Skip to main content

SafeBreach (Deprecated)

This Integration is part of the Deprecated Content (Deprecated) Pack.#

Deprecated

Overview

Use the SafeBreach integration to run simulations in your SafeBreach environment and send the results to Cortex XSOAR.

This integration was integrated and tested with SafeBreach v2018Q2.2

Integrate Cortex XSOAR on SafeBreach

  1. Log in to the SafeBreach Management platform.
  2. Type console to access the SafeBreach CLI.
  3. In the SafeBreach CLI window, type plugins add demisto --url < demistoServerUrl > --apiKey < apiKey > .
    Argument Description Required
    url Cortex XSOAR server address, for example https://192.168.2.178 required
    apiKey Cortex XSOAR API key / authentication token required
    help Displays all options for adding Cortex XSOAR, for example [plugin add demisto -help] optional
    isAutomated Simulation results can be sent to Cortex XSOAR as incidents. optional
    isAutomated true An automated incident (conatiner) is opened for each simulation that is either not-blocked, or when a blocked simulation result changes to not-blocked. For adding Cortex XSOAR with automation, use: [plugins add demisto --url <demistoServerUrl> --default <apiKey> --isAutomated true]. For changing Cortex XSOAR to become automated, use this command [plugins update demisto --isAutomated true] optional
    isAutomated false The user can send a simulation result to Cortex XSOAR as an incident on demand, by clicking on Send to from the required simulation incident in Breach Methods. optional

After you integrate Cortex XSOAR, SafeBreach Management users can drill down in a simulation and use the Send To button to send the simulation results to Cortex XSOAR. For more information see the Drilling Down for More about a Simulation article on the SafeBreach support site .

NOTE : You can also use the update and show commands to change and view details about Demisto plugins.

Generate a SafeBreach API Key

  1. Log in to the SafeBreach Management platform.
  2. Type console to access the SafeBreach CLI.
  3. In the SafeBreach CLI window, type config apikeys add --name < apiKeyName >
    Type a meaningful name for the API key.
    Example output
    id key name accountID
    2 74963a8f-a3b3-4d6c-b3d4-715996cf4a31 apiKeyName 12345

Configure the SafeBreach Integration on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for the SafeBreach integration.
  3. Click Add instance to create and configure a new integration.
  • Name : a textual name for the integration instance.
  • Account ID : SafeBreach Account (see example output above)
  • API Key : SafeBreach API key
  • SafeBreach Platform URL : URL of your SafeBreach Management environment
  • API Version : 1 (do not change the default value)
  • Cortex XSOAR engine : If relevant, select the engine that acts as a proxy to the server.
  • Click Test to validate the URLs and connection.

    • Commands

    You can execute these commands from the Cortex XSOAR CLI, as part of an automation, in a playbook, or from your SafeBreach environment. After you successfully execute a command, a DBot message appears in the War Room with the command details.

    Send simulation results to Cortex XSOAR: Send To button in SafeBreach

    You execute this command in the SafeBreach Management platform. After you run a simulation, you can click the Send To button to send simulation results to Cortex XSOAR.

    Output

    The new incident is added to the Incidents list in Cortex XSOAR.

    Rerun a simulation in SafeBreach: safebreach-rerun

    Rerun a previously run simulation in SafeBreach. You execute this command from the Cortex XSOAR CLI or a playbook. You can only run this command inside an incident that was fetched from SafeBreach.

    Inputs

    !safebreach-rerun

    Outputs

    ok

    Retrieve results of a rerun simulation: safebreach-get-simulation

    After you rerun a simulation, retrieve the results of that simulation. You execute this command from the Cortex XSOAR CLI or a playbook. You can only run this command inside an incident that was fetched from SafeBreach.

    Inputs

    !safebreach-get-simulation

    Outputs

    XSOAR-SafeBreach Demo

    Edit this page
    Report an Issue