Skip to main content

SafeBreach - Handle Insight Incident

This Playbook is part of the SafeBreach Insights Pack.#

This playbook is triggered automatically for each SafeBreach Insight incident:
(1) Adding insight information (including suggested remediation actions).
(2) Assigning it to an analyst to remediate and either “ignore” or “validate.” Validated incidents are rerun with the related SafeBreach Insight and the results are compared to the previous indicator results. The incident is closed once all the indicators are resolved or the analyst “ignores” the incident. Unresolved indicators wait for handling by the analyst.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • SafeBreach Compare and Tag Indicators
  • SafeBreach Rerun Insights

Integrations#

  • SafeBreach v2

Scripts#

  • Set

Commands#

  • safebreach-get-remediation-data
  • setIncident
  • closeInvestigation
  • safebreach-get-insights
  • setIndicator

Playbook Inputs#


NameDescriptionDefault ValueRequired
Insight Id${incident.safebreachinsightid}Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


SafeBreach - Handle Insight Incident