Show / Hide Table of Contents

AttackSimulation.ReadWrite.All

Allows the app to read, create, and update attack simulation and training data for an organization for the signed-in user.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver Type Method
V1 A,D DELETE /security/attackSimulation/simulations/{simulationId}
V1 A,D PATCH /security/attackSimulation/simulations/{simulationId}
V1 A,D POST /security/attackSimulation/simulations

Delegate Permission

Id 27608d7c-2c66-4cad-a657-951d575f5a60
Consent Type User
Display String Read, create, and update attack simulation data of an organization
Description Allows the app to read, create, and update attack simulation and training data for an organization for the signed-in user.

Application Permission

Id e125258e-8c8a-42a8-8f55-ab502afa52f3
Display String Read, create, and update all attack simulation data of an organization
Description Allows the app to read, create, and update attack simulation and training data for an organization without a signed-in user.

Resources

accountTargetContent

Property Type Description
type accountTargetContentType The type of account target content. Possible values are: unknown,includeAll, addressBook, unknownFutureValue.

emailIdentity

Property Type Description
displayName String Display name of the user. Inherited from identity.
email String Email address of the user.
id String The unique identifier for the user. Inherited from identity.

payload

Property Type Description
brand payloadBrand The branch of a payload. Possible values are: unknown, other, americanExpress, capitalOne, dhl, docuSign, dropbox, facebook, firstAmerican, microsoft, netflix, scotiabank, stewartTitle, tesco, wellsFargo, syrinxCloud, adobe, teams, zoom, unknownFutureValue.
complexity payloadComplexity The complexity of a payload.Possible values are: unknown, low, medium, high, unknownFutureValue
createdBy emailIdentity Identity of the user who created the attack simulation and training campaign payload.
createdDateTime DateTimeOffset Date and time when the attack simulation and training campaign payload.
description String Description of the attack simulation and training campaign payload.
detail payloadDetail Additional details about the payload.
displayName String Display name of the attack simulation and training campaign payload. Supports $filter and $orderby.
id String Unique identifier for the attack simulation and training campaign payload. Inherited from entity.
industry payloadIndustry Industry of a payload. Possible values are: unknown, other, banking, businessServices, consumerServices, education, energy, construction, consulting, financialServices, government, hospitality, insurance, legal, courierServices, IT, healthcare, manufacturing, retail, telecom, realEstate, unknownFutureValue.
isAutomated Boolean Indicates whether the attack simulation and training campaign payload was created from an automation flow. Supports $filter and $orderby.
isControversial Boolean Indicates whether the payload is controversial.
isCurrentEvent Boolean Indicates whether the payload is from any recent event.
language String Payload language.
lastModifiedBy emailIdentity Identity of the user who most recently modified the attack simulation and training campaign payload.
lastModifiedDateTime DateTimeOffset Date and time when the attack simulation and training campaign payload was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
payloadTags String collection Free text tags for a payload.
platform payloadDeliveryPlatform The payload delivery platform for a simulation. Possible values are: unknown, sms, email, teams, unknownFutureValue.
predictedCompromiseRate Double Predicted probability for a payload to phish a targeted user.
simulationAttackType simulationAttackType Attack type of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, social, cloud, endpoint, unknownFutureValue.
source simulationContentSource Simulation content source. Supports $filter and $orderby. Possible values are: unknown, tenant, global, unknownFutureValue. Inherited from simulation.
status simulationContentStatus Simulation content status. Supports $filter and $orderby. Possible values are: unknown, draft, ready, archive, delete, unknownFutureValue. Inherited from simulation.
technique simulationAttackTechnique The social engineering technique used in the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, credentialHarvesting, attachmentMalware, driveByUrl, linkInAttachment, linkToMalwareFile, unknownFutureValue. For more information on the types of social engineering attack techniques, see simulations.
theme payloadTheme The theme of a payload. Possible values are: unknown, other, accountActivation, accountVerification, billing, cleanUpMail, controversial, documentReceived, expense, incomingMessages, invoice, itemReceived, loginAlert, mailReceived, password, payment, payroll, personalizedOffer, quarantine, remoteWork, reviewMessage, securityUpdate, serviceSuspended, signatureRequired, upgradeMailboxStorage, verifyMailbox, voicemail, advertisement, employeeEngagement, unknownFutureValue.

simulation

Property Type Description
attackTechnique simulationAttackTechnique The social engineering technique used in the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, credentialHarvesting, attachmentMalware, driveByUrl, linkInAttachment, linkToMalwareFile, unknownFutureValue. For more information on the types of social engineering attack techniques, see simulations.
attackType simulationAttackType Attack type of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, social, cloud, endpoint, unknownFutureValue.
automationId String Unique identifier for the attack simulation automation.
completionDateTime DateTimeOffset Date and time of completion of the attack simulation and training campaign. Supports $filter and $orderby.
createdBy emailIdentity Identity of the user who created the attack simulation and training campaign.
createdDateTime DateTimeOffset Date and time of creation of the attack simulation and training campaign.
description String Description of the attack simulation and training campaign.
displayName String Display name of the attack simulation and training campaign. Supports $filter and $orderby.
id String Unique identifier for the attack simulation and training campaign. Inherited from entity.
isAutomated Boolean Flag that represents if the attack simulation and training campaign was created from a simulation automation flow. Supports $filter and $orderby.
lastModifiedBy emailIdentity Identity of the user who most recently modified the attack simulation and training campaign.
lastModifiedDateTime DateTimeOffset Date and time of the most recent modification of the attack simulation and training campaign.
launchDateTime DateTimeOffset Date and time of the launch/start of the attack simulation and training campaign. Supports $filter and $orderby.
payloadDeliveryPlatform payloadDeliveryPlatform Method of delivery of the phishing payload used in the attack simulation and training campaign. Possible values are: unknown, sms, email, teams, unknownFutureValue.
report simulationReport Report of the attack simulation and training campaign.
status simulationStatus Status of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, draft, running, scheduled, succeeded, failed, cancelled, excluded, unknownFutureValue.
In This Article
Back to top Created by merill | Submit feedback