> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tracecat.com/llms.txt
> Use this file to discover all available pages before exploring further.

# MITRE Caldera

> Reference for the Tracecat MITRE Caldera integration: registered actions, required secrets, expected inputs, and example workflow usage.

## Add link to operation

Action ID: `tools.caldera.add_operation_link`

Queue an ability on an existing Caldera operation.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="ability_executor" type="string" required>
  Executor name to run the ability with (e.g. windows, linux, darwin).
</ParamField>

<ParamField path="ability_id" type="string" required>
  Ability ID to add to the operation.
</ParamField>

<ParamField path="operation_id" type="string" required>
  Operation ID to update.
</ParamField>

<ParamField path="paw" type="string" required>
  Agent PAW that should run the ability.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## Caldera health check

Action ID: `tools.caldera.health_check`

Query the Caldera REST API health endpoint.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## Create adversary

Action ID: `tools.caldera.create_adversary`

Create a new Caldera adversary profile.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="description" type="string" required>
  Description of the adversary.
</ParamField>

<ParamField path="name" type="string" required>
  Name for the adversary.
</ParamField>

<ParamField path="atomic_ordering" type="array[string]">
  Ordered list of ability IDs for the adversary playbook.

  Default: `[]`.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

<ParamField path="plugin" type="string">
  Plugin that owns the adversary.

  Default: `"stockpile"`.
</ParamField>

<ParamField path="tags" type="array[string]">
  Optional tags to assign.

  Default: `[]`.
</ParamField>

## Create Linux ability

Action ID: `tools.caldera.create_linux_ability`

Create a Caldera stockpile ability that runs on Linux agents.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="command" type="string" required>
  Shell command to execute on the agent.
</ParamField>

<ParamField path="description" type="string" required>
  Ability description.
</ParamField>

<ParamField path="name" type="string" required>
  Ability name.
</ParamField>

<ParamField path="tactic" type="string" required>
  MITRE ATT\&CK tactic (e.g. discovery, collection).
</ParamField>

<ParamField path="technique_name" type="string" required>
  MITRE ATT\&CK technique name.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

<ParamField path="delete_payload" type="boolean">
  Delete payloads from the agent after execution.

  Default: `true`.
</ParamField>

<ParamField path="payloads" type="array[string]">
  Optional payload files required by the ability.

  Default: `[]`.
</ParamField>

<ParamField path="privilege" type="string">
  Privilege level required to run the ability (blank for default).

  Default: `""`.
</ParamField>

<ParamField path="repeatable" type="boolean">
  Whether the ability can run repeatedly on the same agent.

  Default: `false`.
</ParamField>

<ParamField path="technique_id" type="string | null">
  Optional MITRE ATT\&CK technique ID (e.g. T1059.004).

  Default: `null`.
</ParamField>

<ParamField path="timeout" type="integer">
  Command timeout in seconds.

  Default: `60`.
</ParamField>

## Create operation

Action ID: `tools.caldera.create_operation`

Create a Caldera operation from an existing adversary profile.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="adversary_id" type="string" required>
  Adversary ID whose abilities should be executed.
</ParamField>

<ParamField path="name" type="string" required>
  Operation name.
</ParamField>

<ParamField path="auto_close" type="boolean">
  Whether to automatically close the operation when finished.

  Default: `false`.
</ParamField>

<ParamField path="autonomous" type="integer">
  Autonomous mode value (0 = manual, 1 = full autonomous).

  Default: `1`.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

<ParamField path="group" type="string">
  Optional group assignment for the operation.

  Default: `""`.
</ParamField>

<ParamField path="jitter" type="string">
  Sleep jitter value (format min/max seconds).

  Default: `"2/4"`.
</ParamField>

<ParamField path="obfuscator" type="string">
  Obfuscator to use for commands.

  Default: `"plain-text"`.
</ParamField>

<ParamField path="objective_id" type="string">
  Objective ID the operation should satisfy.

  Default: `"495a9828-cab1-44dd-a0ca-66e58177d8cc"`.
</ParamField>

<ParamField path="planner_id" type="string">
  Planner ID to use when scheduling the operation.

  Default: `"aaa7c857-37a0-4c4a-85f7-4e9f7f30e31a"`.
</ParamField>

<ParamField path="source_id" type="string">
  Source ID for fact collection.

