SafeBreach - Create Incidents per Insight and Associate Indicators

This is a sub-playbook that creates incidents per SafeBreach insight, enriched with all the related indicators and additional SafeBreach insight contextual information. Used in main SafeBreach playbooks, such as "SafeBreach - Process Behavioral Insights Feed" and "SafeBreach - Process Non-Behavioral Insights Feed".

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

SafeBreach_v2

Scripts

Set
SearchIncidentsV2

Commands

associateIndicatorToIncident
safebreach-get-insights
createNewIncident

Playbook Inputs

Name	Description	Default Value	Required
Indicator Query	Indicators matching the indicator query will be used as playbook input	safebreachisbehavioral:T	Optional
insightIds	List of Insight ids to create incidents for.		Required
indicators	List of indicators that to be assigned to created incidents		Required

Playbook Outputs

Path	Description	Type
incident	Incidents created from SafeBreach Insights	Array

Playbook Image

SafeBreach - Create Incidents per Insight and Associate Indicators

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

SafeBreach - Create Incidents per Insight and Associate Indicators

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Dependencies#

Sub-playbooks#

Integrations#

Scripts#

Commands#

Playbook Inputs#

Playbook Outputs#

Playbook Image#

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image