This playbook automatically remediates all non-behavioral indicators generated from SafeBreach Insights. To validate the remediation, it reruns the related insights and classifies the indicators as Remediated or Not Remediated. A special feed based triggered job is required to initiate this playbook for every new SafeBreach generated indicator.
This playbook uses the following sub-playbooks, integrations, and scripts.
- SafeBreach - Compare and Validate Insight Indicators
- SafeBreach - Rerun Insights
- Block Indicators - Generic v2
- SafeBreach - Create Incidents per Insight and Associate Indicators
|Indicator Query||Indicators matching the indicator query will be used as playbook input||sourceBrands:["SafeBreach*"] and -safebreachisbehavioral:T||Optional|
There are no outputs for this playbook.