SafeBreach - Handle Insight Incident
SafeBreach Insights Pack.#
This Playbook is part of theThis playbook is triggered automatically for each SafeBreach Insight incident:
(1) Adding insight information (including suggested remediation actions).
(2) Assigning it to an analyst to remediate and either “ignore” or “validate.” Validated incidents are rerun with the related SafeBreach Insight and the results are compared to the previous indicator results. The incident is closed once all the indicators are resolved or the analyst “ignores” the incident. Unresolved indicators wait for handling by the analyst.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooks- SafeBreach Compare and Tag Indicators
- SafeBreach Rerun Insights
#
Integrations- SafeBreach v2
#
Scripts- Set
#
Commands- safebreach-get-remediation-data
- setIncident
- closeInvestigation
- safebreach-get-insights
- setIndicator
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
Insight Id | ${incident.safebreachinsightid} | Optional |
#
Playbook OutputsThere are no outputs for this playbook.