API Reference

# Threats - Objectives - Actions

get https://api.picussecurity.com/v1/simulations//run//threats

Includes Threat, Attacker's Objective, Action results for Prevention and Threat, Action results for Detection
Default limit: 10, Default offset: 0
Max limit: 50

About

Simulation Run Result - Threats - Objectives - Actions endpoint returns simulation result based on threats. Threats for prevention and detection results, Attacker's Objectives for prevention and detection results and Actions for detection results are included as in Picus Platform.

Example

Get threat-objective-action results for simulation id: 1, simulation run id: 3 and page size: 2

curl --request GET \
     --url 'https://api.picussecurity.com/v1/simulations/1/run/3/threats?limit=2&offset=2' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer access_token'

{
  "threats": [
    {
      "threat_id": 4168,
      "threat_name": "Mimikatz",
      "started_at": 1654793193000,
      "completed_at": 1654793197000,
      "prevention": "unblocked",
      "objectives": [
        {
          "objective_id": 5165,
          "objective_name": "Initial Access",
          "prevention": "achieved",
          "actions": [
            {
              "action_id": 2421,
              "action_name": "Execute Mimikatz DPAPI module",
              "prevention": "unblocked",
              "node_id": 2,
              "has_detection_analysis": true,
              "detection_analysis": {
                "has_log_analysis": true,
                "has_alert_analysis": true,
                "log_result": "Not Logged",
                "alert_result": "Alerted",
                "integrations": [
                  {
                    "integration_id": 110,
                    "product_name": "Crowdstrike",
                    "has_log_analysis": false,
                    "has_alert_analysis": true,
                    "alert_result": "Not Alerted"
                  },
                  {
                    "integration_id": 134,
                    "product_name": "Sentinel One",
                    "has_log_analysis": true,
                    "has_alert_analysis": true,
                    "log_result": "Not Logged",
                    "alert_result": "Alerted"
                  }
                ]
              }
            }
          ]
        }
      ],
      "has_detection_analysis": true,
      "detection_analysis": {
        "has_log_analysis": true,
        "has_alert_analysis": true,
        "log_result": "Not Logged",
        "alert_result": "Alerted",
        "integrations": [
          {
            "integration_id": 133,
            "product_name": "Elasticsearch SIEM",
            "has_log_analysis": true,
            "has_alert_analysis": true
          },
          {
            "integration_id": 134,
            "product_name": "Sentinel One",
            "has_log_analysis": true,
            "has_alert_analysis": true,
            "log_result": "Not Logged",
            "alert_result": "Alerted"
          },
          {
            "integration_id": 110,
            "product_name": "Crowdstrike",
            "has_log_analysis": false,
            "has_alert_analysis": true,
            "alert_result": "Not Alerted"
          }
        ]
      }
    }
  ],
  "pages": {
    "total_count": 3,
    "limit": 2,
    "offset": 2
  }
}

📘

Pagination

Default Limit: 10, Max Limit: 50

Language
Credentials
Header
Click Try It! to start a request and see the response here!