Skip to content
Adversarial

Create a new proposal to change a threat profile

POST
/v1/threats/proposals

Request Body required

Section titled “Request Body required ”
object
positions
required

Defines the new positions of the threats for this proposal action

Array<object>

A position of a threat.

This is used to calculate the consequence of moving a threat objective to a certain likelihood and impact.

In most cases, it’s better to use a ThreatProfile than to use a Vec<ThreatPosition>.

object
impact
required

Y-axis for the threat objective

string
Allowed values: Very Low Low Medium High Severe
likelihood
required

X-axis for the threat objective

string
Allowed values: Remote Unlikely Possible Probable Imminent
name
required

PK of the threat objective in the database

string
Allowed values: Sabotage Data Disclosure Extortion Customer Targeting Resource Hijacking Fraud

Responses

Section titled “ Responses ”

201

Section titled “201 ”

Proposal created

Contains detailed information about a proposal. This includes values of [Proposal] and a list of [FullProposalAction]s.

object
actions
required
Array<object>

Contains values of threat_proposal_action::Model and a list of [InherentScore]s.

object
action
required
object
comment
string | null
created_by
One of:
null
created_date
required
string format: date-time
deleted_date
string | null format: date-time
id
required
integer format: int64
updated_date
string | null format: date-time
scores
required
Array<object>

Contains information about the current scoring of a threat objective.

Inherent scores don’t exist without the context of an organization, and cannot exist without some relationship to a threat objective.

This struct should be refactored at some point to be more generic, because it doesn’t necessarily have to relate to a proposal, nor does this struct need to include the threat_objective_name if not requested alone.

object
created_date
required

The date the score was created.

string format: date-time
id
required

An auto-incrementing PK value that uniquely identifies the score given the threat objective name

integer format: int64
impact
required

The y-axis

string
Allowed values: Very Low Low Medium High Severe
is_draft
required

Determines whether this inherent score should be included in some return types of threat levels. TODO(dsgallups): bad design

boolean
likelihood
required

The x-axis

string
Allowed values: Remote Unlikely Possible Probable Imminent
proposal_action_id
required

The proposal action PK that this score is associated with

integer format: int64
proposal_id
required

The proposal PK that this score is associated with

integer format: int64
threat_objective_name
required

The threat objective PK

string
Allowed values: Sabotage Data Disclosure Extortion Customer Targeting Resource Hijacking Fraud
proposal
required
object
approved_by
One of:
null
approved_date
string | null format: date-time
created_by
One of:
null
created_date
required
string format: date-time
denied_by
One of:
null
denied_date
string | null format: date-time
id
required
integer format: int64