SafeBreach - Handle Insight Incident
This playbook is triggered automatically for each SafeBreach Insight incident:
(1) Adding insight information (including suggested remediation actions).
(2) Assigning it to an analyst to remediate and either “ignore” or “validate.” Validated incidents are rerun with the related SafeBreach Insight and the results are compared to the previous indicator results. The incident is closed once all the indicators are resolved or the analyst “ignores” the incident. Unresolved indicators wait for handling by the analyst.
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
- SafeBreach Compare and Tag Indicators
- SafeBreach Rerun Insights
Integrations#
- SafeBreach v2
Scripts#
- Set
Commands#
- safebreach-get-remediation-data
- setIncident
- closeInvestigation
- safebreach-get-insights
- setIndicator
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| Insight Id | ${incident.safebreachinsightid} | Optional |
Playbook Outputs#
There are no outputs for this playbook.
Playbook Image#
