Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with New-MgSecurityAttackSimulation - Unable to Complete Attack Simulation Creation in Microsoft Defender #3015

Open
vikingjunior12 opened this issue Nov 1, 2024 · 0 comments
Open

Issue with New-MgSecurityAttackSimulation - Unable to Complete Attack Simulation Creation in Microsoft Defender #3015

vikingjunior12 opened this issue Nov 1, 2024 · 0 comments
Labels
status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience

Comments

@vikingjunior12
Copy link

Describe the bug

I'm encountering an issue with the New-MgSecurityAttackSimulation cmdlet in the Microsoft Graph PowerShell SDK. While I am able to initiate the attack simulation, it fails to complete successfully. This issue persists across multiple attempts and environments, with the following details:

Expected behavior

When using the New-MgSecurityAttackSimulation cmdlet to create an attack simulation in Microsoft Defender, I expect the following behavior:

  1. The cmdlet should return a 202 Accepted status, indicating the simulation has been successfully queued for processing.
  2. The simulation should then transition from a "pending" state to "in progress" and ultimately to "completed" or another final status within a reasonable timeframe.
  3. The simulation details, such as ID, status, and completion details, should be accessible, and the simulation should be visible in the Microsoft Defender portal.

In short, after running the command, I expect the simulation to complete successfully and provide feedback on its status, indicating whether it was created and executed as configured.

How to reproduce

Sample PowerShell code to create an attack simulation

$params = @{
displayName = "Test Simulation"
"[email protected]" = "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/{payload-id}"
"[email protected]" = "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/{loginPage-id}"
"[email protected]" = "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/{landingPage-id}"
attackTechnique = "credentialHarvesting"
durationInDays = 2
status = "scheduled"
createdBy = @{
email = "[email protected]"
}
includedAccountTarget = @{
"@odata.type" = "#microsoft.graph.addressBookAccountTargetContent"
type = "addressBook"
accountTargetEmails = @("[email protected]")
}
trainingSetting = @{
settingType = "noTraining"
}
}

Execute the attack simulation creation

$result = New-MgSecurityAttackSimulation -BodyParameter $params -Verbose -Debug

SDK Version

2.24.0

Latest version known to work for scenario above?

2.09.0

Known Workarounds

NO Workaround exist. Nothing works

Debug output

HTTP Method: POST
Absolute Uri: https://graph.microsoft.com/v1.0/security/attackSimulation/simulations
Headers:

Configuration

PSVersion 7.4.6
PSEdition Core
GitCommitId 7.4.6
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

Other information

No response
@vikingjunior12 vikingjunior12 added status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels Nov 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vikingjunior12