Skip to content

GraphQL Test Case Mutations

Overview

Here are some quick links to get you up and running with the GraphQL API:

Best Practices

API Use Recommendations

99% of the time when creating local Test Cases for a Purple Team Exercise, you should be mapping to a Test Case Template. The easiest way to accomplish this with the GraphQL API is to call the testCase.createWithTemplateMatchByName mutation. This will create a local Test Case in a specified Campaign, and additionally, it will map the Test Case to the same-named Test Case Template in the template database. There is an optional parameter to specify a different template name if the template name you want to map does not have an exact name match to the local Test Case. If the specified template name is not found, one will be created for you in the template database. This is helpful for repeat testing.

Test Case Mutation Examples

Create Test Case Template

In this example, we are creating a new test case template with the provided test case data as a Query Variable.

Note

The test case data must conform to the requirements of the CreateTestCaseTemplateDataInput input.

mutation CreateTestCaseTemplate($input: CreateTestCaseTemplateInput!) {
  createTestCaseTemplate(input: $input) {
    testCases {
      id, name
    }
  }
}
{
  "input": {
    "testCaseTemplateData": [
      {
        "name": "Directory Brute Force",
        "description": "Enumerate files and directories on prominent external web apps.",
        "phase": "Discovery",
        "technique": "T1083",
        "defenses": [
          "SIEM",
          "Firewall",
          "WAF"
        ],
        "redTools": [
          {
            "name": "BurpSuite"
          }
        ],
        "tags": [
          "2021"
        ],
        "organization": "ACME Corp"
      }
    ]
  }
}
{
  "data": {
    "createTestCaseTemplate": {
      "testCases": [
        {
          "id": "96b9d8dd-0f83-4297-9b0c-6ef2df5ce883",
          "name": "Directory Brute Force"
        }
      ]
    }
  }
}

You can also create a test case template with one or more new red tools which do not exist in VECTR. When you specify a new red tool, VECTR will automatically create a product entry (and associated Vendor entry if applicable) into the database for you! For example, if you have a new red tool called "Secret Sauce" by "ACME Corp" you can apply this tool to a test case template:

mutation CreateTestCaseTemplate($input: CreateTestCaseTemplateInput!) {
  createTestCaseTemplate(input: $input) {
    testCases {
      id, name, redTools { name }
    }
  }
}
{
  "input": {
    "testCaseTemplateData": [
      {
        "name": "Hello World Scanning",
        "description": "Attempts to ping 'hello world' on well known protocols.",
        "phase": "Discovery",
        "technique": "T1083",
        "defenses": [
          "SIEM",
          "Firewall",
          "WAF"
        ],
        "redTools": [
          {
            "name": "Secret Sauce",
            "vendor": "ACME Corp"
          }
        ],
        "tags": [
          "2021"
        ],
        "organization": "ACME Corp"
      }
    ]
  }
}
{
  "data": {
    "createTestCaseTemplate": {
      "testCases": [
        {
          "id": "3d7d8787-5005-4204-81bb-99d0c9287cc7",
          "name": "Hello World Scanning",
          "redTools": [
            {
              "name": "Secret Sauce"
            }
          ]
        }
      ]
    }
  }
}

Clone an Existing Test Case Template

Note

The test case data must conform to the requirements of the UpdateTestCaseTemplateDataInput input.

mutation CloneTestCaseTemplate($input: CloneTestCaseTemplateInput!) {
  cloneTestCaseTemplate(input: $input) {
    testCases {
      id, name, description
    }
  }
}
{
  "input": {
    "templateId": "96b9d8dd-0f83-4297-9b0c-6ef2df5ce883",
    "testCaseTemplateData": [
      {
        "name": "Apache Directory Discovery",
        "description": "This is a clone of 'Directory Brute Force'"
      },
      {
        "name": "Nginx Directory Discovery"
      }
    ]
  }
}
{
  "data": {
    "cloneTestCaseTemplate": {
      "testCases": [
        {
          "id": "4ec3a903-fea4-4b44-909b-4201964d35a1",
          "name": "Apache Directory Discovery",
          "description": "This is a clone of 'Directory Brute Force'"
        },
        {
          "id": "9e589e72-4ab5-47da-8e19-8e39d6a18dec",
          "name": "Nginx Directory Discovery",
          "description": "Enumerate files and directories on prominent external web apps."
        }
      ]
    }
  }
}

Create Test Case and Match Template By Name

Note

This creates a local Test Case in the target database db.

