sentinel One",
            "has_log_analysis": true,
            "has_alert_analysis": true,
            "log_result": "Not Logged",
            "alert_result": "Alerted"
          },
          {
            "integration_id": 110,
            "product_name": "Crowdstrike",
            "has_log_analysis": false,
            "has_alert_analysis": true,
            "alert_result": "Not Alerted"
          }
        ]
      }
    }
  ],
  "pages": {
    "total_count": 3,
    "limit": 2,
    "offset": 2
  }
}

📘
Pagination
Default Limit: 10, Max Limit: 50

200ThreatResultsReturnSwagger

422validationErrorSwagger is represents the erroneous cases

defaultgenericErrorSwagger is represents the erroneous cases