Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue with New-MgSecurityAttackSimulation - Unable to Complete Attack Simulation Creation in Microsoft Defender #3015

Closed
vikingjunior12 opened this issue Nov 1, 2024 · 2 comments
Labels
status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience

Comments

@vikingjunior12
Copy link

Describe the bug

I'm encountering an issue with the New-MgSecurityAttackSimulation cmdlet in the Microsoft Graph PowerShell SDK. While I am able to initiate the attack simulation, it fails to complete successfully. This issue persists across multiple attempts and environments, with the following details:

Expected behavior

When using the New-MgSecurityAttackSimulation cmdlet to create an attack simulation in Microsoft Defender, I expect the following behavior:

  1. The cmdlet should return a 202 Accepted status, indicating the simulation has been successfully queued for processing.
  2. The simulation should then transition from a "pending" state to "in progress" and ultimately to "completed" or another final status within a reasonable timeframe.
  3. The simulation details, such as ID, status, and completion details, should be accessible, and the simulation should be visible in the Microsoft Defender portal.

In short, after running the command, I expect the simulation to complete successfully and provide feedback on its status, indicating whether it was created and executed as configured.

How to reproduce

Sample PowerShell code to create an attack simulation

$params = @{
displayName = "Test Simulation"
"[email protected]" = "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/{payload-id}"
"[email protected]" = "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/{loginPage-id}"
"[email protected]" = "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/{landingPage-id}"
attackTechnique = "credentialHarvesting"
durationInDays = 2
status = "scheduled"
createdBy = @{
email = "[email protected]"
}
includedAccountTarget = @{
"@odata.type" = "#microsoft.graph.addressBookAccountTargetContent"
type = "addressBook"
accountTargetEmails = @("[email protected]")
}
trainingSetting = @{
settingType = "noTraining"
}
}

Execute the attack simulation creation

$result = New-MgSecurityAttackSimulation -BodyParameter $params -Verbose -Debug

SDK Version

2.24.0

Latest version known to work for scenario above?

2.09.0

Known Workarounds

NO Workaround exist. Nothing works

Debug output

HTTP Method: POST
Absolute Uri: https://graph.microsoft.com/v1.0/security/attackSimulation/simulations
Headers:

Configuration

PSVersion 7.4.6
PSEdition Core
GitCommitId 7.4.6
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

Other information

No response

@vikingjunior12 vikingjunior12 added status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels Nov 1, 2024
@vikingjunior12
Copy link
Author

The problem is resolved.

The issue resolved itself, though I have no idea why. For about a week, I was unable to start a campaign via the API using either PowerShell or Go. There was no error message. Now, without having changed anything, the script works again, including in Go. I assume Microsoft may have had an issue.

@timayabi2020
Copy link
Contributor

@vikingjunior12 am glad that the issue resolved itself, considering that I was not able to reproduce it. For future issues that cuts across SDKs I would suggest that you open an issue here https://developer.microsoft.com/en-us/graph/support so that the API owner can respond to it because the owners have proper visibility in API related issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience
Projects
None yet
Development

No branches or pull requests

2 participants