Microsoft Graph · Schema
microsoft.graph.payload
Azure ADCollaborationContactsDocumentsEmailGraphIdentityMicrosoftOffice 365PresentationsProductivitySpreadsheetsT1Tasks
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/microsoft.graph.payload",
"title": "microsoft.graph.payload",
"allOf": [
{
"$ref": "#/components/schemas/microsoft.graph.entity"
},
{
"title": "payload",
"required": [
"@odata.type"
],
"type": "object",
"properties": {
"brand": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.payloadBrand"
},
{
"type": "object",
"nullable": true
}
],
"description": "The branch of a payload. The possible values are: unknown, other, americanExpress, capitalOne, dhl, docuSign, dropbox, facebook, firstAmerican, microsoft, netflix, scotiabank, sendGrid, stewartTitle, tesco, wellsFargo, syrinxCloud, adobe, teams, zoom, unknownFutureValue."
},
"complexity": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.payloadComplexity"
},
{
"type": "object",
"nullable": true
}
],
"description": "The complexity of a payload. The possible values are: unknown, low, medium, high, unknownFutureValue."
},
"createdBy": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.emailIdentity"
},
{
"type": "object",
"nullable": true
}
],
"description": "Identity of the user who created the attack simulation and training campaign payload."
},
"createdDateTime": {
"pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
"type": "string",
"description": "Date and time when the attack simulation and training campaign payload. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.",
"format": "date-time",
"nullable": true
},
"description": {
"type": "string",
"description": "Description of the attack simulation and training campaign payload.",
"nullable": true
},
"detail": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.payloadDetail"
},
{
"type": "object",
"nullable": true
}
],
"description": "Additional details about the payload."
},
"displayName": {
"type": "string",
"description": "Display name of the attack simulation and training campaign payload. Supports $filter and $orderby.",
"nullable": true
},
"industry": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.payloadIndustry"
},
{
"type": "object",
"nullable": true
}
],
"description": "Industry of a payload. The possible values are: unknown, other, banking, businessServices, consumerServices, education, energy, construction, consulting, financialServices, government, hospitality, insurance, legal, courierServices, IT, healthcare, manufacturing, retail, telecom, realEstate, unknownFutureValue."
},
"isAutomated": {
"type": "boolean",
"description": "Indicates whether the attack simulation and training campaign payload was created from an automation flow. Supports $filter and $orderby.",
"nullable": true
},
"isControversial": {
"type": "boolean",
"description": "Indicates whether the payload is controversial.",
"nullable": true
},
"isCurrentEvent": {
"type": "boolean",
"description": "Indicates whether the payload is from any recent event.",
"nullable": true
},
"language": {
"type": "string",
"description": "Payload language.",
"nullable": true
},
"lastModifiedBy": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.emailIdentity"
},
{
"type": "object",
"nullable": true
}
],
"description": "Identity of the user who most recently modified the attack simulation and training campaign payload."
},
"lastModifiedDateTime": {
"pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
"type": "string",
"description": "Date and time when the attack simulation and training campaign payload was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.",
"format": "date-time",
"nullable": true
},
"payloadTags": {
"type": "array",
"items": {
"type": "string",
"nullable": true
},
"description": "Free text tags for a payload."
},
"platform": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.payloadDeliveryPlatform"
},
{
"type": "object",
"nullable": true
}
],
"description": "The payload delivery platform for a simulation. The possible values are: unknown, sms, email, teams, unknownFutureValue."
},
"predictedCompromiseRate": {
"oneOf": [
{
"type": "number",
"format": "double",
"nullable": true
},
{
"type": "string",
"nullable": true
},
{
"$ref": "#/components/schemas/ReferenceNumeric"
}
],
"description": "Predicted probability for a payload to phish a targeted user."
},
"simulationAttackType": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.simulationAttackType"
},
{
"type": "object",
"nullable": true
}
],
"description": "Attack type of the attack simulation and training campaign. Supports $filter and $orderby. The possible values are: unknown, social, cloud, endpoint, unknownFutureValue."
},
"source": {
"$ref": "#/components/schemas/microsoft.graph.simulationContentSource"
},
"status": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.simulationContentStatus"
},
{
"type": "object",
"nullable": true
}
],
"description": "Simulation content status. Supports $filter and $orderby. The possible values are: unknown, draft, ready, archive, delete, unknownFutureValue."
},
"technique": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.simulationAttackTechnique"
},
{
"type": "object",
"nullable": true
}
],
"description": "The social engineering technique used in the attack simulation and training campaign. Supports $filter and $orderby. The possible values are: unknown, credentialHarvesting, attachmentMalware, driveByUrl, linkInAttachment, linkToMalwareFile, unknownFutureValue, oAuthConsentGrant. Use the Prefer: include-unknown-enum-members request header to get the following values from this evolvable enum: oAuthConsentGrant. For more information on the types of social engineering attack techniques, see simulations."
},
"theme": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.payloadTheme"
},
{
"type": "object",
"nullable": true
}
],
"description": "The theme of a payload. The possible values are: unknown, other, accountActivation, accountVerification, billing, cleanUpMail, controversial, documentReceived, expense, fax, financeReport, incomingMessages, invoice, itemReceived, loginAlert, mailReceived, password, payment, payroll, personalizedOffer, quarantine, remoteWork, reviewMessage, securityUpdate, serviceSuspended, signatureRequired, upgradeMailboxStorage, verifyMailbox, voicemail, advertisement, employeeEngagement, unknownFutureValue."
},
"@odata.type": {
"type": "string"
}
}
}
],
"x-ms-discriminator-value": "#microsoft.graph.payload"
}