Skip to main content

SafeBreach v2 (Deprecated)

This Integration is part of the SafeBreach - Breach and Attack Simulation platform Pack.#


No available replacement.

Deprecated. No available replacement.

Configure SafeBreach v2 (Deprecated) for Cortex XSOAR Integration#

  1. Open the Navigation bar โ†’ โ€ฆ โ†’ CLI Console
  2. Type config accounts to find out the account id
  3. Use the id as the accountId parameter in Cortex XSOAR configuration
  4. Type config apikeys to list existing API keys \ OR \ Add a new one by typing: config apikeys add --name <key_name>
  5. Use the generated API token as apiKey parameter in Cortex XSOAR configuration
  6. Use your SafeBreach Management URL as the url parameter in Cortex XSOAR configuration

Configure SafeBreach v2 (Deprecated) on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for SafeBreach v2 (Deprecated).

  3. Click Add instance to create and configure a new integration instance.

    SafeBreach Managment URLFor example, https://yourorg.safebreach.comTrue
    Account IDObtained with "config accounts" SafeBreach commandTrue
    API KeyGenerated with "config apikeys add" SafeBreach commandTrue
    Insight Category
    Insight Data Type
    Non Behavioral Indicator ReputationNon-Behavioral Indicator from this integration instance will be marked with this reputation
    Behavioral ReputationBehavioral Indicator from this integration instance will be marked with this reputation
    Indicators LimitThe maximum number of indicators to generate. The default is 1000.
    Fetch indicators
    Source ReliabilityReliability of the source providing the intelligence dataTrue
    Traffic Light Protocol ColorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
    Feed Fetch Interval
    Bypass exclusion listWhen selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
    Trust any certificate (not secure)
    Use system proxy settings
    Indicator ReputationIndicators from this integration instance will be marked with this reputation
    TagsSupports CSV values.
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.