The test case data must conform to the requirements of the CreateTestCaseAndTemplateMatchByNameInput input. A test case can be created with a minimal amount of input. Name, description, phase, technique, and organization are required. Other data will enrich the Test Case but may be added at a later time or through the UI when executing the test.

Example shows the creation of a brute forcing Test Case using a fictional attack tool. It maps back to a template named Existing Template for Specific T1110 Procedure or create this template if it does not exist.

mutation ($input: CreateTestCaseAndTemplateMatchByNameInput!) {
    testCase {
        createWithTemplateMatchByName(input: $input) {
            testCases {
                id, name, description, createTime
            }
        }
    }
}
{
    "input": {
        "db": "MY_USER_DB",
        "campaignId": "38962000-33e2-4de8-bf44-2fbc34b820fd",
        "createTestCaseInputs": [
            {
                "templateName": "Existing Template for Specific T1110 Procedure",
                "testCaseData": {
                    "name": "Specific T1110 Procedure Engineering Test",
                    "description": "Algorithmic best-guess password generation for targeted users",
                    "operatorGuidance": "run curious doorbuster",
                    "phase": "Execution",
                    "technique": "T1110",
                    "organization": "Security Risk Advisors",
                    "status": "INPROGRESS",
                    "outcome": "NOTDETECTED",
                    "activityLogged": "YES",
                    "redTools":  [
                        {
                        "name": "Native Windows Commands"
                        }
                    ],
                    "targets": ["192.168.1.1"],
                    "sources": ["192.168.1.105", "192.168.1.106"],
                    "defenses": ["Secure Development Practices"],
                    "detectionSteps": ["Check for web traffic anomolies and login error counts"],
                    "preventionSteps": ["Increasing delay for user login on suspicious traffic"],
                    "outcome": "NOTDETECTED",
                    "outcomeNotes": "No log entries available",
                    "alertSeverity": "INFO",
                    "alertTriggered": "NO",
                    "activityLogged": "NO",
                    "detectionTime": 1643924284000,
                    "detectingDefenseTools": [{"name": "My Advanced Defense Tool"}],
                    "references": ["http://www.google.com Google"],
                    "redTools": [{"name": "Curious DoorBuster"}],
                    "operatorGuidance": "use custom attack tool",
                    "attackStop": 1643925400000,
                    "attackStart": 1643914284000,
                    "attackAutomation": {
                    "command": "echo curiousdb #{inputvartest}",
                    "executor": "CMD",
                    "attackVariables": [{"inputName": "inputvartest", "inputValue": "test"}]
                    }
                }
            }
        ]
    }
}
{
    "data": {
        "testCase": {
            "createWithTemplateMatchByName": {
                "testCases": [
                    {
                    "id": "0a319ce4-cee8-4726-acce-ca72dc62341f",
                    "name": "Specific T1110 Procedure Engineering Test",
                    "description": "Algorithmic best-guess password generation for targeted users",
                    "createTime": 1643939954917
                    }
                ]
            }
        }
    }
}

Create Test Case Without Template

This creates a local Test Case with no template.

Don't use this unless you know what you're doing.

mutation ($input: CreateTestCaseWithoutTemplateInput!) {
    testCase {
        createWithoutTemplate(input: $input) {
            testCases {
            id, name, description, createTime
            }
        }
    }
}
{
    "input": {
        "db": "MY_USER_DB",
        "campaignId": "38962000-33e2-4de8-bf44-2fbc34b820fd",
        "testCaseData": [
            {
                "name": "Specific Brute Force procedure we will only ever run once",
                "description": "Never running this again so don't need a template",
                "phase": "Execution",
                "technique": "T1110",
                "organization": "Security Risk Advisors"
            }
        ]
    }
}
{
    "data": {
        "testCase": {
            "createWithoutTemplate": {
                "testCases": [
                    {
                    "id": "123b74b1-ccdb-4d3b-89d5-dc8f8608b952",
                    "name": "Specific Brute Force procedure we will only ever run once",
                    "description": "Never running this again so don't need a template",
                    "createTime": 1643923969861
                    }
                ]
            }
        }
    }
}