AttackIQ

the attackiq connector enables seamless integration with attackiq's security validation services, allowing users to automate and orchestrate security testing and operational responses attackiq is a continuous security validation platform that enables businesses to test and measure the effectiveness of their security controls the attackiq turbine connector allows users to automate the creation, management, and analysis of security assessments, tests, and scenarios directly within the swimlane turbine platform by integrating with attackiq, swimlane turbine users can streamline their security validation processes, enhance their cybersecurity posture, and gain actionable insights into the effectiveness of their security infrastructure limitations none to date supported versions this attackiq connector uses the latest version prerequisites to effectively utilize the attackiq connector for turbine, ensure you have the following prerequisites api key authentication with the following parameters url the base endpoint url for the attackiq api private token a unique identifier used to authenticate against the attackiq api authentication methods attackiq api key authentication method api key authentication with the following parameters url the endpoint url for the attackiq api private token a unique identifier used to authenticate requests to the attackiq api capabilities this attackiq connector provides the following capabilities add a test to an assessment add asset group to an assessment add assets to an assessment add scenarios to a test create an assessment get all assessments get all scenarios get all tests get assessment detection run status get assessment prevention and detection results get assessment by id get assessment by name get scenario by id get scenario by name get scenario by tag and so on add a test to an assessment add a tests to a specified assessment add asset group to an assessment add assets belonging to 1 or more groups to an assessment this api adds all assets contained in the specified groups to the assessment add assets to an assessment add one or more individual assets with an assessment this api adds a list of assets regardless of asset groups to an assessment add scenarios to a test add 1 or more scenarios to a specified test create an assessment create an assessment from a given assessment template get all assessments retrieve all assessments get all scenarios retrieve all scenarios get all tests retrieve all tests across all assessments get assessment detection run status returns a flag indicating whether the integration jobs of an on demand assessment run have finished get assessment prevention and detection results retrieve assessment scenario job and integration job results for a specified assessment, either for a specific run or for all runs get assessment by id retrieve an assessment for a given assessment id get assessment by name retrieve an assessment with the specified full name get scenario by id retrieve a scenario corresponding to a given id get scenario by name retrieve a scenario with the specified full name get scenario by tag retrieve a scenario that has the given tag get test by id retrieve a test with a given id get test run status get the status of a test run in an assessment get tests by name retrieve a test for a specified test name run an assessment run all the tests for a given assessment search for assessments retrieve assessments whose names contain one or more search terms search for scenarios retrieve scenarios whose names or descriptions contain one or more search terms set scenario parameters set the arguments for a specified scenario to run the scenario master job id is returned when you add a scenario to a test in an assessment configurations attackiq api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required private token token for authentication string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add a test to an assessment adds a specified test to an assessment in attackiq using the provided 'name' and 'project' details endpoint url /v1/tests method post input argument name type required description name string required id of the assessment to which the test will be added project string required project id to which the test belongs output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource description object output field description project string output field project scenarios array output field scenarios assets array output field assets asset groups array output field asset groups cron expression object output field cron expression order number output field order example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "9d002efa facf 4121 96e8 c46d178238ef", "name" "api test", "description" null, "project" "ef900dfe 1bb9 475d 944a 07ffaeb26ad4", "scenarios" \[], "assets" \[], "asset groups" \[], "cron expression" null, "order" 2 } } ] add asset group to an assessment adds specified asset groups to an existing assessment in attackiq by utilizing 'assessment id' and 'assets groups' endpoint url /v1/assessments/{{assessment id}}/update defaults method post input argument name type required description assessment id string required id of the assessment to which assets will be added assets groups string required parameter for add asset group to an assessment output parameter type description status code number http status code of the response reason string response reason phrase message string response message example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "message" "successfully updated default assets/asset groups for project 92f3bbf1 5c7b 49fa " } } ] add assets to an assessment adds specified assets to an existing attackiq assessment by using the unique assessment id and a list of asset identifiers endpoint url /v1/assessments/{{assessment id}}/update defaults method post input argument name type required description assessment id string required id of the assessment to which assets will be added assets string required comma separated list of asset ids to be added to the assessment output parameter type description status code number http status code of the response reason string response reason phrase message string response message example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "message" "successfully updated default assets/asset groups for project 92f3bbf1 5c7b 49fa " } } ] add scenarios to a test adds one or more scenarios to a test in attackiq using the specified test id and scenario details endpoint url /v1/tests/{{test id}}/bulk add scenarios method post input argument name type required description test id string required id of the test to which the scenarios will be added include array required list of scenario ids to be added to the test id string required id of the test to which the scenarios will be added output parameter type description status code number http status code of the response reason string response reason phrase scenario master job scenarios array output field scenario master job scenarios example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "scenario master job scenarios" \[] } } ] create an assessment creates a new assessment in attackiq with a specified template from the json body input endpoint url /v1/assessments/project from template method post input argument name type required