Skip to main content

SafeBreach - Breach and Attack Simulation platform

Download With Dependencies

SafeBreach automates validation and remediation of your security controls to ensure you detect and prevent known indicators of compromise (IOCs).

SafeBreach has an extensive Hacker’s Playbook of breach and attack simulations that enables you to test your security controls against known attacks with the latest indicators of compromise (IOCs) and behavioral indicators of compromise (BIOCs). IOCs that are proven capable - through simulation results - of breaching your enterprise are fetched from SafeBreach into Cortex XSOAR playbooks to fully automate updates to your endpoint and network security controls.

The integration with Cortex XSOAR enables a fully automated, closed-loop process to ensure your security defenses will prevent the latest indicators from breaching your defenses.
Enable the "SafeBreach - Breach and Attack Simulation platform" integration with Cortex XSOAR and benefit from closed-loop automated security control remediation of IOCs:

  • Discover security gaps through continuous breach & attack simulation
  • Automatically remediate and validate missed IOCs
  • Maximize the effectiveness and value of your existing security controls

What does this pack do?

  • Integrates with SafeBreach Insights, fetching multiple indicators that were not blocked in your environment (files, domains, urls, commands, ports, protocols, etc.)
  • Processes non-behavioral indicators, automatically remediating and validating them by rerunning related simulations
  • Extends the existing XSOAR indicator types with additional custom SafeBreach indicator types

How to enable it?

  1. Enable and configure SafeBreach v2 integration
  2. Create a Feed triggered job that will be triggered for SafeBreach indicators
  3. Assign the playbook for the job - "SafeBreach - Process Non-Behavioral Insights Feed"




Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByPartner
CreatedJuly 27, 2020
Last ReleaseMarch 5, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.