diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/config_schema.js b/monkey/monkey_island/cc/ui/src/services/configuration/config_schema.js
index eaa4b395b..db3a4de1b 100644
--- a/monkey/monkey_island/cc/ui/src/services/configuration/config_schema.js
+++ b/monkey/monkey_island/cc/ui/src/services/configuration/config_schema.js
@@ -3,6 +3,7 @@ import {pluginConfigurationSchema} from './definitions/plugins.js';
 import {propagationConfigurationSchema} from './definitions/propagation.js';
 import {bruteForceExploiters, vulnerabilityExploiters} from './definitions/exploiter_classes.js';
 import {credentialCollectors} from './definitions/credential_collectors.js';
+import {postBreachActions} from './definitions/post_breach_actions.js';
 
 export const SCHEMA = {
   'title': 'Monkey',
@@ -10,26 +11,20 @@ export const SCHEMA = {
   'definitions': {
     'brute_force_classes': bruteForceExploiters,
     'vulnerability_classes': vulnerabilityExploiters,
-    'credential_collectors_classes': credentialCollectors
+    'credential_collectors_classes': credentialCollectors,
+    'post_breach_actions': postBreachActions
   },
   'properties': {
     'propagation': propagationConfigurationSchema,
     'post_breach_actions': {
       'title': 'Post-breach actions',
-      'type': 'object',
-      'properties': {
-        'pba_list': {
-          'title': 'PBAs',
-          'type': 'array',
-          'items': pluginConfigurationSchema,
-          'default': [
-            {'name': 'CommunicateAsBackdoorUser','safe': true, 'options': {}},
-            {'name': 'ModifyShellStartupFiles', 'safe': true, 'options': {}}
-          ]
-        },
-        'custom_pbas': customPBAConfigurationSchema
+      'type': 'array',
+      'uniqueItems':  true,
+      'items': {
+        '$ref': '#/definitions/post_breach_actions'
       }
     },
+    'custom_pbas': customPBAConfigurationSchema,
     'payloads': {
       'title': 'Payloads',
       'type': 'array',
@@ -40,20 +35,15 @@ export const SCHEMA = {
     },
     'credential_collectors': {
       'title': 'Credential collectors',
-      'properties': {
-        'collectors': {
-          'title': 'Credential collectors',
-          'type': 'array',
-          'uniqueItems': true,
-          'items': {
-            '$ref': '#/definitions/credential_collectors_classes'
-          },
-          'default': [
-            'MimikatzCollector',
-            'SSHCollector'
-          ]
-        }
-      }
+      'type': 'array',
+      'uniqueItems': true,
+      'items': {
+        '$ref': '#/definitions/credential_collectors_classes'
+      },
+      'default': [
+        'MimikatzCollector',
+        'SSHCollector'
+      ]
     },
     'advanced': {
       'title': 'Advanced',
diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/definitions/custom_pbas.js b/monkey/monkey_island/cc/ui/src/services/configuration/definitions/custom_pbas.js
index 1a4aa13ea..322aaf083 100644
--- a/monkey/monkey_island/cc/ui/src/services/configuration/definitions/custom_pbas.js
+++ b/monkey/monkey_island/cc/ui/src/services/configuration/definitions/custom_pbas.js
@@ -1,6 +1,5 @@
 export const customPBAConfigurationSchema = {
-  'title': 'Custom post-breach action',
-  'type': 'object',
+  'title': 'Custom PBA',
   'properties': {
     'linux_command': {
       'title': 'Linux post-breach command',
@@ -14,7 +13,6 @@ export const customPBAConfigurationSchema = {
     'linux_filename': {
       'title': 'Linux post-breach file',
       'type': 'string',
-      'format': 'data-url',
       'description': 'File to be uploaded after braeaching. ' +
       'Use the "Linux post-breach command" field to ' +
       'change permissions, run, or delete the file. ' +
@@ -32,7 +30,6 @@ export const customPBAConfigurationSchema = {
     'windows_filename':{
       'title': 'Windows post-breach file',
       'type': 'string',
-      'format': 'data-url',
       'description': 'File to be uploaded after breaching. ' +
       'Use the "Windows post-breach command" filed to ' +
       'change permissions, run or delete the file. ' +
diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/definitions/exploitation.js b/monkey/monkey_island/cc/ui/src/services/configuration/definitions/exploitation.js
index 2f888ef7f..fdbd04401 100644
--- a/monkey/monkey_island/cc/ui/src/services/configuration/definitions/exploitation.js
+++ b/monkey/monkey_island/cc/ui/src/services/configuration/definitions/exploitation.js
@@ -11,13 +11,7 @@ export const exploitationConfigurationSchema = {
       'uniqueItems': true,
       'items': {
         '$ref': '#/definitions/brute_force_classes'
-      },
-      'default': [
-        'SmbExploiter',
-        'WmiExploiter',
-        'SSHExploiter',
-        'MSSQLExploiter'
-      ]
