SafeBreach - Compare and Validate Insight Indicators
SafeBreach - Breach and Attack Simulation platform Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook compares SafeBreach Insight indicators before and after the processing. It receives an insight and it's indicators before validation, fetches updated indicators after rerunning the insight, and then compares the results to validate mitigation. Indicators are classified as Remediated or Not Remediated based on their validated status and the appropriate field (SafeBreach Remediation Status) is updated.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
Integrations- SafeBreach_v2
#
Scripts- ChangeContext
- SetAndHandleEmpty
- Set
#
Commands- setIndicator
- safebreach-get-remediation-data
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
IndicatorsBefore | Indicator values extracted from a SafeBreach Insight before remediation. | Required | |
Insight | SafeBreach insight object to verify the remediation for. | Required |
#
Playbook OutputsPath | Description | Type |
---|---|---|
RemediatedIndicators | List of indicators that were remediated | Array |
NotRemediatedIndicators | List of indicators that were not remediated | Array |