API Reference

# Threats - Objectives - Actions

get https://api.picussecurity.com/v1/simulations//run/latest/threats

Includes Threat, Attacker's Objective, Action results for Prevention and Threat, Action results for Detection.
Default limit: 10, Default offset: 0
Max limit: 50

About

Simulation Run Result - Threats - Objectives - Actions endpoint returns simulation result based on threats. Threats for prevention and detection results, Attacker's Objectives for prevention and detection results and Actions for detection results are included as in Picus Platform.

Example

Get threat-objective-action result for simulation id is 1 and page size is 2, page is 2

curl --request GET \
     --url 'https://api.picussecurity.com/v1/simulations/1/run/latest/threats?limit=2&offset=2' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer access_token'

{
  "threats": [
    {
      "threat_id": 4168,
      "threat_name": "Mimikatz",
      "started_at": 1654793193000,
      "completed_at": 1654793197000,
      "prevention": "unblocked",
      "objectives": [
        {
          "objective_id": 5165,
          "objective_name": "Initial Access",
          "prevention": "achieved",
          "actions": [
            {
              "action_id": 2421,
              "action_name": "Execute Mimikatz DPAPI module",
              "prevention": "unblocked",
              "node_id": 2,
              "has_detection_analysis": true,
              "detection_analysis": {
                "has_log_analysis": true,
                "has_alert_analysis": true,
                "log_result": "Not Logged",
                "alert_result": "Alerted",
                "integrations": [
                  {
                    "integration_id": 110,
                    "product_name": "Crowdstrike",
                    "has_log_analysis": false,
                    "has_alert_analysis": true,
                    "alert_result": "Not Alerted"
                  },
                  {
                    "integration_id": 134,
                    "product_name": "Sentinel One",
                    "has_log_analysis": true,
                    "has_alert_analysis": true,
                    "log_result": "Not Logged",
                    "alert_result": "Alerted"
                  }
                ]
              }
            }
          ]
        }
      ],
      "has_detection_analysis": true,
      "detection_analysis": {
        "has_log_analysis": true,
        "has_alert_analysis": true,
        "log_result": "Not Logged",
        "alert_result": "Alerted",
        "integrations": [
          {
            "integration_id": 133,
            "product_name": "Elasticsearch SIEM",
            "has_log_analysis": true,
            "has_alert_analysis": true
          },
          {
            "integration_id": 134,
            "product_name": "Sentinel One",
            "has_log_analysis": true,
            "has_alert_analysis": true,
            "log_result": "Not Logged",
            "alert_result": "Alerted"
          },
          {
            "integration_id": 110,
            "product_name": "Crowdstrike",
            "has_log_analysis": false,
            "has_alert_analysis": true,
            "alert_result": "Not Alerted"
          }
        ]
      }
    }
  ],
  "pages": {
    "total_count": 3,
    "limit": 2,
    "offset": 2
  }
}

📘

Pagination

Default Limit: 10, Max Limit: 50

Language
Authorization
Header
Click Try It! to start a request and see the response here!