Skip to main content

SafeBreach - Compare and Validate Insight Indicators

This Playbook is part of the SafeBreach - Breach and Attack Simulation platform Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This playbook compares SafeBreach Insight indicators before and after the processing. It receives an insight and it's indicators before validation, fetches updated indicators after rerunning the insight, and then compares the results to validate mitigation. Indicators are classified as Remediated or Not Remediated based on their validated status and the appropriate field (SafeBreach Remediation Status) is updated.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • SafeBreach_v2

Scripts#

  • ChangeContext
  • SetAndHandleEmpty
  • Set

Commands#

  • setIndicator
  • safebreach-get-remediation-data

Playbook Inputs#


NameDescriptionDefault ValueRequired
IndicatorsBeforeIndicator values extracted from a SafeBreach Insight before remediation.Required
InsightSafeBreach insight object to verify the remediation for.Required

Playbook Outputs#


PathDescriptionType
RemediatedIndicatorsList of indicators that were remediatedArray
NotRemediatedIndicatorsList of indicators that were not remediatedArray

Playbook Image#


SafeBreach - Compare and Validate Insight Indicators