API Reference
This page documents major public functions exported by the Invoke-AtomicRedTeam module manifest.
Invoke-AtomicTest
Executes specified Atomic Red Team tests on target hosts.
Invoke-AtomicTest
[-AtomicTechnique] <String[]>
[-ShowDetails]
[-ShowDetailsBrief]
[-anyOS]
[-TestNumbers <String[]>]
[-TestNames <String[]>]
[-TestGuids <String[]>]
[-PathToAtomicsFolder <String>]
[-CheckPrereqs]
[-PromptForInputArgs]
[-GetPrereqs]
[-Cleanup]
[-NoExecutionLog]
[-ExecutionLogPath <String>]
[-Force]
[-InputArgs <Hashtable>]
[-TimeoutSeconds <Int32>]
[-Session <PSSession[]>]
[-Interactive]
[-KeepStdOutStdErrFiles]
[-LoggingModule <String>]
[-SupressPathToAtomicsFolder]
-AtomicTechnique: The ATT&CK technique code (e.g.,T1003) orAllto parse the entire definitions folder.-ShowDetails: Prints full description, executor command strings, cleanup, and dependency definitions.-ShowDetailsBrief: Lists test names and numeric IDs under the specified technique.-anyOS: Runs testing commands without performing operating system compatibility validations.-TestNumbers: Limits execution to specific numeric test indexes.-TestNames: Filters and runs only test names that match input strings.-TestGuids: Selects test structures with corresponding unique ID string properties.-PathToAtomicsFolder: Path where technique subfolders reside.-CheckPrereqs: Evaluates if target requirements are met.-PromptForInputArgs: Interactively steps through input variables.-GetPrereqs: Executes commands to download or resolve missing dependencies.-Cleanup: Runs cleanup commands.-NoExecutionLog: Disables appending execution metrics to external log modules.-ExecutionLogPath: Directory location for recording local execution logs.-Force: Runs without verification prompts.-InputArgs: Overrides default test parameters using key-value hashes.-Session: APSSessionobject array for remote execution.
Get-AtomicTechnique
Parses and validates a technique YAML file, converting content to a structured object representation.
Get-AtomicTechnique
[-Path] <String>
Get-AtomicTechnique
[-Yaml] <String>
-Path: Absolute or relative path to the YAML configuration file.-Yaml: Raw string content containing the technique declaration.
New-AtomicTechnique
Instantiates an object representation of a technique.
New-AtomicTechnique
[-AttackTechnique] <String[]>
[-DisplayName] <String>
[-AtomicTests] <AtomicTest[]>
-AttackTechnique: Technique identifiers matchingTNNNNorTNNNN.NNN.-DisplayName: Human-readable ATT&CK technique name.-AtomicTests: Set of test instances constructed viaNew-AtomicTest.
New-AtomicTest
Instantiates an atomic test case object.
New-AtomicTest
[-Name] <String>
[-Description] <String>
[-SupportedPlatforms] <String[]>
[-ExecutorType] <String>
[-ExecutorElevationRequired]
[-ExecutorCommand] <String>
[-ExecutorCleanupCommand <String>]
[-InputArguments <AtomicInputArgument[]>]
[-DependencyExecutorType <String>]
[-Dependencies <AtomicDependency[]>]
-Name: Short name identifier of the test case.-Description: Paragraph describing the adversary emulation step.-SupportedPlatforms: Array containing targeted operating systems (Windows,macOS,Linux).-ExecutorType: Specifies target shell environment (CommandPrompt,Sh,Bash,PowerShell).-ExecutorElevationRequired: Indicates if the test requires administrative shell access.-ExecutorCommand: Command string payload executed on target systems.-ExecutorCleanupCommand: String instructions to revert host state changes.-InputArguments: Array of parameters used to configure placeholders inside commands.-Dependencies: Array of prerequisite checks and recovery scripts.
For practical usage patterns of these parameters, refer to the Usage Guide. For programmatic authoring structures, see Programmatic Test Authoring.