Add link to operation
Action ID:tools.caldera.add_operation_link
Queue an ability on an existing Caldera operation.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#operations
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Executor name to run the ability with (e.g. windows, linux, darwin).
Ability ID to add to the operation.
Operation ID to update.
Agent PAW that should run the ability.
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Caldera health check
Action ID:tools.caldera.health_check
Query the Caldera REST API health endpoint.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Create adversary
Action ID:tools.caldera.create_adversary
Create a new Caldera adversary profile.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#adversaries
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Description of the adversary.
Name for the adversary.
Ordered list of ability IDs for the adversary playbook.Default:
[].Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Plugin that owns the adversary.Default:
"stockpile".Optional tags to assign.Default:
[].Create Linux ability
Action ID:tools.caldera.create_linux_ability
Create a Caldera stockpile ability that runs on Linux agents.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#abilities
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Shell command to execute on the agent.
Ability description.
Ability name.
MITRE ATT&CK tactic (e.g. discovery, collection).
MITRE ATT&CK technique name.
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Delete payloads from the agent after execution.Default:
true.Optional payload files required by the ability.Default:
[].Privilege level required to run the ability (blank for default).Default:
"".Whether the ability can run repeatedly on the same agent.Default:
false.Optional MITRE ATT&CK technique ID (e.g. T1059.004).Default:
null.Command timeout in seconds.Default:
60.Create operation
Action ID:tools.caldera.create_operation
Create a Caldera operation from an existing adversary profile.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#operations
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Adversary ID whose abilities should be executed.
Operation name.
Whether to automatically close the operation when finished.Default:
false.Autonomous mode value (0 = manual, 1 = full autonomous).Default:
1.Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Optional group assignment for the operation.Default:
"".Sleep jitter value (format min/max seconds).Default:
"2/4".Obfuscator to use for commands.Default:
"plain-text".Objective ID the operation should satisfy.Default:
"495a9828-cab1-44dd-a0ca-66e58177d8cc".Planner ID to use when scheduling the operation.Default:
"aaa7c857-37a0-4c4a-85f7-4e9f7f30e31a".Source ID for fact collection.Default:
"ed32b9c3-9593-4c33-b0db-e2007315096b".Initial operation state (e.g. running, paused, finished).Default:
"paused".Whether to enable learning parsers during the run.Default:
true.Visibility score for the operation.Default:
51.Create Windows ability
Action ID:tools.caldera.create_windows_ability
Create a Caldera stockpile ability that runs on Windows agents.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#abilities
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Exact PowerShell command to execute.
Ability description.
Ability name.
MITRE ATT&CK tactic (e.g. discovery, execution).
MITRE ATT&CK technique name.
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Delete payloads from the agent after execution.Default:
true.Optional payload files required by the ability.Default:
[].Privilege level required to run the ability (blank for default).Default:
"".Whether the ability can run repeatedly on the same agent.Default:
false.Optional MITRE ATT&CK technique ID (e.g. T1059.001).Default:
null.Command timeout in seconds.Default:
60.Get ability
Action ID:tools.caldera.get_ability
Retrieve a Caldera ability by ID.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#abilities
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Ability ID to fetch.
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Get adversary
Action ID:tools.caldera.get_adversary
Retrieve a Caldera adversary by ID.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#adversaries
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Adversary ID to fetch.
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Get agent
Action ID:tools.caldera.get_agent
Retrieve a Caldera agent by PAW.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#agents
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Agent PAW identifier.
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Get link result
Action ID:tools.caldera.get_operation_link_result
Retrieve the result payload for a specific Caldera link.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#operations
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Link ID to fetch.
Operation ID that contains the link.
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Get operation
Action ID:tools.caldera.get_operation
Retrieve a Caldera operation by ID.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#operations
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Operation ID to fetch.
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.Get operation link
Action ID:tools.caldera.get_operation_link
Retrieve a specific link from a Caldera operation.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#operations
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Link ID to fetch.
Operation ID that contains the link.
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.List abilities
Action ID:tools.caldera.list_abilities
List all Caldera abilities.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#abilities
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.List adversaries
Action ID:tools.caldera.list_adversaries
List Caldera adversaries.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#adversaries
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.List agents
Action ID:tools.caldera.list_agents
List all Caldera agents (alive or dead).
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#agents
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.List operation links
Action ID:tools.caldera.list_operation_links
List links for a specific Caldera operation.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#operations
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Operation ID to inspect.
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.List operations
Action ID:tools.caldera.list_operations
List all Caldera operations.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#operations
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.List payloads
Action ID:tools.caldera.list_payloads
List uploaded payloads from Caldera.
Reference: https://caldera.readthedocs.io/en/latest/Users/REST-api.html#payloads
Secrets
Required secrets:caldera: required valuesCALDERA_API_KEY.
Input fields
Caldera API base URL (e.g. http://localhost:8888/api/v2).Default:
null.