  Default: `"ed32b9c3-9593-4c33-b0db-e2007315096b"`.
</ParamField>

<ParamField path="state" type="string">
  Initial operation state (e.g. running, paused, finished).

  Default: `"paused"`.
</ParamField>

<ParamField path="use_learning_parsers" type="boolean">
  Whether to enable learning parsers during the run.

  Default: `true`.
</ParamField>

<ParamField path="visibility" type="integer">
  Visibility score for the operation.

  Default: `51`.
</ParamField>

## Create Windows ability

Action ID: `tools.caldera.create_windows_ability`

Create a Caldera stockpile ability that runs on Windows agents.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="command" type="string" required>
  Exact PowerShell command to execute.
</ParamField>

<ParamField path="description" type="string" required>
  Ability description.
</ParamField>

<ParamField path="name" type="string" required>
  Ability name.
</ParamField>

<ParamField path="tactic" type="string" required>
  MITRE ATT\&CK tactic (e.g. discovery, execution).
</ParamField>

<ParamField path="technique_name" type="string" required>
  MITRE ATT\&CK technique name.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

<ParamField path="delete_payload" type="boolean">
  Delete payloads from the agent after execution.

  Default: `true`.
</ParamField>

<ParamField path="payloads" type="array[string]">
  Optional payload files required by the ability.

  Default: `[]`.
</ParamField>

<ParamField path="privilege" type="string">
  Privilege level required to run the ability (blank for default).

  Default: `""`.
</ParamField>

<ParamField path="repeatable" type="boolean">
  Whether the ability can run repeatedly on the same agent.

  Default: `false`.
</ParamField>

<ParamField path="technique_id" type="string | null">
  Optional MITRE ATT\&CK technique ID (e.g. T1059.001).

  Default: `null`.
</ParamField>

<ParamField path="timeout" type="integer">
  Command timeout in seconds.

  Default: `60`.
</ParamField>

## Get ability

Action ID: `tools.caldera.get_ability`

Retrieve a Caldera ability by ID.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="ability_id" type="string" required>
  Ability ID to fetch.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## Get adversary

Action ID: `tools.caldera.get_adversary`

Retrieve a Caldera adversary by ID.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="adversary_id" type="string" required>
  Adversary ID to fetch.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## Get agent

Action ID: `tools.caldera.get_agent`

Retrieve a Caldera agent by PAW.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="paw" type="string" required>
  Agent PAW identifier.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## Get link result

Action ID: `tools.caldera.get_operation_link_result`

Retrieve the result payload for a specific Caldera link.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="link_id" type="string" required>
  Link ID to fetch.
</ParamField>

<ParamField path="operation_id" type="string" required>
  Operation ID that contains the link.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## Get operation

Action ID: `tools.caldera.get_operation`

Retrieve a Caldera operation by ID.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="operation_id" type="string" required>
  Operation ID to fetch.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## Get operation link

Action ID: `tools.caldera.get_operation_link`

Retrieve a specific link from a Caldera operation.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="link_id" type="string" required>
  Link ID to fetch.
</ParamField>

<ParamField path="operation_id" type="string" required>
  Operation ID that contains the link.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## List abilities

Action ID: `tools.caldera.list_abilities`

List all Caldera abilities.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## List adversaries

Action ID: `tools.caldera.list_adversaries`

List Caldera adversaries.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## List agents

Action ID: `tools.caldera.list_agents`

List all Caldera agents (alive or dead).

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## List operation links

Action ID: `tools.caldera.list_operation_links`

List links for a specific Caldera operation.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="operation_id" type="string" required>
  Operation ID to inspect.
</ParamField>

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## List operations

Action ID: `tools.caldera.list_operations`

List all Caldera operations.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>

## List payloads

Action ID: `tools.caldera.list_payloads`

List uploaded payloads from Caldera.

Reference: [https://caldera.readthedocs.io/en/latest/The-REST-API.html](https://caldera.readthedocs.io/en/latest/The-REST-API.html)

### Secrets

Required secrets:

* `caldera`: required values `CALDERA_API_KEY`.

### Input fields

<ParamField path="base_url" type="string | null">
  Caldera API base URL (e.g. [http://localhost:8888/api/v2](http://localhost:8888/api/v2)).

  Default: `null`.
</ParamField>