Skip to main content

SafeBreach - Create Incidents per Insight and Associate Indicators

This Playbook is part of the SafeBreach - Breach and Attack Simulation platform Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This is a sub-playbook that creates incidents per SafeBreach insight, enriched with all the related indicators and additional SafeBreach insight contextual information. Used in main SafeBreach playbooks, such as "SafeBreach - Process Behavioral Insights Feed" and "SafeBreach - Process Non-Behavioral Insights Feed".

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • SafeBreach_v2

Scripts#

  • Set
  • SearchIncidentsV2

Commands#

  • associateIndicatorToIncident
  • safebreach-get-insights
  • createNewIncident

Playbook Inputs#


NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputsafebreachisbehavioral:TOptional
insightIdsList of Insight ids to create incidents for.Required
indicatorsList of indicators that to be assigned to created incidentsRequired

Playbook Outputs#


PathDescriptionType
incidentIncidents created from SafeBreach InsightsArray

Playbook Image#


SafeBreach - Create Incidents per Insight and Associate Indicators