SafeBreach - Breach and Attack Simulation platform

Total number of indicators that were tested and represent the Insight issue

Security control category of the Insight

Vendor specific remediation data for Insight resolution

Number of attacks that were simulated

List of attack groups (APTs) associated with the attacks simulated for this Insight

Link to the SafeBreach platform results page with all the related simulation results

The latest simulation time related to this Insight

List of SafeBreach attack ids that were simulated

Suggested remediation action to be taken to fix the issue

List of the affected target simulators (name, IP, number of remediation data points)

Insight name representing the security issue exposed

Risk impact of the Insight on the whole environment

A compound severity score calculated for this Insight

A compound severity assigned to the Insight

Status of the Insight within XSOAR (New, Remediated, Not Remediated, Ignored)

Number of simulations executed as part of this Insight

Number of the affected target simulators by this Insight

Unique identification number of the Insight

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom incident layout with an extended section with a simulation information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom incident layout with an extended section with an insight information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

Join two list of dictionaries by a key. If the key name differs between the two lists, specify both key (for left list) and rightkey (for right list).

Group an output field from a list using multiple keys.

Indicates whether the SafeBreach indicator is a behavioral or not

XSOAR assigned status for SafeBreach indicator (New, Remediated, Not Remediated, Ignored)

Maximal severity score of the related SafeBreach Insights

Highest assigned severity of the related SafeBreach Insights

List of SafeBreach attack ids simulated

List of the related SafeBreach Insight ids

This playbook compares SafeBreach Insight indicators before and after the processing. It receives an insight and it's indicators before validation, fetches updated indicators after rerunning the insight, and then compares the results to validate mitigation. Indicators are classified as Remediated or Not Remediated based on their validated status and the appropriate field (SafeBreach Remediation Status) is updated.

This is a sub-playbook that reruns a single insight using a specified Insight Id as input. It is used to run insights one by one iteratively as part of the main rerun playbook - "SafeBreach Rerun Insights".

This is a sub-playbook that creates incidents per SafeBreach insight, enriched with all the related indicators and additional SafeBreach insight contextual information. Used in main SafeBreach playbooks, such as "SafeBreach - Process Behavioral Insights Feed" and "SafeBreach - Process Non-Behavioral Insights Feed".

This is a sub-playbook reruns a list of SafeBreach insights based on Insight Id and waits until they complete. Used in main SafeBreach playbooks, such as "SafeBreach - Handle Insight Incident" and "SafeBreach - Process Non-Behavioral Insights Feed".

This playbook automatically remediates all non-behavioral indicators generated from SafeBreach Insights. To validate the remediation, it reruns the related insights and classifies the indicators as Remediated or Not Remediated.
A special feed based triggered job is required to initiate this playbook for every new SafeBreach generated indicator.

SafeBreach automatically executes thousands of breach methods from its extensive and growing Hacker’s Playbook™ to validate security control effectiveness. Simulations are automatically correlated with network, endpoint, and SIEM solutions providing data-driven SafeBreach Insights for holistic remediation to harden enterprise defenses.

Total number of indicators that were tested and represent the Insight issue

Vendor specific remediation data for Insight resolution

Number of attacks that were simulated

List of attack groups (APTs) associated with the attacks simulated for this Insight

Link to the SafeBreach platform results page with all the related simulation results

The latest simulation time related to this Insight

List of SafeBreach attack ids that were simulated

Suggested remediation action to be taken to fix the issue

List of the affected target simulators (name, IP, number of remediation data points)

Insight name representing the security issue exposed

Risk impact of the Insight on the whole environment

A compound severity score calculated for this Insight

A compound severity assigned to the Insight

Status of the Insight within XSOAR (New, Remediated, Not Remediated, Ignored)

Number of simulations executed as part of this Insight

Number of the affected target simulators by this Insight

Unique identification number of the Insight

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

SafeBreach custom indicator layout with an extended section with a simulated indicator information

Join two list of dictionaries by a key. If the key name differs between the two lists, specify both key (for left list) and rightkey (for right list).

Group an output field from a list using multiple keys.

Indicates whether the SafeBreach indicator is a behavioral or not

XSOAR assigned status for SafeBreach indicator (New, Remediated, Not Remediated, Ignored)

Maximal severity score of the related SafeBreach Insights

Highest assigned severity of the related SafeBreach Insights

List of SafeBreach attack ids simulated

List of the related SafeBreach Insight ids

This playbook compares SafeBreach Insight indicators before and after the processing. It receives an insight and it's indicators before validation, fetches updated indicators after rerunning the insight, and then compares the results to validate mitigation. Indicators are classified as Remediated or Not Remediated based on their validated status and the appropriate field (SafeBreach Remediation Status) is updated.

This is a sub-playbook that reruns a single insight using a specified Insight Id as input. It is used to run insights one by one iteratively as part of the main rerun playbook - "SafeBreach Rerun Insights".

This is a sub-playbook that creates incidents per SafeBreach insight, enriched with all the related indicators and additional SafeBreach insight contextual information. Used in main SafeBreach playbooks, such as "SafeBreach - Process Behavioral Insights Feed" and "SafeBreach - Process Non-Behavioral Insights Feed".

This is a sub-playbook reruns a list of SafeBreach insights based on Insight Id and waits until they complete. Used in main SafeBreach playbooks, such as "SafeBreach - Handle Insight Incident" and "SafeBreach - Process Non-Behavioral Insights Feed".

This playbook automatically remediates all non-behavioral indicators generated from SafeBreach Insights. To validate the remediation, it reruns the related insights and classifies the indicators as Remediated or Not Remediated.
A special feed based triggered job is required to initiate this playbook for every new SafeBreach generated indicator.

SafeBreach automatically executes thousands of breach methods from its extensive and growing Hacker’s Playbook™ to validate security control effectiveness. Simulations are automatically correlated with network, endpoint, and SIEM solutions providing data-driven SafeBreach Insights for holistic remediation to harden enterprise defenses.