Share via

How to create Phishing Simulation using MS Graph API with Custom Training settings

EmilijaKazakeviit-4900 5 Reputation points
2024-10-24T06:33:20.92+00:00

Hello,

We are trying to utilize MS Graph Security -> Attack simulation API to create automated phishing simulations within the organization. We encountered an issue while working with API. It doesn't allow to create simulation using "customTrainingSetting" training settings. It was debugged multiple times and we are able to create simulation only if we select training from MS or no training at all.

We are building automation:

  • Python 3.10.12 and Requests.post method
  • Azure Enterprise App, which has "AttackSimulation.ReadWrite.All" permission

Maybe anyone had the same issue?

The error we receive:

{
    "error": {
        "code": "UnknownError",
        "message": "{\"Code\":400,\"Message\":\"Error while converting graph training setting to simulation training setting\",\"Target\":null,\"Details\":null,\"InnerError\":null}"
    }
}

Payload example:

{
    "displayName": "TESTING_nth_time",
    "description": "TESTING_nth_time_decription",
    "attackType": "social",
    "payloadDeliveryPlatform": "email",
    "attackTechnique": "credentialHarvesting",
    "status": "scheduled",
    "launchDateTime": "2024-10-24T07:40:41Z",
    "durationInDays": 2,
    "trainingSetting": {
        "settingType": "custom",
        "assignedTo": ["compromised"],
        "description": "description",
        "displayName": "display",
        "durationInMinutes": 20,
        "url": "https//test.com"
    },
    "endUserNotificationSetting": {
        "settingType": "trainingSelected",
        "notificationPreference": "custom",
        "trainingAssignment": { 
           "******@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications('notification_id')"
        },
        "trainingReminder": {
            "deliveryFrequency": "weekly",
            "defaultLanguage": "en",
            "******@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications('notification_id')"
        },
        "positiveReinforcement": {
            "deliveryPreference": "deliverAfterCampaignEnd",
            "defaultLanguage": "en",
            "******@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications('notification_id')"
        }
    },
    "includedAccountTarget": {
        "accountTargetEmails": ["******@org.com"],
        "type": "addressBook"
    },
    "createdBy": {
        "email": "******@org.com",
        "id": null,
        "displayName": null
    },
    "******@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/payload_id",  
    "******@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/loginPage_id", 
    "******@odata.bind": "https://graph.microsoft.com/v1.0/security/attackSimulation/landingPages/landingPage_id"
}

Works if we replace training settings to: 

"trainingSetting": {        
	"settingType": "noTraining"
}
Microsoft Security Microsoft Graph
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.