About

Simulation Run Result - Threats - Objectives - Actions endpoint returns simulation result based on threats. Threats for prevention and detection results, Attacker's Objectives for prevention and detection results and Actions for detection results are included as in Picus Platform.

Example

Get threat-objective-action results for simulation id: 1, simulation run id: 3 and page size: 2

curl --request GET \
     --url 'https://api.picussecurity.com/v1/simulations/1/run/3/threats?limit=2&offset=2' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer access_token'

{
  "threats": [
    {
      "threat_id": 4168,
      "threat_name": "Mimikatz",
      "started_at": 1654793193000,
      "completed_at": 1654793197000,
      "prevention": "unblocked",
      "objectives": [
        {
          "objective_id": 5165,
          "objective_name": "Initial Access",
          "prevention": "achieved",
          "actions": [
            {
              "action_id": 2421,
              "action_name": "Execute Mimikatz DPAPI module",
              "prevention": "unblocked",
              "node_id": 2,
              "has_detection_analysis": true,
              "detection_analysis": {
                "has_log_analysis": true,
                "has_alert_analysis": true,
                "log_result": "Not Logged",
                "alert_result": "Alerted",
                "integrations": [
                  {
                    "integration_id": 110,
                    "product_name": "Crowdstrike",
                    "has_log_analysis": false,
                    "has_alert_analysis": true,
                    "alert_result": "Not Alerted"
                  },
                  {
                    "integration_id": 134,
                    "product_name": "Sentinel One",
                    "has_log_analysis": true,
                    "has_alert_analysis": true,
                    "log_result": "Not Logged",
                    "alert_result": "Alerted"
                  }
                ]
              }
            }
          ]
        }
      ],
      "has_detection_analysis": true,
      "detection_analysis": {
        "has_log_analysis": true,
        "has_alert_analysis": true,
        "log_result": "Not Logged",
        "alert_result": "Alerted",
        "integrations": [
          {
            "integration_id": 133,
            "product_name": "Elasticsearch SIEM",
            "has_log_analysis": true,
            "has_alert_analysis": true
          },
          {
            "integration_id": 134,
            "product_name": "Sentinel One",
            "has_log_analysis": true,
            "has_alert_analysis": true,
            "log_result": "Not Logged",
            "alert_result": "Alerted"
          },
          {
            "integration_id": 110,
            "product_name": "Crowdstrike",
            "has_log_analysis": false,
            "has_alert_analysis": true,
            "alert_result": "Not Alerted"
          }
        ]
      }
    }
  ],
  "pages": {
    "total_count": 3,
    "limit": 2,
    "offset": 2
  }
}

📘
Pagination
Default Limit: 10, Max Limit: 50