Skip to main content
Retrieve the latest endpoint security technical report results by the environment ID.
External DocumentationTo learn more, visit the Cymulate documentation.

Parameters

ParameterDescription
Environment IDThe ID of the environment.

Note: If an ID is not provided, the action will return latest report results for the default environment.
LimitThe maximum number of items to return, defaults to 100.
OffsetNumber of the items to initially skip.

Example Output

{
	"success": true,
	"cymulate": true,
	"data": [
		{
			"Payload_ID": "abc123def456ghi789jkl012",
			"Module": "Endpoint Security",
			"Source": "NYC1-CYMULATE-",
			"Agent_Profile": "NT AUTHORITY\\SYSTEM",
			"Template_Name": "Behavior-Based - Evasion, Rundll32 Downloader and Fileless Execution",
			"Attack_Type": "Trojan",
			"Timestamp": "2025-07-15T12:00:00Z",
			"Start_Date": "2025-07-15T11:58:00Z",
			"End_Date": "2025-07-15T12:10:34.000Z",
			"Scenario_Status": "Prevented",
			"Scenario_Status_Details": "Scenario blocked during execution. Rundll32 process could not start due to permission restrictions.",
			"Scenario_Counter": 1,
			"Step_Title": "Stager",
			"Scenario_Title": "Remote Breakpoint Evasion via .NET",
			"Step_Status": "Not Tested",
			"Description": "Execution attempt of a remote payload using rundll32 from a C&C server.",
			"Mitigation_Details": "Enable ASR rules in Microsoft Defender to block rundll32 misuse. EMET can also help reduce attack surfaces.",
			"Detection": "Monitor rundll32.exe invocations, especially those loading unknown DLLs or using suspicious arguments.",
			"Techniques": "Rundll32 (https://attack.mitre.org/techniques/T1218/011)",
			"Md5": "N/A",
			"Sha256": "N/A",
			"Sha1": "N/A",
			"Command": "N/A",
			"Command_Output": "N/A",
			"date": "",
			"Previous_Scenario_Status": "N/A",
			"Previous_Step_Status": "Failed",
			"ioc": "e19a7bf2d3c741db80f50f3a3b22c123_cmdinject.dll;d41d8cd98f00b204e9800998ecf8427e_exploit.exe",
			"Event": false,
			"Alert": false,
			"Environment": "Default Environment",
			"Scenario_ID": "abc123def456ghi789jkl012",
			"Evidence": "N/A",
			"ID": "9f874ac013db4c6aa1f0de7e4b5f873b"
		}
	]
}

Workflow Library Example

Get Endpoint Security Technical Overview with Cymulate and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop