SafeBreach - Process Non-Behavioral Insights Feed
SafeBreach - Breach and Attack Simulation platform Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook automatically remediates all non-behavioral indicators generated from SafeBreach Insights. To validate the remediation, it reruns the related insights and classifies the indicators as Remediated or Not Remediated. A special feed based triggered job is required to initiate this playbook for every new SafeBreach generated indicator.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooks- SafeBreach - Compare and Validate Insight Indicators
- SafeBreach - Rerun Insights
- Block Indicators - Generic v2
- SafeBreach - Create Incidents per Insight and Associate Indicators
#
Integrations- SafeBreach_v2
#
Scripts- Sleep
- Set
#
Commands- safebreach-get-insights
- safebreach-get-remediation-data
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
Indicator Query | Indicators matching the indicator query will be used as playbook input | sourceBrands:["SafeBreach*"] and -safebreachisbehavioral:T | Optional |
#
Playbook OutputsThere are no outputs for this playbook.