This playbook is triggered automatically for each SafeBreach Insight incident:
(1) Adding insight information (including suggested remediation actions).
(2) Assigning it to an analyst to remediate and either “ignore” or “validate.” Validated incidents are rerun with the related SafeBreach Insight and the results are compared to the previous indicator results. The incident is closed once all the indicators are resolved or the analyst “ignores” the incident. Unresolved indicators wait for handling by the analyst.
This playbook uses the following sub-playbooks, integrations, and scripts.
- SafeBreach Compare and Tag Indicators
- SafeBreach Rerun Insights
- SafeBreach v2
There are no outputs for this playbook.