SafeBreach

Details
Content
Dependencies
Version History

Breach and Attack Simulation platform

SafeBreach is a platform designed to simulate cyber attacks against an organization's network. This platform allows companies to test their security posture and validate the effectiveness of their security controls. By continuously running simulations that mimic a wide array of attack techniques, SafeBreach helps identify vulnerabilities, misconfigurations, and other issues that could potentially be exploited by actual attackers. The SafeBreach platform employs a variety of simulators and collectors to execute and monitor simulated attacks across the entire digital environment, including networks, endpoints, cloud, and email systems. It incorporates insights from real-world threat intelligence and uses the MITRE ATT&CK framework to provide comprehensive and realistic simulation scenarios.

For enterprises using SafeBreach and XSOAR, integrating this package streamlines operations by allowing you to operate SafeBreach through XSOAR, making SafeBreach an integral part of the enterprise workflows. This integration includes commands for managing tests, Insight indicators, simulators and deployments, users, API keys, integration issues, and more.

How to enable it?

Enable and configure SafeBreach (Partner Contribution) integration.
Provide your SafeBreach API key and Account info
Utilize the supported commands to interact with the SafeBreach platform or create your own playbooks based on the provided commands.

How to enable it?

Enable and configure SafeBreach (Partner Contribution) integration.
Provide your SafeBreach API key and Account info
Utilize the supported commands to interact with the SafeBreach platform or create your own playbooks based on the provided commands.

Automations

Name	Description
ListGroupBy	Deprecated. No available replacement.
JoinListsOfDicts	Deprecated. No available replacement.

Incident Fields

Name	Description
SafeBreach Insight Category	Security control category of the Insight
SafeBreach Threat Groups	List of attack groups (APTs) associated with the attacks simulated for this Insight
SafeBreach Results Link	Link to the SafeBreach platform results page with all the related simulation results
SafeBreach Affected Targets Count	Number of the affected target simulators by this Insight
SafeBreach Insight Id	Unique identification number of the Insight
SafeBreach Insight Risk Impact	Risk impact of the Insight on the whole environment
SafeBreach Remediation Data	Vendor specific remediation data for Insight resolution
SafeBreach Attack Count	Number of attacks that were simulated
SafeBreach Remediation Data Count	Total number of indicators that were tested and represent the Insight issue
SafeBreach Insight Name	Insight name representing the security issue exposed
SafeBreach Severity Score	A compound severity score calculated for this Insight
SafeBreach Latest Simulation	The latest simulation time related to this Insight
SafeBreach Simulation Number	Number of simulations executed as part of this Insight
SafeBreach Severity	A compound severity assigned to the Insight
SafeBreach Remediation Action	Suggested remediation action to be taken to fix the issue
SafeBreach Remediation Status	Status of the Insight within XSOAR (New, Remediated, Not Remediated, Ignored)
SafeBreach Simulation Id
SafeBreach Affected Targets	List of the affected target simulators (name, IP, number of remediation data points)
SafeBreach Attack Ids	List of SafeBreach attack ids that were simulated

Incident Types

Name	Description
SafeBreach Simulation
SafeBreach Insight

Indicator Fields

Name	Description
SafeBreach Severity Score	Maximal severity score of the related SafeBreach Insights
SafeBreach Insight Ids	List of the related SafeBreach Insight ids
SafeBreach Remediation Status	XSOAR assigned status for SafeBreach indicator (New, Remediated, Not Remediated, Ignored)
SafeBreach Attack Ids	List of SafeBreach attack ids simulated
SafeBreach Severity	Highest assigned severity of the related SafeBreach Insights
SafeBreach Is Behavioral	Indicates whether the SafeBreach indicator is a behavioral or not

Integrations

Name	Description
SafeBreach v2 (Deprecated) (Partner Contribution)	Deprecated. No available replacement.
SafeBreach (Partner Contribution)	For enterprises using SafeBreach and XSOAR, integrating this package streamlines operations by allowing you to operate SafeBreach through XSOAR, making SafeBreach an integral part of the enterprise workflows. This integration includes commands for managing tests, insight indicators, simulators and deployments, users, API keys, integration issues, and more.

Layouts

Name	Description
SafeBreach Process	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Insight	SafeBreach custom incident layout with an extended section with an insight information
SafeBreach Port	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach URL	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Simulation	SafeBreach custom incident layout with an extended section with a simulation information
SafeBreach Hash	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Command	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Registry	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Protocol	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Domain	SafeBreach custom indicator layout with an extended section with a simulated indicator information

Playbooks

Name	Description
SafeBreach - Compare and Validate Insight Indicators	Deprecated. No available replacement.
SafeBreach - Create Incidents per Insight and Associate Indicators	Deprecated. No available replacement.
SafeBreach - Rerun Insights	Deprecated. No available replacement.
SafeBreach - Rerun Single Insight	Deprecated. No available replacement.
SafeBreach - Process Non-Behavioral Insights Feed	Deprecated. No available replacement.

Indicator Types

Name	Description
SafeBreach Process
SafeBreach Registry
SafeBreach IP
SafeBreach Protocol
SafeBreach Port
SafeBreach URL
SafeBreach Domain
SafeBreach Hash
SafeBreach Command

Automations

Name	Description
ListGroupBy	Deprecated. No available replacement.
JoinListsOfDicts	Deprecated. No available replacement.

