AttackSimulation.ReadWrite.All
Allows the app to read, create, and update attack simulation and training data for an organization for the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
| Id | 27608d7c-2c66-4cad-a657-951d575f5a60 |
| Consent Type | User |
| Display String | Read, create, and update attack simulation data of an organization |
| Description | Allows the app to read, create, and update attack simulation and training data for an organization for the signed-in user. |
Application Permission
| Id | e125258e-8c8a-42a8-8f55-ab502afa52f3 |
| Display String | Read, create, and update all attack simulation data of an organization |
| Description | Allows the app to read, create, and update attack simulation and training data for an organization without a signed-in user. |
Resources
accountTargetContent
| Property | Type | Description |
|---|---|---|
| type | accountTargetContentType | The type of account target content. Possible values are: unknown,includeAll, addressBook, unknownFutureValue. |
emailIdentity
| Property | Type | Description |
|---|---|---|
| displayName | String | Display name of the user. Inherited from identity. |
| String | Email address of the user. | |
| id | String | The unique identifier for the user. Inherited from identity. |
payload
| Property | Type | Description |
|---|---|---|
| brand | payloadBrand | The branch of a payload. Possible values are: unknown, other, americanExpress, capitalOne, dhl, docuSign, dropbox, facebook, firstAmerican, microsoft, netflix, scotiabank, stewartTitle, tesco, wellsFargo, syrinxCloud, adobe, teams, zoom, unknownFutureValue. |
| complexity | payloadComplexity | The complexity of a payload.Possible values are: unknown, low, medium, high, unknownFutureValue |
| createdBy | emailIdentity | Identity of the user who created the attack simulation and training campaign payload. |
| createdDateTime | DateTimeOffset | Date and time when the attack simulation and training campaign payload. |
| description | String | Description of the attack simulation and training campaign payload. |
| detail | payloadDetail | Additional details about the payload. |
| displayName | String | Display name of the attack simulation and training campaign payload. Supports $filter and $orderby. |
| id | String | Unique identifier for the attack simulation and training campaign payload. Inherited from entity. |
| industry | payloadIndustry | Industry of a payload. Possible values are: unknown, other, banking, businessServices, consumerServices, education, energy, construction, consulting, financialServices, government, hospitality, insurance, legal, courierServices, IT, healthcare, manufacturing, retail, telecom, realEstate, unknownFutureValue. |
| isAutomated | Boolean | Indicates whether the attack simulation and training campaign payload was created from an automation flow. Supports $filter and $orderby. |
| isControversial | Boolean | Indicates whether the payload is controversial. |
| isCurrentEvent | Boolean | Indicates whether the payload is from any recent event. |
| language | String | Payload language. |
| lastModifiedBy | emailIdentity | Identity of the user who most recently modified the attack simulation and training campaign payload. |
| lastModifiedDateTime | DateTimeOffset | Date and time when the attack simulation and training campaign payload was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| payloadTags | String collection | Free text tags for a payload. |
| platform | payloadDeliveryPlatform | The payload delivery platform for a simulation. Possible values are: unknown, sms, email, teams, unknownFutureValue. |
| predictedCompromiseRate | Double | Predicted probability for a payload to phish a targeted user. |
| simulationAttackType | simulationAttackType | Attack type of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, social, cloud, endpoint, unknownFutureValue. |
| source | simulationContentSource | Simulation content source. Supports $filter and $orderby. Possible values are: unknown, tenant, global, unknownFutureValue. Inherited from simulation. |
| status | simulationContentStatus | Simulation content status. Supports $filter and $orderby. Possible values are: unknown, draft, ready, archive, delete, unknownFutureValue. Inherited from simulation. |
| technique | simulationAttackTechnique | The social engineering technique used in the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, credentialHarvesting, attachmentMalware, driveByUrl, linkInAttachment, linkToMalwareFile, unknownFutureValue. For more information on the types of social engineering attack techniques, see simulations. |
| theme | payloadTheme | The theme of a payload. Possible values are: unknown, other, accountActivation, accountVerification, billing, cleanUpMail, controversial, documentReceived, expense, incomingMessages, invoice, itemReceived, loginAlert, mailReceived, password, payment, payroll, personalizedOffer, quarantine, remoteWork, reviewMessage, securityUpdate, serviceSuspended, signatureRequired, upgradeMailboxStorage, verifyMailbox, voicemail, advertisement, employeeEngagement, unknownFutureValue. |
simulation
| Property | Type | Description |
|---|---|---|
| attackTechnique | simulationAttackTechnique | The social engineering technique used in the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, credentialHarvesting, attachmentMalware, driveByUrl, linkInAttachment, linkToMalwareFile, unknownFutureValue. For more information on the types of social engineering attack techniques, see simulations. |
| attackType | simulationAttackType | Attack type of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, social, cloud, endpoint, unknownFutureValue. |
| automationId | String | Unique identifier for the attack simulation automation. |
| completionDateTime | DateTimeOffset | Date and time of completion of the attack simulation and training campaign. Supports $filter and $orderby. |
| createdBy | emailIdentity | Identity of the user who created the attack simulation and training campaign. |
| createdDateTime | DateTimeOffset | Date and time of creation of the attack simulation and training campaign. |
| description | String | Description of the attack simulation and training campaign. |
| displayName | String | Display name of the attack simulation and training campaign. Supports $filter and $orderby. |
| id | String | Unique identifier for the attack simulation and training campaign. Inherited from entity. |
| isAutomated | Boolean | Flag that represents if the attack simulation and training campaign was created from a simulation automation flow. Supports $filter and $orderby. |
| lastModifiedBy | emailIdentity | Identity of the user who most recently modified the attack simulation and training campaign. |
| lastModifiedDateTime | DateTimeOffset | Date and time of the most recent modification of the attack simulation and training campaign. |
| launchDateTime | DateTimeOffset | Date and time of the launch/start of the attack simulation and training campaign. Supports $filter and $orderby. |
| payloadDeliveryPlatform | payloadDeliveryPlatform | Method of delivery of the phishing payload used in the attack simulation and training campaign. Possible values are: unknown, sms, email, teams, unknownFutureValue. |
| report | simulationReport | Report of the attack simulation and training campaign. |
| status | simulationStatus | Status of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, draft, running, scheduled, succeeded, failed, cancelled, excluded, unknownFutureValue. |