List attacks

GET

campaigns

{campaign_id}

attacks

curl --request GET \
  --url https://public-api.tryriot.com/v1/campaigns/{campaign_id}/attacks \
  --header 'x-api-key: <api-key>'

{
  "data": [
    {
      "campaign_cycle": {
        "id": "e4ebfd69-3c2c-4028-b423-1bff3d87d58f"
      },
      "created_at": "2024-01-13T10:00:00.000000Z",
      "employee": {
        "id": "e4ebfd69-3c2c-4028-b423-1bff3d87d58f",
        "name": "John Doe",
        "primary_email_address": "[email protected]"
      },
      "events": [
        {
          "created_at": "2025-03-06T14:18:18.397000Z",
          "data": null,
          "id": "f28a3b79-1c54-4ef5-a1db-7c48e2d9c4a2",
          "type": "remedial_started"
        },
        {
          "created_at": "2025-03-06T14:18:07.996000Z",
          "data": null,
          "id": "b9c2e7d1-5f3a-42d8-b0e5-9a6d481c7f52",
          "type": "employee_tricked"
        },
        {
          "created_at": "2025-03-06T14:18:07.989000Z",
          "data": {
            "password_length": 12,
            "score": 4
          },
          "id": "7d5e8f2a-9b34-4c01-a6d7-1e3f8b952c9a",
          "type": "credentials_submitted"
        },
        {
          "created_at": "2025-03-06T14:17:54.181000Z",
          "data": null,
          "id": "2c4d6e8f-a3b5-4c7d-9e1f-0a2b4c6d8e0f",
          "type": "page_opened"
        },
        {
          "created_at": "2025-03-06T14:16:58.163000Z",
          "data": null,
          "id": "5a1b3c7d-9e2f-4a6b-8c0d-2e4f6a8b0c2d",
          "type": "email_opened"
        },
        {
          "created_at": "2025-03-06T14:16:38.716655Z",
          "data": null,
          "id": "1d3f5e7a-9b2c-4d6e-8f0a-2c4d6e8a0c2e",
          "type": "attack_sent"
        }
      ],
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "reported_at": "2024-01-13T10:00:00.000000Z",
      "sender": {
        "email": "[email protected]",
        "name": "Marketing team"
      },
      "sent_at": "2024-01-13T10:00:00.000000Z",
      "service": {
        "name": "Microsoft"
      },
      "template": {
        "name": "security-issue-detected"
      },
      "tricked_at": "2025-03-06T14:18:07.996000Z"
    }
  ]
}

Authorizations

x-api-key

string

header

required

Headers

x-item-limit

integer

default:50

Maximum number of items to return. Maximum value is 100.

Required range: 1 <= x <= 100

x-next-cursor

string

Pagination cursor for retrieving the next page of results. This value is obtained from the 'x-next-cursor' response header of a previous API call. The cursor should be passed unchanged to fetch next pages. See https://docs.tryriot.com/api-reference/introduction#pagination for examples.

Path Parameters

campaign_id

string

required

Campaign id for which to get the attacks

Query Parameters

workspace_id

string

required

Id of the workspace targeted by the attacks

campaign_cycle_id

string

Id of the cycle the attack belongs to

created_after

string

Filters attacks based on their creation date. Only attacks created after specified date (UTC) will be included in the response.

created_before

string

Filters attacks based on their creation date. Only attacks created before specified date (UTC) will be included in the response.

is_tricked

boolean

Filters attacks based on whether the employee was tricked.

true: Returns attacks where the employee was tricked.
false: Returns attacks where the employee was not tricked.

