Skip to main content

SafeBreach - Process Non-Behavioral Insights Feed

This Playbook is part of the SafeBreach - Breach and Attack Simulation platform Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This playbook automatically remediates all non-behavioral indicators generated from SafeBreach Insights. To validate the remediation, it reruns the related insights and classifies the indicators as Remediated or Not Remediated. A special feed based triggered job is required to initiate this playbook for every new SafeBreach generated indicator.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • SafeBreach - Compare and Validate Insight Indicators
  • SafeBreach - Rerun Insights
  • Block Indicators - Generic v2
  • SafeBreach - Create Incidents per Insight and Associate Indicators


  • SafeBreach_v2


  • Sleep
  • Set


  • safebreach-get-insights
  • safebreach-get-remediation-data

Playbook Inputs#

NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputsourceBrands:["SafeBreach*"] and -safebreachisbehavioral:TOptional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

SafeBreach - Process Non-Behavioral Insights Feed