SafeBreach - Process Non-Behavioral Insights Feed
This Playbook is part of the SafeBreach - Breach and Attack Simulation platform Pack.#
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook automatically remediates all non-behavioral indicators generated from SafeBreach Insights. To validate the remediation, it reruns the related insights and classifies the indicators as Remediated or Not Remediated. A special feed based triggered job is required to initiate this playbook for every new SafeBreach generated indicator.
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
- SafeBreach - Compare and Validate Insight Indicators
- SafeBreach - Rerun Insights
- Block Indicators - Generic v2
- SafeBreach - Create Incidents per Insight and Associate Indicators
Integrations#
- SafeBreach_v2
Scripts#
- Sleep
- Set
Commands#
- safebreach-get-insights
- safebreach-get-remediation-data
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| Indicator Query | Indicators matching the indicator query will be used as playbook input | sourceBrands:["SafeBreach*"] and -safebreachisbehavioral:T | Optional |
Playbook Outputs#
There are no outputs for this playbook.
Playbook Image#