Response

200

application/json

Attacks list

data

object[]

required

data.campaign_cycle

object | null

required

Nullable only for attacks created before 2023-03-07

data.created_at

string

required

Example:

"2024-01-13T10:00:00.000000Z"

data.employee

object

required

data.events

object[]

required

Example:

[
  {
    "created_at": "2025-03-06T14:18:18.397000Z",
    "data": null,
    "id": "f28a3b79-1c54-4ef5-a1db-7c48e2d9c4a2",
    "type": "remedial_started"
  },
  {
    "created_at": "2025-03-06T14:18:07.996000Z",
    "data": null,
    "id": "b9c2e7d1-5f3a-42d8-b0e5-9a6d481c7f52",
    "type": "employee_tricked"
  },
  {
    "created_at": "2025-03-06T14:18:07.989000Z",
    "data": { "password_length": 12, "score": 4 },
    "id": "7d5e8f2a-9b34-4c01-a6d7-1e3f8b952c9a",
    "type": "credentials_submitted"
  },
  {
    "created_at": "2025-03-06T14:17:54.181000Z",
    "data": null,
    "id": "2c4d6e8f-a3b5-4c7d-9e1f-0a2b4c6d8e0f",
    "type": "page_opened"
  },
  {
    "created_at": "2025-03-06T14:16:58.163000Z",
    "data": null,
    "id": "5a1b3c7d-9e2f-4a6b-8c0d-2e4f6a8b0c2d",
    "type": "email_opened"
  },
  {
    "created_at": "2025-03-06T14:16:38.716655Z",
    "data": null,
    "id": "1d3f5e7a-9b2c-4d6e-8f0a-2c4d6e8a0c2e",
    "type": "attack_sent"
  }
]

data.id

string

required

data.reported_at

string | null

required

Example:

"2024-01-13T10:00:00.000000Z"

data.sender

object | null

required

data.sent_at

string | null

required

Example:

"2024-01-13T10:00:00.000000Z"

data.service

object

required

data.template

object

required

data.tricked_at

string | null

required

When the employee was tricked. If this property is not null, an attack is considered successful. This typically occurs when the employee submits their credentials on a phishing website of the campaign.

Example:

"2025-03-06T14:18:07.996000Z"

List campaigns List courses

curl --request GET \
  --url https://public-api.tryriot.com/v1/campaigns/{campaign_id}/attacks \
  --header 'x-api-key: <api-key>'

{
  "data": [
    {
      "campaign_cycle": {
        "id": "e4ebfd69-3c2c-4028-b423-1bff3d87d58f"
      },
      "created_at": "2024-01-13T10:00:00.000000Z",
      "employee": {
        "id": "e4ebfd69-3c2c-4028-b423-1bff3d87d58f",
        "name": "John Doe",
        "primary_email_address": "[email protected]"
      },
      "events": [
        {
          "created_at": "2025-03-06T14:18:18.397000Z",
          "data": null,
          "id": "f28a3b79-1c54-4ef5-a1db-7c48e2d9c4a2",
          "type": "remedial_started"
        },
        {
          "created_at": "2025-03-06T14:18:07.996000Z",
          "data": null,
          "id": "b9c2e7d1-5f3a-42d8-b0e5-9a6d481c7f52",
          "type": "employee_tricked"
        },
        {
          "created_at": "2025-03-06T14:18:07.989000Z",
          "data": {
            "password_length": 12,
            "score": 4
          },
          "id": "7d5e8f2a-9b34-4c01-a6d7-1e3f8b952c9a",
          "type": "credentials_submitted"
        },
        {
          "created_at": "2025-03-06T14:17:54.181000Z",
          "data": null,
          "id": "2c4d6e8f-a3b5-4c7d-9e1f-0a2b4c6d8e0f",
          "type": "page_opened"
        },
        {
          "created_at": "2025-03-06T14:16:58.163000Z",
          "data": null,
          "id": "5a1b3c7d-9e2f-4a6b-8c0d-2e4f6a8b0c2d",
          "type": "email_opened"
        },
        {
          "created_at": "2025-03-06T14:16:38.716655Z",
          "data": null,
          "id": "1d3f5e7a-9b2c-4d6e-8f0a-2c4d6e8a0c2e",
          "type": "attack_sent"
        }
      ],
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "reported_at": "2024-01-13T10:00:00.000000Z",
      "sender": {
        "email": "[email protected]",
        "name": "Marketing team"
      },
      "sent_at": "2024-01-13T10:00:00.000000Z",
      "service": {
        "name": "Microsoft"
      },
      "template": {
        "name": "security-issue-detected"
      },
      "tricked_at": "2025-03-06T14:18:07.996000Z"
    }
  ]
}

API Documentation

Endpoints

Authorizations

Headers

Path Parameters

Query Parameters

Response