SafeBreach - Breach and Attack Simulation platform

Details
Content
Dependencies
Version History

Breach and Attack Simulation platform

SafeBreach is a platform designed to simulate cyber attacks against an organization's network. This platform allows companies to test their security posture and validate the effectiveness of their security controls. By continuously running simulations that mimic a wide array of attack techniques, SafeBreach helps identify vulnerabilities, misconfigurations, and other issues that could potentially be exploited by actual attackers. The SafeBreach platform employs a variety of simulators and collectors to execute and monitor simulated attacks across the entire digital environment, including networks, endpoints, cloud, and email systems. It incorporates insights from real-world threat intelligence and uses the MITRE ATT&CK framework to provide comprehensive and realistic simulation scenarios.

For enterprises using SafeBreach and XSOAR, integrating this package streamlines operations by allowing you to operate SafeBreach through XSOAR, making SafeBreach an integral part of the enterprise workflows. This integration includes commands for managing tests, Insight indicators, simulators and deployments, users, API keys, integration issues, and more.

How to enable it?

Enable and configure SafeBreach (Partner Contribution) integration.
Provide your SafeBreach API key and Account info
Utilize the supported commands to interact with the SafeBreach platform or create your own playbooks based on the provided commands.

How to enable it?

Enable and configure SafeBreach (Partner Contribution) integration.
Provide your SafeBreach API key and Account info
Utilize the supported commands to interact with the SafeBreach platform or create your own playbooks based on the provided commands.

Automations

Name	Description
JoinListsOfDicts	Deprecated. No available replacement.
ListGroupBy	Deprecated. No available replacement.

Incident Fields

Name	Description
SafeBreach Severity Score	A compound severity score calculated for this Insight
SafeBreach Insight Risk Impact	Risk impact of the Insight on the whole environment
SafeBreach Remediation Action	Suggested remediation action to be taken to fix the issue
SafeBreach Simulation Id
SafeBreach Threat Groups	List of attack groups (APTs) associated with the attacks simulated for this Insight
SafeBreach Remediation Data	Vendor specific remediation data for Insight resolution
SafeBreach Affected Targets	List of the affected target simulators (name, IP, number of remediation data points)
SafeBreach Attack Count	Number of attacks that were simulated
SafeBreach Latest Simulation	The latest simulation time related to this Insight
SafeBreach Remediation Data Count	Total number of indicators that were tested and represent the Insight issue
SafeBreach Insight Name	Insight name representing the security issue exposed
SafeBreach Results Link	Link to the SafeBreach platform results page with all the related simulation results
SafeBreach Attack Ids	List of SafeBreach attack ids that were simulated
SafeBreach Simulation Number	Number of simulations executed as part of this Insight
SafeBreach Remediation Status	Status of the Insight within XSOAR (New, Remediated, Not Remediated, Ignored)
SafeBreach Severity	A compound severity assigned to the Insight
SafeBreach Insight Id	Unique identification number of the Insight
SafeBreach Insight Category	Security control category of the Insight
SafeBreach Affected Targets Count	Number of the affected target simulators by this Insight

Incident Types

Name	Description
SafeBreach Insight
SafeBreach Simulation

Indicator Fields

Name	Description
SafeBreach Insight Ids	List of the related SafeBreach Insight ids
SafeBreach Attack Ids	List of SafeBreach attack ids simulated
SafeBreach Severity	Highest assigned severity of the related SafeBreach Insights
SafeBreach Severity Score	Maximal severity score of the related SafeBreach Insights
SafeBreach Is Behavioral	Indicates whether the SafeBreach indicator is a behavioral or not
SafeBreach Remediation Status	XSOAR assigned status for SafeBreach indicator (New, Remediated, Not Remediated, Ignored)

Integrations

Name	Description
SafeBreach (Partner Contribution)	For enterprises using SafeBreach and XSOAR, integrating this package streamlines operations by allowing you to operate SafeBreach through XSOAR, making SafeBreach an integral part of the enterprise workflows. This integration includes commands for managing tests, insight indicators, simulators and deployments, users, API keys, integration issues, and more.
SafeBreach v2 (Deprecated) (Partner Contribution)	Deprecated. No available replacement.