+      }
     },
     'vulnerability': {
       'title': 'Vulnerability Exploiters',
@@ -25,11 +19,7 @@ export const exploitationConfigurationSchema = {
       'uniqueItems': true,
       'items': {
         '$ref': '#/definitions/vulnerability_classes'
-      },
-      'default': [
-        'Log4ShellExploiter',
-        'HadoopExploiter'
-      ]
+      }
     },
     'options': exploitationOptionsConfigurationSchema
   }
diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/definitions/post_breach_actions.js b/monkey/monkey_island/cc/ui/src/services/configuration/definitions/post_breach_actions.js
new file mode 100644
index 000000000..e0606b8d1
--- /dev/null
+++ b/monkey/monkey_island/cc/ui/src/services/configuration/definitions/post_breach_actions.js
@@ -0,0 +1,111 @@
+export const postBreachActions = {
+  'title': 'Post-Breach Actions',
+  'description': 'Runs scripts/commands on infected machines. These actions safely simulate what ' +
+  'an adversary might do after breaching a new machine. Used in ATT&CK and Zero trust reports.',
+  'type': 'string',
+  'pluginDefs': {
+    'CommunicateAsBackdoorUser':{'name': 'CommunicateAsBackdoorUser', 'options':{}},
+    'ModifyShellStartupFiles':{'name': 'ModifyShellStartupFiles', 'options':{}},
+    'HiddenFiles':{'name': 'HiddenFiles', 'options':{}},
+    'TrapCommand':{'name': 'TrapCommand', 'options':{}},
+    'ChangeSetuidSetgid':{'name': 'ChangeSetuidSetgid', 'options':{}},
+    'ScheduleJobs':{'name': 'ScheduleJobs', 'options':{}},
+    'Timestomping':{'name': 'Timestomping', 'options':{}},
+    'SignedScriptProxyExecution':{'name': 'SignedScriptProxyExecution', 'options':{}},
+    'AccountDiscovery':{'name': 'AccountDiscovery', 'options':{}},
+    'ClearCommandHistory':{'name': 'ClearCommandHistory', 'options':{}},
+    'ProcessListCollection':{'name': 'ProcessListCollection', 'options':{}}
+  },
+  'anyOf': [
+    {
+      'type': 'string',
+      'enum': ['CommunicateAsBackdoorUser'],
+      'title': 'Communicate as Backdoor User',
+      'safe': true,
+      'info': 'Attempts to create a new user, create HTTPS requests as that ' +
+      'user and delete the user ' +
+      'afterwards.'
+    },
+    {
+      'type': 'string',
+      'enum': ['ModifyShellStartupFiles'],
+      'title': 'Modify Shell Startup Files',
+      'safe': true,
+      'info': 'Attempts to modify shell startup files, like ~/.profile, ' +
+      '~/.bashrc, ~/.bash_profile ' +
+      'in linux, and profile.ps1 in windows. Reverts modifications done' +
+      ' afterwards.'
+    },
+    {
+      'type': 'string',
+      'enum': ['HiddenFiles'],
+      'title': 'Hidden Files and Directories',
+      'safe': true,
+      'info': 'Attempts to create a hidden file and remove it afterward.'
+    },
+    {
+      'type': 'string',
+      'enum': ['TrapCommand'],
+      'title': 'Trap Command',
+      'safe': true,
+      'info': 'On Linux systems, attempts to trap a terminate signal in order ' +
+      'to execute a command upon receiving that signal. Removes the trap afterwards.'
+    },
+    {
+      'type': 'string',
+      'enum': ['ChangeSetuidSetgid'],
+      'title': 'Setuid and Setgid',
+      'safe': true,
+      'info': 'On Linux systems, attempts to set the setuid and setgid bits of ' +
+      'a new file. ' +
+      'Removes the file afterwards.',
+      'attack_techniques': ['T1166']
+    },
+    {
+      'type': 'string',
+      'enum': ['ScheduleJobs'],
+      'title': 'Job Scheduling',
+      'safe': true,
+      'info': 'Attempts to create a scheduled job on the system and remove it.'
+    },
+    {
+      'type': 'string',
+      'enum': ['Timestomping'],
+      'title': 'Timestomping',
+      'safe': true,
+      'info': 'Creates a temporary file and attempts to modify its time ' +
+      'attributes. Removes the file afterwards.'
+    },
+    {
+      'type': 'string',
+      'enum': ['SignedScriptProxyExecution'],
+      'title': 'Signed Script Proxy Execution',
+      'safe': false,
+      'info': 'On Windows systems, attempts to execute an arbitrary file ' +
+      'with the help of a pre-existing signed script.'
+    },
+    {
+      'type': 'string',
+      'enum': ['AccountDiscovery'],
+      'title': 'Account Discovery',
+      'safe': true,
+      'info': 'Attempts to get a listing of user accounts on the system.'
+    },
+    {
+      'type': 'string',
+      'enum': ['ClearCommandHistory'],
+      'title': 'Clear Command History',
+      'safe': false,
+      'info': 'Attempts to clear the command history.'
+    },
+    {
+      'type': 'string',
+      'enum': ['ProcessListCollection'],
+      'title': 'Process List Collector',
+      'safe': true,
+      'info': 'Collects a list of running processes on the machine.'
+    }
+  ]
+
+
+}