Incident Fields

Name	Description
SafeBreach Severity	A compound severity assigned to the Insight
SafeBreach Remediation Status	Status of the Insight within XSOAR (New, Remediated, Not Remediated, Ignored)
SafeBreach Attack Count	Number of attacks that were simulated
SafeBreach Affected Targets Count	Number of the affected target simulators by this Insight
SafeBreach Threat Groups	List of attack groups (APTs) associated with the attacks simulated for this Insight
SafeBreach Severity Score	A compound severity score calculated for this Insight
SafeBreach Insight Name	Insight name representing the security issue exposed
SafeBreach Remediation Action	Suggested remediation action to be taken to fix the issue
SafeBreach Remediation Data Count	Total number of indicators that were tested and represent the Insight issue
SafeBreach Insight Id	Unique identification number of the Insight
SafeBreach Attack Ids	List of SafeBreach attack ids that were simulated
SafeBreach Affected Targets	List of the affected target simulators (name, IP, number of remediation data points)
SafeBreach Insight Risk Impact	Risk impact of the Insight on the whole environment
SafeBreach Simulation Id
SafeBreach Remediation Data	Vendor specific remediation data for Insight resolution
SafeBreach Simulation Number	Number of simulations executed as part of this Insight
SafeBreach Latest Simulation	The latest simulation time related to this Insight
SafeBreach Results Link	Link to the SafeBreach platform results page with all the related simulation results

Incident Types

Name	Description
SafeBreach Insight
SafeBreach Simulation

Indicator Fields

Name	Description
SafeBreach Attack Ids	List of SafeBreach attack ids simulated
SafeBreach Severity Score	Maximal severity score of the related SafeBreach Insights
SafeBreach Is Behavioral	Indicates whether the SafeBreach indicator is a behavioral or not
SafeBreach Insight Ids	List of the related SafeBreach Insight ids
SafeBreach Severity	Highest assigned severity of the related SafeBreach Insights
SafeBreach Remediation Status	XSOAR assigned status for SafeBreach indicator (New, Remediated, Not Remediated, Ignored)

Integrations

Name	Description
SafeBreach v2 (Deprecated) (Partner Contribution)	Deprecated. No available replacement.
SafeBreach (Partner Contribution)	For enterprises using SafeBreach and XSOAR, integrating this package streamlines operations by allowing you to operate SafeBreach through XSOAR, making SafeBreach an integral part of the enterprise workflows. This integration includes commands for managing tests, insight indicators, simulators and deployments, users, API keys, integration issues, and more.

Layouts

Name	Description
SafeBreach Command	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Domain	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Port	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach URL	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Registry	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Hash	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Protocol	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Process	SafeBreach custom indicator layout with an extended section with a simulated indicator information

Playbooks

Name	Description
SafeBreach - Compare and Validate Insight Indicators	Deprecated. No available replacement.
SafeBreach - Process Non-Behavioral Insights Feed	Deprecated. No available replacement.
SafeBreach - Create Alerts per Insight and Associate Indicators	Deprecated. No available replacement.
SafeBreach - Rerun Insights	Deprecated. No available replacement.
SafeBreach - Rerun Single Insight	Deprecated. No available replacement.

Indicator Types

Name	Description
SafeBreach URL
SafeBreach Registry
SafeBreach Command
SafeBreach Process
SafeBreach Domain
SafeBreach Hash
SafeBreach Protocol
SafeBreach Port
SafeBreach IP

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.5.1 - 7843807 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43568

Download

1.5.0 - 5933565 (November 19, 2025)

Integrations

Updated the safebreach-get-running-tests and safebreach-get-tests-with-scenario-id commands to align with the new API response format.
Updated the Docker image to: demisto/python3:3.12.11.4819260.

Related pull requests:
- 41888
- 41942

Download

1.4.9 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.4.8 - R5469292 (October 20, 2025)

Integrations

SafeBreach

Fix issue with system proxy usage
Updated the Docker image to: demisto/python3:3.12.11.4508456.

Related pull requests:
- 40924
- 40964

Download

1.4.7 - R3380045 (May 12, 2025)

Integrations

SafeBreach

Metadata and documentation improvements.

Related pull requests:
- 39078

Download

1.4.6 - R2989425 (March 26, 2025)

Integrations

SafeBreach

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38082

Download

1.5.1 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43568

Download

1.5.0 - 5933565 (November 19, 2025)

Integrations

SafeBreach

Updated the safebreach-get-running-tests and safebreach-get-tests-with-scenario-id commands to align with the new API response format.
Updated the Docker image to: demisto/python3:3.12.11.4819260.

Related pull requests:
- 41888
- 41942

Download

1.4.9 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.4.8 - R5469292 (October 20, 2025)

Integrations

SafeBreach

Fix issue with system proxy usage
Updated the Docker image to: demisto/python3:3.12.11.4508456.

Related pull requests:
- 40924
- 40964

Download

1.4.7 - R3386461 (May 12, 2025)

Integrations

SafeBreach

Metadata and documentation improvements.

Related pull requests:
- 39078

Download

1.4.6 - R2989425 (March 26, 2025)

Integrations

SafeBreach

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38082

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	April 15, 2024
Last Release	March 22, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.