SafeBreach - Breach and Attack Simulation platform

Details
Content
Dependencies
Version History

Breach and Attack Simulation platform

SafeBreach has an extensive Hacker’s Playbook of breach and attack simulations that enables you to test your security controls against known attacks with the latest indicators of compromise (IOCs) and behavioral indicators of compromise (BIOCs). IOCs that are proven capable - through simulation results - of breaching your enterprise are fetched from SafeBreach into Cortex XSOAR playbooks to fully automate updates to your endpoint and network security controls.

The integration with Cortex XSOAR enables a fully automated, closed-loop process to ensure your security defenses will prevent the latest indicators from breaching your defenses.
Enable the "SafeBreach - Breach and Attack Simulation platform" integration with Cortex XSOAR and benefit from closed-loop automated security control remediation of IOCs:

Discover security gaps through continuous breach & attack simulation
Automatically remediate and validate missed IOCs
Maximize the effectiveness and value of your existing security controls

What does this pack do?

Integrates with SafeBreach Insights, fetching multiple indicators that were not blocked in your environment (files, domains, urls, commands, ports, protocols, etc.)
Processes non-behavioral indicators, automatically remediating and validating them by rerunning related simulations
Extends the existing XSOAR indicator types with additional custom SafeBreach indicator types

How to enable it?

Enable and configure SafeBreach v2 integration
Create a Feed triggered job that will be triggered for SafeBreach indicators
Assign the playbook for the job - "SafeBreach - Process Non-Behavioral Insights Feed"

SafeBreach has an extensive Hacker’s Playbook of breach and attack simulations that enables you to test your security controls against known attacks with the latest indicators of compromise (IOCs) and behavioral indicators of compromise (BIOCs). IOCs that are proven capable - through simulation results - of breaching your enterprise are fetched from SafeBreach into Cortex XSIAM playbooks to fully automate updates to your endpoint and network security controls.

The integration with Cortex XSIAM enables a fully automated, closed-loop process to ensure your security defenses will prevent the latest indicators from breaching your defenses.
Enable the "SafeBreach - Breach and Attack Simulation platform" integration with Cortex XSIAM and benefit from closed-loop automated security control remediation of IOCs:

Discover security gaps through continuous breach & attack simulation
Automatically remediate and validate missed IOCs
Maximize the effectiveness and value of your existing security controls

What does this pack do?

Integrates with SafeBreach Insights, fetching multiple indicators that were not blocked in your environment (files, domains, urls, commands, ports, protocols, etc.)
Processes non-behavioral indicators, automatically remediating and validating them by rerunning related simulations
Extends the existing XSOAR indicator types with additional custom SafeBreach indicator types

How to enable it?

Enable and configure SafeBreach v2 integration
Create a Feed triggered job that will be triggered for SafeBreach indicators
Assign the playbook for the job - "SafeBreach - Process Non-Behavioral Insights Feed"

Automations

Name	Description
ListGroupBy	Deprecated. No available replacement.
JoinListsOfDicts	Deprecated. No available replacement.

Incident Fields

Name	Description
SafeBreach Severity	A compound severity assigned to the Insight
SafeBreach Insight Category	Security control category of the Insight
SafeBreach Remediation Data	Vendor specific remediation data for Insight resolution
SafeBreach Remediation Action	Suggested remediation action to be taken to fix the issue
SafeBreach Simulation Number	Number of simulations executed as part of this Insight
SafeBreach Remediation Data Count	Total number of indicators that were tested and represent the Insight issue
SafeBreach Insight Id	Unique identification number of the Insight
SafeBreach Simulation Id
SafeBreach Affected Targets	List of the affected target simulators (name, IP, number of remediation data points)
SafeBreach Severity Score	A compound severity score calculated for this Insight
SafeBreach Results Link	Link to the SafeBreach platform results page with all the related simulation results
SafeBreach Insight Risk Impact	Risk impact of the Insight on the whole environment
SafeBreach Remediation Status	Status of the Insight within XSOAR (New, Remediated, Not Remediated, Ignored)
SafeBreach Insight Name	Insight name representing the security issue exposed
SafeBreach Latest Simulation	The latest simulation time related to this Insight
SafeBreach Attack Count	Number of attacks that were simulated
SafeBreach Threat Groups	List of attack groups (APTs) associated with the attacks simulated for this Insight
SafeBreach Attack Ids	List of SafeBreach attack ids that were simulated
SafeBreach Affected Targets Count	Number of the affected target simulators by this Insight

Incident Types

Name	Description
SafeBreach Insight
SafeBreach Simulation

Indicator Fields

Name	Description
SafeBreach Is Behavioral	Indicates whether the SafeBreach indicator is a behavioral or not
SafeBreach Insight Ids	List of the related SafeBreach Insight ids
SafeBreach Severity Score	Maximal severity score of the related SafeBreach Insights
SafeBreach Attack Ids	List of SafeBreach attack ids simulated
SafeBreach Remediation Status	XSOAR assigned status for SafeBreach indicator (New, Remediated, Not Remediated, Ignored)
SafeBreach Severity	Highest assigned severity of the related SafeBreach Insights

Integrations

Name	Description
Safebreach (Partner Contribution)	SafeBreach automatically executes thousands of breach methods from its extensive and growing Hacker’s Playbook™ to validate security control effectiveness. Simulations are automatically correlated with network, endpoint, and SIEM solutions providing data-driven SafeBreach Insights for holistic remediation to harden enterprise defenses.
SafeBreach v2 (Deprecated) (Partner Contribution)	Deprecated. No available replacement.