Layouts

Name	Description
SafeBreach Command	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Process	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Insight	SafeBreach custom incident layout with an extended section with an insight information
SafeBreach Protocol	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Simulation	SafeBreach custom incident layout with an extended section with a simulation information
SafeBreach URL	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Registry	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Domain	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Port	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Hash	SafeBreach custom indicator layout with an extended section with a simulated indicator information

Playbooks

Name	Description
SafeBreach - Process Non-Behavioral Insights Feed	Deprecated. No available replacement.
SafeBreach - Compare and Validate Insight Indicators	Deprecated. No available replacement.
SafeBreach - Rerun Insights	Deprecated. No available replacement.
SafeBreach - Rerun Single Insight	Deprecated. No available replacement.
SafeBreach - Create Incidents per Insight and Associate Indicators	Deprecated. No available replacement.

Indicator Types

Name	Description
SafeBreach Hash
SafeBreach URL
SafeBreach Registry
SafeBreach IP
SafeBreach Process
SafeBreach Domain
SafeBreach Protocol
SafeBreach Port
SafeBreach Command

Automations

Name	Description
JoinListsOfDicts	Deprecated. No available replacement.
ListGroupBy	Deprecated. No available replacement.

Incident Fields

Name	Description
SafeBreach Attack Count	Number of attacks that were simulated
SafeBreach Remediation Status	Status of the Insight within XSOAR (New, Remediated, Not Remediated, Ignored)
SafeBreach Simulation Id
SafeBreach Severity Score	A compound severity score calculated for this Insight
SafeBreach Insight Name	Insight name representing the security issue exposed
SafeBreach Insight Risk Impact	Risk impact of the Insight on the whole environment
SafeBreach Affected Targets	List of the affected target simulators (name, IP, number of remediation data points)
SafeBreach Latest Simulation	The latest simulation time related to this Insight
SafeBreach Attack Ids	List of SafeBreach attack ids that were simulated
SafeBreach Simulation Number	Number of simulations executed as part of this Insight
SafeBreach Remediation Action	Suggested remediation action to be taken to fix the issue
SafeBreach Severity	A compound severity assigned to the Insight
SafeBreach Affected Targets Count	Number of the affected target simulators by this Insight
SafeBreach Remediation Data Count	Total number of indicators that were tested and represent the Insight issue
SafeBreach Results Link	Link to the SafeBreach platform results page with all the related simulation results
SafeBreach Insight Id	Unique identification number of the Insight
SafeBreach Remediation Data	Vendor specific remediation data for Insight resolution
SafeBreach Threat Groups	List of attack groups (APTs) associated with the attacks simulated for this Insight

Incident Types

Name	Description
SafeBreach Simulation
SafeBreach Insight

Indicator Fields

Name	Description
SafeBreach Insight Ids	List of the related SafeBreach Insight ids
SafeBreach Remediation Status	XSOAR assigned status for SafeBreach indicator (New, Remediated, Not Remediated, Ignored)
SafeBreach Severity Score	Maximal severity score of the related SafeBreach Insights
SafeBreach Severity	Highest assigned severity of the related SafeBreach Insights
SafeBreach Attack Ids	List of SafeBreach attack ids simulated
SafeBreach Is Behavioral	Indicates whether the SafeBreach indicator is a behavioral or not

Integrations

Name	Description
SafeBreach v2 (Deprecated) (Partner Contribution)	Deprecated. No available replacement.
SafeBreach (Partner Contribution)	For enterprises using SafeBreach and XSOAR, integrating this package streamlines operations by allowing you to operate SafeBreach through XSOAR, making SafeBreach an integral part of the enterprise workflows. This integration includes commands for managing tests, insight indicators, simulators and deployments, users, API keys, integration issues, and more.

Layouts

Name	Description
SafeBreach Domain	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Port	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Command	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Process	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Protocol	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Registry	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Hash	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach URL	SafeBreach custom indicator layout with an extended section with a simulated indicator information

Playbooks

Name	Description
SafeBreach - Rerun Single Insight	Deprecated. No available replacement.
SafeBreach - Process Non-Behavioral Insights Feed	Deprecated. No available replacement.
SafeBreach - Compare and Validate Insight Indicators	Deprecated. No available replacement.
SafeBreach - Create Alerts per Insight and Associate Indicators	Deprecated. No available replacement.
SafeBreach - Rerun Insights	Deprecated. No available replacement.

Indicator Types

Name	Description
SafeBreach Domain
SafeBreach Hash
SafeBreach Registry
SafeBreach Command
SafeBreach IP
SafeBreach URL
SafeBreach Protocol
SafeBreach Process
SafeBreach Port

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (5)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	April 15, 2024
Last Release	November 6, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.