Skip to main content

SafeBreach - Process Non-Behavioral Insights Feed

This Playbook is part of the SafeBreach - Breach and Attack Simulation platform Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This playbook automatically remediates all non-behavioral indicators generated from SafeBreach Insights. To validate the remediation, it reruns the related insights and classifies the indicators as Remediated or Not Remediated. A special feed based triggered job is required to initiate this playbook for every new SafeBreach generated indicator.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • SafeBreach - Compare and Validate Insight Indicators
  • SafeBreach - Rerun Insights
  • Block Indicators - Generic v2
  • SafeBreach - Create Incidents per Insight and Associate Indicators

Integrations#

  • SafeBreach_v2

Scripts#

  • Sleep
  • Set

Commands#

  • safebreach-get-insights
  • safebreach-get-remediation-data

Playbook Inputs#


NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputsourceBrands:["SafeBreach*"] and -safebreachisbehavioral:TOptional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


SafeBreach - Process Non-Behavioral Insights Feed