Adversary ID not being applied to new Operation I am creating

[APOLAK77]

Hey, I am working on a final year project for college where I want to create an operation in MITRE Caldera from my own Django web platform.

I am trying to work with the Caldera APIs to get this functionality to work however I am encountering issues when it comes to creating an operation with a specific adversary ID.

Primarily I want to create an operation that has the adversary ID to execute the caldera discovery adversary.
I am using the adversary ID "0f4c3c67-845e-49a0-927e-90ed33c044e0" to specify this.

However, when I ultimately create an operation with this ID, it always creates an operation with the adversary data "ad hoc" and never actually runs the Discovery commands I want to run.

Please help me, here is the command I run to create an operation.

curl -X POST http://127.0.0.1:8888/api/v2/operations
-H "Content-Type: application/json"
-H "KEY: "
-d '{
"name": "Discovery_API",
"adversary_id": "0f4c3c67-845e-49a0-927e-90ed33c044e0",
"group": "red",
"planner": {
"id": "aaa7c857-37a0-4c4a-85f7-4e9f7f30e31a",
"name": "atomic",
"module": "app.planners.atomic",
"params": {}
},
"jitter": "2/8",
"autonomous": 1,
"state": "paused",
"auto_close": false,
"host_group": ["vhdnpd"]
}'

[github-actions]

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

[leba-atr]

May I ask you to cross-check that the adversary you reference indeed exists in your local instance? curl -H 'Key: ...' http://localhost:8888/api/v2/adversaries/0f4c3c67-845e-49a0-927e-90ed33c044e0 should do the trick. If curl shows output and that's your adversary, we can rule that possibility out.

[APOLAK77]

I have run the command and this is the output I received, this seems to work

Output:
{"adversary_id": "0f4c3c67-845e-49a0-927e-90ed33c044e0", "name": "Discovery", "description": "A discovery adversary", "atomic_ordering": ["c0da588f-79f0-4263-8998-7496b1a40596", "c1cd6388-3ced-48c7-a511-0434c6ba8f48", "feaced8f-f43f-452a-9500-a5219488abb8", "b6f545ef-f802-4537-b59d-2cb19831c8ed", "3b5db901-2cb8-4df7-8043-c4628a6a5d5a", "530e47c6-8592-42bf-91df-c59ffbd8541b", "26c8b8b5-7b5b-4de1-a128-7d37fb14f517", "2dece965-37a0-4f70-a391-0f30e3331aba", "5c4dd985-89e3-4590-9b57-71fed66ff4e2", "8c06ebf8-bacf-486b-bd77-21ba8c5a5777", "ce485320-41a4-42e8-a510-f5a8fe96a644", "b007fc38-9eb7-4320-92b3-9a3ad3e6ec25"], "objective": "495a9828-cab1-44dd-a0ca-66e58177d8cc", "tags": [], "has_repeatable_abilities": false, "plugin": "stockpile"}

[leba-atr]

I've been able to reproduce the output you see. It seems that the JSON you use as the input doesn't match what the API expects. If you check the model of the POST to /operations, you'll notice that adversary_id must be placed inside of an adversary object.

The fixed JSON payload is:

{
    "name": "Discovery_API",
    "adversary": { // this is new and fixes the problem you experience
        "adversary_id": "0f4c3c67-845e-49a0-927e-90ed33c044e0"
    },
    "group": "red",
    "planner": {
        "id": "aaa7c857-37a0-4c4a-85f7-4e9f7f30e31a",
        "name": "atomic",
        "module": "app.planners.atomic",
        "params": {}
    },
    "jitter": "2/8",
    "autonomous": 1,
    "state": "paused",
    "auto_close": false,
    "host_group": [
        "vhdnpd"
    ]
}

[APOLAK77]

Great this worked, thankyou so much!

[leba-atr]

Glad to hear.

If this resolves the reported problem fully, please close the ticket so that it's clear that the issue has been adressed.