API Reference

This page documents major public functions exported by the Invoke-AtomicRedTeam module manifest.

Invoke-AtomicTest

Executes specified Atomic Red Team tests on target hosts.

Invoke-AtomicTest
    [-AtomicTechnique] <String[]>
    [-ShowDetails]
    [-ShowDetailsBrief]
    [-anyOS]
    [-TestNumbers <String[]>]
    [-TestNames <String[]>]
    [-TestGuids <String[]>]
    [-PathToAtomicsFolder <String>]
    [-CheckPrereqs]
    [-PromptForInputArgs]
    [-GetPrereqs]
    [-Cleanup]
    [-NoExecutionLog]
    [-ExecutionLogPath <String>]
    [-Force]
    [-InputArgs <Hashtable>]
    [-TimeoutSeconds <Int32>]
    [-Session <PSSession[]>]
    [-Interactive]
    [-KeepStdOutStdErrFiles]
    [-LoggingModule <String>]
    [-SupressPathToAtomicsFolder]
  • -AtomicTechnique: The ATT&CK technique code (e.g., T1003) or All to parse the entire definitions folder.
  • -ShowDetails: Prints full description, executor command strings, cleanup, and dependency definitions.
  • -ShowDetailsBrief: Lists test names and numeric IDs under the specified technique.
  • -anyOS: Runs testing commands without performing operating system compatibility validations.
  • -TestNumbers: Limits execution to specific numeric test indexes.
  • -TestNames: Filters and runs only test names that match input strings.
  • -TestGuids: Selects test structures with corresponding unique ID string properties.
  • -PathToAtomicsFolder: Path where technique subfolders reside.
  • -CheckPrereqs: Evaluates if target requirements are met.
  • -PromptForInputArgs: Interactively steps through input variables.
  • -GetPrereqs: Executes commands to download or resolve missing dependencies.
  • -Cleanup: Runs cleanup commands.
  • -NoExecutionLog: Disables appending execution metrics to external log modules.
  • -ExecutionLogPath: Directory location for recording local execution logs.
  • -Force: Runs without verification prompts.
  • -InputArgs: Overrides default test parameters using key-value hashes.
  • -Session: A PSSession object array for remote execution.

Get-AtomicTechnique

Parses and validates a technique YAML file, converting content to a structured object representation.

Get-AtomicTechnique
    [-Path] <String>

Get-AtomicTechnique
    [-Yaml] <String>
  • -Path: Absolute or relative path to the YAML configuration file.
  • -Yaml: Raw string content containing the technique declaration.

New-AtomicTechnique

Instantiates an object representation of a technique.

New-AtomicTechnique
    [-AttackTechnique] <String[]>
    [-DisplayName] <String>
    [-AtomicTests] <AtomicTest[]>
  • -AttackTechnique: Technique identifiers matching TNNNN or TNNNN.NNN.
  • -DisplayName: Human-readable ATT&CK technique name.
  • -AtomicTests: Set of test instances constructed via New-AtomicTest.

New-AtomicTest

Instantiates an atomic test case object.

New-AtomicTest
    [-Name] <String>
    [-Description] <String>
    [-SupportedPlatforms] <String[]>
    [-ExecutorType] <String>
    [-ExecutorElevationRequired]
    [-ExecutorCommand] <String>
    [-ExecutorCleanupCommand <String>]
    [-InputArguments <AtomicInputArgument[]>]
    [-DependencyExecutorType <String>]
    [-Dependencies <AtomicDependency[]>]
  • -Name: Short name identifier of the test case.
  • -Description: Paragraph describing the adversary emulation step.
  • -SupportedPlatforms: Array containing targeted operating systems (Windows, macOS, Linux).
  • -ExecutorType: Specifies target shell environment (CommandPrompt, Sh, Bash, PowerShell).
  • -ExecutorElevationRequired: Indicates if the test requires administrative shell access.
  • -ExecutorCommand: Command string payload executed on target systems.
  • -ExecutorCleanupCommand: String instructions to revert host state changes.
  • -InputArguments: Array of parameters used to configure placeholders inside commands.
  • -Dependencies: Array of prerequisite checks and recovery scripts.

For practical usage patterns of these parameters, refer to the Usage Guide. For programmatic authoring structures, see Programmatic Test Authoring.