Get Endpoint Security Technical Overview

{
	"success": true,
	"cymulate": true,
	"data": [
		{
			"Payload_ID": "abc123def456ghi789jkl012",
			"Module": "Endpoint Security",
			"Source": "NYC1-CYMULATE-",
			"Agent_Profile": "NT AUTHORITY\\SYSTEM",
			"Template_Name": "Behavior-Based - Evasion, Rundll32 Downloader and Fileless Execution",
			"Attack_Type": "Trojan",
			"Timestamp": "2025-07-15T12:00:00Z",
			"Start_Date": "2025-07-15T11:58:00Z",
			"End_Date": "2025-07-15T12:10:34.000Z",
			"Scenario_Status": "Prevented",
			"Scenario_Status_Details": "Scenario blocked during execution. Rundll32 process could not start due to permission restrictions.",
			"Scenario_Counter": 1,
			"Step_Title": "Stager",
			"Scenario_Title": "Remote Breakpoint Evasion via .NET",
			"Step_Status": "Not Tested",
			"Description": "Execution attempt of a remote payload using rundll32 from a C&C server.",
			"Mitigation_Details": "Enable ASR rules in Microsoft Defender to block rundll32 misuse. EMET can also help reduce attack surfaces.",
			"Detection": "Monitor rundll32.exe invocations, especially those loading unknown DLLs or using suspicious arguments.",
			"Techniques": "Rundll32 (https://attack.mitre.org/techniques/T1218/011)",
			"Md5": "N/A",
			"Sha256": "N/A",
			"Sha1": "N/A",
			"Command": "N/A",
			"Command_Output": "N/A",
			"date": "",
			"Previous_Scenario_Status": "N/A",
			"Previous_Step_Status": "Failed",
			"ioc": "e19a7bf2d3c741db80f50f3a3b22c123_cmdinject.dll;d41d8cd98f00b204e9800998ecf8427e_exploit.exe",
			"Event": false,
			"Alert": false,
			"Environment": "Default Environment",
			"Scenario_ID": "abc123def456ghi789jkl012",
			"Evidence": "N/A",
			"ID": "9f874ac013db4c6aa1f0de7e4b5f873b"
		}
	]
}