description template string required assessment template id project name string optional user defined assessment name output parameter type description status code number http status code of the response reason string response reason phrase project id string unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "project id" "92f3bbf1 5c7b 49fa a390 163ce880abb0" } } ] get all assessments fetches a comprehensive list of all assessments from attackiq, providing an overview of security evaluations endpoint url v1/assessments method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value next string output field next previous object output field previous results array result of the operation id string unique identifier name string name of the resource description string output field description start date object date value end date object date value project state string output field project state default schedule string output field default schedule project template object output field project template id string unique identifier template name string name of the resource template description string output field template description project name string name of the resource project description string output field project description icon string output field icon project template type object type of the resource id string unique identifier name string name of the resource description string output field description default schedule object output field default schedule example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "count" 52, "next" "https //firedrill attackiq com/v1/assessments?page=2", "previous" null, "results" \[] } } ] get all scenarios fetches all available scenarios from attackiq, providing a comprehensive list for analysis and selection endpoint url /v1/scenarios method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value size number output field size previous object output field previous results array result of the operation next string output field next id string unique identifier second id object unique identifier name string name of the resource description string output field description scenario template object output field scenario template model json object output field model json extras object output field extras scenario type string type of the resource runnable boolean output field runnable supported platforms object output field supported platforms osx string output field osx debian string output field debian ubuntu string output field ubuntu windows string output field windows company string output field company user object output field user created string output field created modified string output field modified example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "count" 2810, "size" 6, "previous" null, "results" \[] } } ] get all tests retrieves a comprehensive list of all tests from all assessments within the attackiq platform endpoint url /v1/tests method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value next string output field next previous object output field previous results array result of the operation id string unique identifier name string name of the resource description object output field description project string output field project total asset count number count value cron expression object output field cron expression runnable boolean output field runnable scheduled count number count value created string output field created modified string output field modified using default assets boolean output field using default assets using default schedule boolean output field using default schedule order number output field order example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "count" 90, "next" "https //firedrill attackiq com/v1/tests?page=2", "previous" null, "results" \[] } } ] get assessment by id retrieve details for a specific assessment in attackiq using the provided assessment id endpoint url /v1/assessments/{{assessment id}} method get input argument name type required description assessment id string required id of the assessment to which assets will be added output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource description string output field description start date object date value end date object date value project state string output field project state default schedule string output field default schedule project template object output field project template id string unique identifier template name string name of the resource template description string output field template description project name string name of the resource project description string output field project description icon string output field icon project template type object type of the resource id string unique identifier name string name of the resource description string output field description default schedule object output field default schedule report types array type of the resource id string unique identifier name string name of the resource widgets array unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "13a139a8 f87b 424d 80a5 6a0087ff92ea", "name" "windows credential theft", "description" "common techniques to obtain passwords from windows and browsers", "start date" null, "end date" null, "project state" "active", "default schedule" "5;20; ; ; ", "project template" {}, "creator" "user\@attackiq com", "owner" "user\@attackiq com", "user" "user\@attackiq com", "created" "2019 07 11t02 37 13 439548z", "modified" "2019 11 09t20 05 00 486805z", "users" \[], "groups" \[] } } ] get assessment by name retrieve a specific assessment by name from attackiq, using the 'name' parameter for precise identification endpoint url /v1/assessments method get input argument name type required description name string required name of the assessment to retrieve in urlencoded format output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource description string output field description start date object date value end date object date value project state string output field project state default schedule string output field default schedule project template object output field project template id string unique identifier template name string name of the resource template description string output field template description project name string name of the resource project description string output field project description icon string output field icon project template type object type of the resource id string unique identifier name string name of the resource description string output field description default schedule object output field default schedule report types array type of the resource id string unique identifier name string name of the resource widgets array unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "13a139a8 f87b 424d 80a5 6a0087ff92ea", "name" "windows credential theft", "description" "common techniques to obtain passwords from windows and browsers", "start date" null, "end date" null, "project state" "active", "default schedule" "5;20; ; ; ", "project template" {}, "creator" "user\@attackiq com", "owner" "user\@attackiq com", "user" "user\@attackiq com", "created" "2019 07 11t02 37 13 439548z", "modified" "2019 11 09t20 05 00 486805z", "users" \[], "groups" \[] } } ] get assessment detection run status retrieves the completion status of an on demand assessment run in attackiq using a specified project id endpoint url /v1/connector phase results/pending method get input argument name type required description project id string required id of the assessment to check output parameter type description status code number http status code of the response reason string response reason phrase expiration object output field expiration pending boolean output field pending example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "expiration" null, "pending" false } } ] get assessment prevention and detection results retrieve detailed results for a specific attackiq assessment, including scenario and integration job outcomes, using project id filters endpoint url /v1/results method get input argument name type required description project id string required id of the assessment to retrieve results for run id string optional run id of the assessment if this field is omitted, you get results from all the assessment runs assessment results boolean required flag should be set to true at all times annotate tag set string optional id for the tag set whose tags you wish to see annotated on each result output string optional specify csv for csv format instead of json output parameter type description status code number http status code of the response reason string response reason phrase count number count value next string output field next previous object output field previous results array result of the operation id string unique identifier modified string output field modified project string output field project master job string output field master job scenario string output field scenario scenario type string type of the resource asset object output field asset ipv4 address string output field ipv4 address hostname string name of the resource id string unique identifier asset group object output field asset group job state string output field job state outcome string output field outcome result id string unique identifier vendor product result summaries array result of the operation id string unique identifier outcome number output field outcome vendor product object output field vendor product id string unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "count" 120, "next" "https //firedrill attackiq com/v1/results?page=2\&assessment results=true\&project ", "previous" null, "results" \[] } } ] get scenario by id retrieves a specific attackiq scenario using the provided scenario id endpoint url /v1/scenarios/{{scenario id}} method get input argument name type required description scenario id string required the id of the scenario to retrieve output parameter type description status code number http status code of the response reason string response reason phrase count number count value next object output field next previous object output field previous results array result of the operation id string unique identifier second id string unique identifier name string name of the resource description string output field description scenario template object output field scenario template id string unique identifier tracker id string unique identifier name string name of the resource description string output field description version string output field version zip file string output field zip file zip file sha1 string output field zip file sha1 descriptor json object output field descriptor json phases array output field phases trackerid string unique identifier description string output field description subject string output field subject sourceurl string url endpoint for the request description string output field description example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "count" 123, "next" {}, "previous" {}, "results" \[] } } ] get scenario by name retrieve a specific attackiq scenario by providing the full name as a parameter endpoint url /v1/scenarios method get input argument name type required description name string required name of the scenario to retrieve in url encoded format output parameter type description status code number http status code of the response reason string response reason phrase count number count value next object output field next previous object output field previous results array result of the operation id string unique identifier second id string unique identifier name string name of the resource description string output field description scenario template object output field scenario template id string unique identifier tracker id string unique identifier name string name of the resource description string output field description version string output field version zip file string output field zip file zip file sha1 string output field zip file sha1 descriptor json object output field descriptor json phases array output field phases trackerid string unique identifier description string output field description subject string output field subject sourceurl string url endpoint for the request description string output field description example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "count" 123, "next" {}, "previous" {}, "results" \[] } } ] get scenario by tag retrieve scenarios tagged with a specific identifier in attackiq, requiring the 'tag' parameter endpoint url /v1/scenarios method get input argument name type required description tag string required id of the tag attached to a list 1 or more scenarios output parameter type description status code number http status code of the response reason string response reason phrase count number count value next object output field next previous object output field previous results array result of the operation id string unique identifier second id string unique identifier name string name of the resource description string output field description scenario template object output field scenario template id string unique identifier tracker id string unique identifier name string name of the resource description string output field description version string output field version zip file string output field zip file zip file sha1 string output field zip file sha1 descriptor json object output field descriptor json phases array output field phases trackerid string unique identifier description string output field description subject string output field subject sourceurl string url endpoint for the request description string output field description example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "count" 123, "next" {}, "previous" {}, "results" \[] } } ] get test by id retrieve details for a specific test in attackiq using the provided test id endpoint url /v1/tests/{{test id}} method get input argument name type required description test id string required the id of the test to retrieve output parameter type description status code number http status code of the response reason string response reason phrase count number count value next object output field next previous object output field previous results array result of the operation id string unique identifier name string name of the resource description object output field description project string output field project total asset count number count value cron expression string output field cron expression runnable boolean output field runnable scheduled count number count value created