Skip to main content

SafeBreach - Create Incidents per Insight and Associate Indicators

This Playbook is part of the SafeBreach - Breach and Attack Simulation platform Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This is a sub-playbook that creates incidents per SafeBreach insight, enriched with all the related indicators and additional SafeBreach insight contextual information. Used in main SafeBreach playbooks, such as "SafeBreach - Process Behavioral Insights Feed" and "SafeBreach - Process Non-Behavioral Insights Feed".


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • SafeBreach_v2


  • Set
  • SearchIncidentsV2


  • associateIndicatorToIncident
  • safebreach-get-insights
  • createNewIncident

Playbook Inputs#

NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputsafebreachisbehavioral:TOptional
insightIdsList of Insight ids to create incidents for.Required
indicatorsList of indicators that to be assigned to created incidentsRequired

Playbook Outputs#

incidentIncidents created from SafeBreach InsightsArray

Playbook Image#

SafeBreach - Create Incidents per Insight and Associate Indicators