SafeBreach - Process Non-Behavioral Insights Feed
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook automatically remediates all non-behavioral indicators generated from SafeBreach Insights. To validate the remediation, it reruns the related insights and classifies the indicators as Remediated or Not Remediated. A special feed based triggered job is required to initiate this playbook for every new SafeBreach generated indicator.
Dependencies
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks
- SafeBreach - Compare and Validate Insight Indicators
- SafeBreach - Rerun Insights
- Block Indicators - Generic v2
- SafeBreach - Create Incidents per Insight and Associate Indicators
Integrations
- SafeBreach_v2
Scripts
- Sleep
- Set
Commands
- safebreach-get-insights
- safebreach-get-remediation-data
Playbook Inputs
Name | Description | Default Value | Required |
---|---|---|---|
Indicator Query | Indicators matching the indicator query will be used as playbook input | sourceBrands:["SafeBreach*"] and -safebreachisbehavioral:T | Optional |
Playbook Outputs
There are no outputs for this playbook.