SafeBreach - Rerun Insights

This is a sub-playbook reruns a list of SafeBreach insights based on Insight Id and waits until they complete. Used in main SafeBreach playbooks, such as "SafeBreach - Handle Insight Incident" and "SafeBreach - Process Non-Behavioral Insights Feed".

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • GenericPolling
  • SafeBreach - Rerun Single Insight

Integrations

This playbook does not use any integrations.

Scripts

  • Sleep
  • Print

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueRequired
InsightIdsSafeBreach Insight Ids to rerunSafeBreach.Insight.IdRequired

Playbook Outputs


PathDescriptionType
SafeBreach.Insight.NameInsight name representing the action required to be takenString
SafeBreach.Insight.IdInsight unique idNumber
SafeBreach.Insight.DataTypeInsight data type. Options: Hash, Domain, URI, Command, Port, ProtocolArray
SafeBreach.Insight.CategorySecurity control category nameString
SafeBreach.Insight.LatestSimulationTime of the latest simulation from the insightString
SafeBreach.Insight.SimulationsCountNumber of the related simulationsNumber
SafeBreach.Insight.RiskImpactRisk impact of the insight on the environment total risk scoreNumber
SafeBreach.Insight.AffectedTargetsCountNumber of the affected targetsNumber
SafeBreach.Insight.SeverityScoreInsight severity numeric valueNumber
SafeBreach.Insight.SeverityInsight severity mapped to low/medium/highString
SafeBreach.Insight.RemediationDataCountNumber of the remediation data pointsNumber
SafeBreach.Insight.RemediationDataTypeType of the remediation dataString
SafeBreach.Insight.ThreatGroupsArray of APT names that are mapped to the insightArray
SafeBreach.Insight.NetworkDirectionCommunication direction of Insight, relative to the target (inbound/outbound)String
SafeBreach.Insight.AttacksCountList of all insight related SafeBreach attack idsArray

Playbook Image


SafeBreach - Rerun Insights