Layouts

Name	Description
SafeBreach Insight	SafeBreach custom incident layout with an extended section with an insight information
SafeBreach Command	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Registry	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Protocol	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Process	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach URL	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Hash	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Port	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Domain	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Simulation	SafeBreach custom incident layout with an extended section with a simulation information

Playbooks

Name	Description
SafeBreach - Compare and Validate Insight Indicators	Deprecated. No available replacement.
SafeBreach - Process Non-Behavioral Insights Feed	Deprecated. No available replacement.
SafeBreach - Rerun Insights	Deprecated. No available replacement.
SafeBreach - Create Incidents per Insight and Associate Indicators	Deprecated. No available replacement.
SafeBreach - Rerun Single Insight	Deprecated. No available replacement.

Indicator Types

Name	Description
SafeBreach IP
SafeBreach Process
SafeBreach URL
SafeBreach Hash
SafeBreach Command
SafeBreach Registry
SafeBreach Domain
SafeBreach Port
SafeBreach Protocol

Automations

Name	Description
ListGroupBy	Deprecated. No available replacement.
JoinListsOfDicts	Deprecated. No available replacement.

Incident Fields

Name	Description
SafeBreach Attack Count	Number of attacks that were simulated
SafeBreach Remediation Data Count	Total number of indicators that were tested and represent the Insight issue
SafeBreach Results Link	Link to the SafeBreach platform results page with all the related simulation results
SafeBreach Remediation Data	Vendor specific remediation data for Insight resolution
SafeBreach Severity	A compound severity assigned to the Insight
SafeBreach Simulation Id
SafeBreach Affected Targets	List of the affected target simulators (name, IP, number of remediation data points)
SafeBreach Remediation Status	Status of the Insight within XSOAR (New, Remediated, Not Remediated, Ignored)
SafeBreach Remediation Action	Suggested remediation action to be taken to fix the issue
SafeBreach Threat Groups	List of attack groups (APTs) associated with the attacks simulated for this Insight
SafeBreach Insight Id	Unique identification number of the Insight
SafeBreach Attack Ids	List of SafeBreach attack ids that were simulated
SafeBreach Severity Score	A compound severity score calculated for this Insight
SafeBreach Affected Targets Count	Number of the affected target simulators by this Insight
SafeBreach Insight Risk Impact	Risk impact of the Insight on the whole environment
SafeBreach Latest Simulation	The latest simulation time related to this Insight
SafeBreach Simulation Number	Number of simulations executed as part of this Insight
SafeBreach Insight Name	Insight name representing the security issue exposed

Incident Types

Name	Description
SafeBreach Simulation
SafeBreach Insight

Indicator Fields

Name	Description
SafeBreach Severity	Highest assigned severity of the related SafeBreach Insights
SafeBreach Attack Ids	List of SafeBreach attack ids simulated
SafeBreach Severity Score	Maximal severity score of the related SafeBreach Insights
SafeBreach Remediation Status	XSOAR assigned status for SafeBreach indicator (New, Remediated, Not Remediated, Ignored)
SafeBreach Is Behavioral	Indicates whether the SafeBreach indicator is a behavioral or not
SafeBreach Insight Ids	List of the related SafeBreach Insight ids

Integrations

Name	Description
SafeBreach v2 (Deprecated) (Partner Contribution)	Deprecated. No available replacement.
Safebreach (Partner Contribution)	SafeBreach automatically executes thousands of breach methods from its extensive and growing Hacker’s Playbook™ to validate security control effectiveness. Simulations are automatically correlated with network, endpoint, and SIEM solutions providing data-driven SafeBreach Insights for holistic remediation to harden enterprise defenses.

Layouts

Name	Description
SafeBreach URL	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Hash	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Protocol	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Registry	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Command	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Port	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Domain	SafeBreach custom indicator layout with an extended section with a simulated indicator information
SafeBreach Process	SafeBreach custom indicator layout with an extended section with a simulated indicator information

Playbooks

Name	Description
SafeBreach - Compare and Validate Insight Indicators	Deprecated. No available replacement.
SafeBreach - Process Non-Behavioral Insights Feed	Deprecated. No available replacement.
SafeBreach - Rerun Insights	Deprecated. No available replacement.
SafeBreach - Create Alerts per Insight and Associate Indicators	Deprecated. No available replacement.
SafeBreach - Rerun Single Insight	Deprecated. No available replacement.

Indicator Types

Name	Description
SafeBreach Domain
SafeBreach Protocol
SafeBreach Command
SafeBreach Process
SafeBreach Port
SafeBreach Hash
SafeBreach IP
SafeBreach Registry
SafeBreach URL

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (5)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR

PUBLISHER

SafeBreach

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	April 15, 2024
Last Release	April 15, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.