simulation resource type
Namespace: microsoft.graph
Represents an attack simulation training campaign in a tenant.
Attack simulation and training is a service available as part of Microsoft Defender for Office 365. This service lets tenant users experience a realistic benign phishing attack and learn from it. The service enables tenant administrators to simulate, assign trainings, and read derived insights into online behaviors of users in the phishing simulations. The service provides attack simulation reports that help tenants identify security knowledge gaps, so that they can further train their users to decrease their susceptibility to attacks.
The attack simulation and training API enables tenant administrators to list launched simulation exercises and trainings, and get reports on derived insights into online behaviors of users in the phishing simulations.
Inherits from entity.
Methods
| Method | Return type | Description |
|---|---|---|
| List simulations | simulation collection | Get a list of attack simulation campaigns for a tenant. |
| Get simulation | simulation | Get an attack simulation campaign for a tenant. |
Properties
| Property | Type | Description |
|---|---|---|
| attackTechnique | simulationAttackTechnique | The social engineering technique used in the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, credentialHarvesting, attachmentMalware, driveByUrl, linkInAttachment, linkToMalwareFile, unknownFutureValue. For more information on the types of social engineering attack techniques, see simulations. |
| attackType | simulationAttackType | Attack type of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, social, cloud, endpoint, unknownFutureValue. |
| automationId | String | Unique identifier for the attack simulation automation. |
| completionDateTime | DateTimeOffset | Date and time of completion of the attack simulation and training campaign. Supports $filter and $orderby. |
| createdBy | emailIdentity | Identity of the user who created the attack simulation and training campaign. |
| createdDateTime | DateTimeOffset | Date and time of creation of the attack simulation and training campaign. |
| description | String | Description of the attack simulation and training campaign. |
| displayName | String | Display name of the attack simulation and training campaign. Supports $filter and $orderby. |
| id | String | Unique identifier for the attack simulation and training campaign. Inherited from entity. |
| isAutomated | Boolean | Flag that represents if the attack simulation and training campaign was created from a simulation automation flow. Supports $filter and $orderby. |
| lastModifiedBy | emailIdentity | Identity of the user who most recently modified the attack simulation and training campaign. |
| lastModifiedDateTime | DateTimeOffset | Date and time of the most recent modification of the attack simulation and training campaign. |
| launchDateTime | DateTimeOffset | Date and time of the launch/start of the attack simulation and training campaign. Supports $filter and $orderby. |
| payloadDeliveryPlatform | payloadDeliveryPlatform | Method of delivery of the phishing payload used in the attack simulation and training campaign. Possible values are: unknown, sms, email, teams, unknownFutureValue. |
| report | simulationReport | Report of the attack simulation and training campaign. |
| status | simulationStatus | Status of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, draft, running, scheduled, succeeded, failed, cancelled, excluded, unknownFutureValue. |
simulationStatus values
| Member | Description |
|---|---|
| unknown | The simulation status is not defined. |
| draft | The simulation is in draft mode. |
| running | The simulation is running. |
| scheduled | The simulation is scheduled. |
| succeeded | The simulation has succeeded. |
| failed | The simulation has failed. |
| cancelled | The simulation is cancelled. |
| excluded | The simulation is excluded. |
| unknownFutureValue | Evolvable enumeration sentinel value. Do not use. |
simulationAttackTechnique values
| Member | Description |
|---|---|
| unknown | Attack technique not defined. |
| credentialHarvesting | Attack technique that involves an end user supplying credentials. |
| attachmentMalware | Attack technique that involves an end user clicking an attachment. |
| driveByUrl | Attack technique that involves an end user clicking a URL link in the phishing payload. |
| linkInAttachment | Attack technique that involves an end user clicking a URL link in an attachment. |
| linkToMalwareFile | Attack technique that involves an end user clicking a URL link to a malware file. |
| unknownFutureValue | Evolvable enumeration sentinel value. Do not use. |
simulationAttackType values
| Member | Description |
|---|---|
| unknown | Attack type not identified. |
| social | Attack that uses social skills to manipulate victims psychologically, creating a false sense of curiosity, urgency, or fear. |
| cloud | Attack on a host or user in a cloud environment, for example, denial of service attacks. |
| endpoint | Attack on endpoints of a corporate network, such as desktops, laptops, mobile phones, and Internet of Things (IoT) devices. |
| unknownFutureValue | Evolvable enumeration sentinel value. Do not use. |
Relationships
None.
JSON representation
The following is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.simulation",
"attackTechnique": "String",
"attackType": "String",
"automationId": "String",
"completionDateTime": "String (timestamp)",
"createdBy": {
"@odata.type": "microsoft.graph.emailIdentity"
},
"createdDateTime": "String (timestamp)",
"description": "String",
"displayName": "String",
"id": "String (identifier)",
"isAutomated": "Boolean",
"lastModifiedBy": {
"@odata.type": "microsoft.graph.emailIdentity"
},
"lastModifiedDateTime": "String (timestamp)",
"launchDateTime": "String (timestamp)",
"payloadDeliveryPlatform": "String",
"report": {
"@odata.type": "microsoft.graph.simulationReport"
},
"status": "String"
}
See also
Feedback
Submit and view feedback for