Includes Prevention and Detection result details
Prevention Result: Total Threats, Blocked/Not Blocked, Attackers Objective, UnAchieved/Achieved Count
Detection Result: Logged/Not Logged, Alerted/Not Alerted Count
About
Simulation Run Result endpoint returns detailed information about simulation results including Prevention and Detection result details for a specific simulation run with run id.
Prevention result includes blocked and not blocked threat counts, achieved and unachieved attacker objectives counts as in Picus Platform.
The detection analysis results are included, if the simulation is enriched with detection. Detection Analytics result includes log analysis and alert analysis based on configuration and integration type.
Example
Get simulation result for simulation id is 6068 and simulation run id is 14993.
curl --request GET \
--url https://api.picussecurity.com/v1/simulations/6068/run/14993 \
--header 'Accept: application/json' \
--header 'Authorization: Bearer access_token'
{
"simulation_id": 6068,
"simulation_run_id": 14993,
"started_at": 1654793049799,
"completed_at": 1654793202457,
"template_id":12,
"status": "NOT STARTED",
"completion_ratio": 0,
"status_details": {
"prevention": {
"total_threat_count": 2,
"completed_threat_count": 0
},
"detection": {
"total_threat_count": 2,
"completed_threat_count": 0
}
},
"results": {
"prevention": {
"security_score": 13,
"threat": {
"total_count": 3,
"blocked_count": 1,
"not_blocked_count": 2,
"not_tested_count": 0
},
"attacker_objectives": {
"total_count": 8,
"unachived_count": 1,
"achived_count": 7,
"not_tested_count": 0
}
},
"has_detection_analysis": true,
"detection_analysis": {
"security_score": 66,
"has_log_analysis": true,
"has_alert_analysis": true,
"log": {
"score": 33,
"logged_threat_count": 1,
"not_logged_threat_count": 2
},
"alert": {
"score": 100,
"alerted_threat_count": 3,
"not_alerted_threat_count": 0
},
"integrations": [
{
"product_name": "Crowdstrike",
"id": 110
},
{
"product_name": "Sentinel One",
"id": 134
}
]
}
}
Get simulation result for simulation id is 6069 and simulation run id is 14994 which is running
curl --request GET \
--url https://api.picussecurity.com/v1/simulations/6068/run/14994 \
--header 'Accept: application/json' \
--header 'Authorization: Bearer access_token'
{
"simulation_id": 6069,
"simulation_run_id": 14994,
"started_at": 1654793049799,
"template_id":13,
"status": "RUNNING",
"completion_ratio": 66,
"status_details": {
"prevention": {
"total_threat_count": 6,
"completed_threat_count": 4
},
"detection": {
"total_threat_count": 0,
"completed_threat_count": 0
}
},
"integrations": [
{
"product_name": "Crowdstrike",
"id": 110
},
{
"product_name": "Sentinel One",
"id": 134
}
]
}
}
Get simulation result for simulation id is 4615 and simulation run id is 11780 which is failed
curl --request GET \
--url https://api.picussecurity.com/v1/simulations/6069/run/14995 \
--header 'Accept: application/json' \
--header 'Authorization: Bearer access_token'
{
"simulation_id": 4615,
"simulation_run_id": 11780,
"template_id": 15196,
"started_at": 1722535801548,
"completed_at": 1722536042928,
"status": "STOPPED",
"completion_ratio": 50,
"status_details": {
"prevention": {
"total_threat_count": 1,
"completed_threat_count": 1
},
"detection": {
"total_threat_count": 1,
"completed_threat_count": 0
}
},
"results": {
"prevention": {
"security_score": 100,
"threat": {
"total_count": 1,
"blocked_count": 1,
"not_blocked_count": 0,
"not_tested_count": 0
},
"attacker_objectives": {
"total_count": 7,
"unachived_count": 5,
"achived_count": 0,
"not_tested_count": 2
}
},
"has_detection_analysis": true,
"detection_analysis": {
"security_score": 0,
"has_log_analysis": true,
"has_alert_analysis": true,
"log": {
"score": 0,
"logged_threat_count": 0,
"not_logged_threat_count": 0
},
"alert": {
"score": 0,
"alerted_threat_count": 0,
"not_alerted_threat_count": 0
},
"integrations": [
{
"product_name": "Microfocus ArcSight ESM",
"id": 2066
}
]
}
},
"fail_reason_message": "Assessment was stopped"
}