simulation resource type

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Represents an attack simulation training campaign in a tenant.

Attack simulation and training is a service available as part of Microsoft Defender for Office 365. This service lets tenant users experience a realistic benign phishing attack and learn from it. The service enables tenant administrators to simulate, assign trainings, and read derived insights into online behaviors of users in the phishing simulations. The service provides attack simulation reports that help tenants identify security knowledge gaps, so that they can further train their users to decrease their susceptibility to attacks.

The attack simulation and training API enables tenant administrators to list launched simulation exercises and trainings, and get reports on derived insights into online behaviors of users in the phishing simulations.

Inherits from entity.

Methods

Method Return type Description
List simulations simulation collection Get a list of attack simulation campaigns for a tenant.
Create simulation simulation Create a new simulation object.
Get simulation simulation Get an attack simulation campaign for a tenant.
Update simulation simulation Update the properties of a simulation object.
Delete simulation None Delete a simulation object.
Get payload None Get a payload object.
Get loginPage None Get a loginPage object.
Get landingPage None Get a landingPage object.

Properties

Property Type Description
attackTechnique simulationAttackTechnique The social engineering technique used in the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, credentialHarvesting, attachmentMalware, driveByUrl, linkInAttachment, linkToMalwareFile, unknownFutureValue, oAuthConsentGrant. Note that you must use the Prefer: include-unknown-enum-members request header to get the following values from this evolvable enum: oAuthConsentGrant. For more information on the types of social engineering attack techniques, see simulations.
attackType simulationAttackType Attack type of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, social, cloud, endpoint, unknownFutureValue.
automationId String Unique identifier for the attack simulation automation.
completionDateTime DateTimeOffset Date and time of completion of the attack simulation and training campaign. Supports $filter and $orderby.
createdBy emailIdentity Identity of the user who created the attack simulation and training campaign.
createdDateTime DateTimeOffset Date and time of creation of the attack simulation and training campaign.
description String Description of the attack simulation and training campaign.
displayName String Display name of the attack simulation and training campaign. Supports $filter and $orderby.
durationInDays Int32 Simulation duration in days.
endUserNotificationSetting endUserNotificationSetting Details about the end user notification setting.
excludedAccountTarget accountTargetContent Users excluded from the simulation.
id String Unique identifier for the attack simulation and training campaign. Inherited from entity.
includedAccountTarget accountTargetContent Users targeted in the simulation.
isAutomated Boolean Flag that represents if the attack simulation and training campaign was created from a simulation automation flow. Supports $filter and $orderby.
lastModifiedBy emailIdentity Identity of the user who most recently modified the attack simulation and training campaign.
lastModifiedDateTime DateTimeOffset Date and time of the most recent modification of the attack simulation and training campaign.
launchDateTime DateTimeOffset Date and time of the launch/start of the attack simulation and training campaign. Supports $filter and $orderby.
oAuthConsentAppDetail oAuthConsentAppDetail OAuth app details for the OAuth technique.
payloadDeliveryPlatform payloadDeliveryPlatform Method of delivery of the phishing payload used in the attack simulation and training campaign. Possible values are: unknown, sms, email, teams, unknownFutureValue.
report simulationReport Report of the attack simulation and training campaign.
status simulationStatus Status of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, draft, running, scheduled, succeeded, failed, cancelled, excluded, unknownFutureValue.
trainingSetting trainingSetting Details about the training settings for a simulation.

simulationStatus values

Member Description
unknown The simulation status isn't defined.
draft The simulation is in draft mode.
running The simulation is running.
scheduled The simulation is scheduled.
succeeded The simulation is complete with success status.
failed The simulation is complete with fail status.
cancelled The simulation is cancelled.
excluded The simulation is excluded.
unknownFutureValue Evolvable enumeration sentinel value. Don't use.

simulationAttackTechnique values

Member Description
unknown Attack technique not defined.
credentialHarvesting Attack technique that involves an end user supplying credentials.
attachmentMalware Attack technique that involves an end user clicking an attachment.
driveByUrl Attack technique that involves an end user clicking a URL link in the phishing payload.
linkInAttachment Attack technique that involves an end user clicking a URL link in an attachment.
linkToMalwareFile Attack technique that involves an end user clicking a URL link to a malware file.
unknownFutureValue Evolvable enumeration sentinel value. Don't use.
oAuthConsentGrant Attack technique that involves an end user who gives access consent to an app.
phishTraining Attack technique that involves training end users on actions to be performed on a phish mail.

simulationAttackType values

Member Description
unknown Attack type not identified.
social Attack that uses social skills to manipulate victims psychologically, creating a false sense of curiosity, urgency, or fear.
cloud Attack on a host or user in a cloud environment, for example, denial of service attacks.
endpoint Attack on endpoints of a corporate network, such as desktops, laptops, mobile phones, and Internet of Things (IoT) devices.
unknownFutureValue Evolvable enumeration sentinel value. Don't use.

simulationContentStatus values

Member Description
unknown The simulation content status isn't defined.
draft The simulation content status is in draft state.
ready The simulation content status is in ready state.
archive The simulation content status is archive state.
delete The simulation content status is in delete state.
unknownFutureValue Evolvable enumeration sentinel value. Don't use.

simulationContentSource values

Member Description
unknown The simulation content source isn't defined.
global The simulation content source is global.
tenant The simulation content source is tenant.
unknownFutureValue Evolvable enumeration sentinel value. Don't use.

Relationships

Relationship Type Description
landingPage landingPage The landing page associated with a simulation during its creation.
loginPage loginPage The login page associated with a simulation during its creation.
payload payload The payload associated with a simulation during its creation.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.simulation",
  "attackTechnique": "String",
  "attackType": "String",
  "automationId": "String",
  "completionDateTime": "String (timestamp)",
  "createdBy": {"@odata.type": "microsoft.graph.emailIdentity"},
  "createdDateTime": "String (timestamp)",
  "description": "String",
  "displayName": "String",
  "durationInDays": "Int32",
  "endUserNotificationSetting": {"@odata.type": "microsoft.graph.endUserNotificationSetting"},
  "excludedAccountTarget": {"@odata.type": "microsoft.graph.accountTargetContent"},
  "id": "String (identifier)",
  "includedAccountTarget": {"@odata.type": "microsoft.graph.accountTargetContent"},
  "isAutomated": "Boolean",
  "lastModifiedBy": {"@odata.type": "microsoft.graph.emailIdentity"},
  "lastModifiedDateTime": "String (timestamp)",
  "launchDateTime": "String (timestamp)",
  "oAuthConsentAppDetail": {"@odata.type": "microsoft.graph.oAuthConsentAppDetail"},
  "payloadDeliveryPlatform": "String",
  "report": {"@odata.type": "microsoft.graph.simulationReport"},
  "status": "String",
  "trainingSetting": {"@odata.type": "microsoft.graph.trainingSetting"}
}