string output field created modified string output field modified using default assets boolean output field using default assets using default schedule boolean output field using default schedule order number output field order example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "count" 1, "next" null, "previous" null, "results" \[] } } ] get test run status retrieve the current status of a specific test run within an assessment in attackiq using the test id endpoint url /v1/tests/{{test id}}/get status method get input argument name type required description test id string required the id of the test for which to retrieve the run status output parameter type description status code number http status code of the response reason string response reason phrase detected number output field detected failed number output field failed finished boolean output field finished passed number output field passed errored number error message if any total number output field total example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "detected" 0, "failed" 0, "finished" true, "passed" 1, "errored" 0, "total" 1 } } ] get tests by name retrieves detailed information for a specified test by name from attackiq endpoint url /v1/tests method get input argument name type required description name string required name of the test to retrieve in ur encoded format output parameter type description status code number http status code of the response reason string response reason phrase count number count value previous object output field previous next string output field next results array result of the operation id string unique identifier name string name of the resource description object output field description project string output field project total asset count number count value cron expression string output field cron expression runnable boolean output field runnable scheduled count number count value created string output field created modified string output field modified using default assets boolean output field using default assets using default schedule boolean output field using default schedule order number output field order example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "count" 67, "previous" null, "next" "https //firedrill attackiq com/v1/tests?name=browser\&page=2\&show last result=tru ", "results" \[] } } ] run an assessment initiates all tests within a specified assessment in attackiq using the provided assessment id endpoint url /v1/assessments/{{assessment id}}/run all method post input argument name type required description assessment id string required id of the assessment to which assets will be added output parameter type description status code number http status code of the response reason string response reason phrase message string response message run id string unique identifier started at string output field started at example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "message" "successfully started running all tests in project test assessment", "run id" "009ee184 964c 4555 bce3 4625dc090416", "started at" "2019 08 23t22 48 35 771844" } } ] search for assessments retrieve attackiq assessments that match specific search terms provided by the user endpoint url /v1/assessments method get input argument name type required description search string required parts of assessment names in ur encoded format output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource description string output field description start date object date value end date object date value project state string output field project state default schedule string output field default schedule project template object output field project template id string unique identifier template name string name of the resource template description string output field template description project name string name of the resource project description string output field project description icon string output field icon project template type object type of the resource id string unique identifier name string name of the resource description string output field description default schedule object output field default schedule report types array type of the resource id string unique identifier name string name of the resource widgets array unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "13a139a8 f87b 424d 80a5 6a0087ff92ea", "name" "windows credential theft", "description" "common techniques to obtain passwords from windows and browsers", "start date" null, "end date" null, "project state" "active", "default schedule" "5;20; ; ; ", "project template" {}, "creator" "user\@attackiq com", "owner" "user\@attackiq com", "user" "user\@attackiq com", "created" "2019 07 11t02 37 13 439548z", "modified" "2019 11 09t20 05 00 486805z", "users" \[], "groups" \[] } } ] search for scenarios retrieve attackiq scenarios by searching with specific terms in their names or descriptions endpoint url /v1/scenarios method get input argument name type required description search string required search term to filter scenarios by name or description output parameter type description status code number http status code of the response reason string response reason phrase count number count value next object output field next previous object output field previous results array result of the operation id string unique identifier second id string unique identifier name string name of the resource description string output field description scenario template object output field scenario template id string unique identifier tracker id string unique identifier name string name of the resource description string output field description version string output field version zip file string output field zip file zip file sha1 string output field zip file sha1 descriptor json object output field descriptor json phases array output field phases trackerid string unique identifier description string output field description subject string output field subject sourceurl string url endpoint for the request description string output field description example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "count" 123, "next" {}, "previous" {}, "results" \[] } } ] set scenario parameters configures parameters for a given scenario in attackiq using the scenario master job id and model json endpoint url /v1/test scenarios/{{scenario master job id}} method patch input argument name type required description scenario master job id string required id of the job that will run the scenario requiring arguments id string required the id of the scenario master job to update model json object required json formatted argument string download url string optional url to download the model json output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier scenario master job string output field scenario master job scenario string output field scenario model json object output field model json download url string url endpoint for the request order number output field order example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "fd7f4660 54b2 4fd5 b39d 61bf52be76b3", "scenario master job" "9d002efa facf 4121 96e8 c46d178238ef", "scenario" "03fef867 3227 4d47 a858 90f9ad8cf217", "model json" {}, "order" 1 } } ] response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt