Skip to main content

SafeBreach Insights - Breach and Attack Simulation platform

SafeBreach Insights validates and remediates your security controls to ensure you detect and prevent both behavioral-based indicators BIOCs and IOCs.

SafeBreach Insights - Breach and Attack Simulation platform extends the SafeBreach - Breach and Attack Simulation platform pack to include remediation and validation of behavioral-based indicators of compromise (BIOCs) as well as non-behavioral indicators of compromise (IOCs).

BIOCs that are proven via simulation results to be capable of breaching your enterprise are fetched from SafeBreach into Cortex XSOAR playbooks. This allows XSOAR to orchestrate and automate updates to your endpoint and network security controls. At the same time, IOCs are fetched and fully automated to update your endpoint and network security controls.

The integration with Cortex XSOAR enables the workflow for a closed-loop process to ensure your security defenses will prevent the latest non-behavioral indicators and behavioral indicators from breaching your enterprise.
Enable the premium pack for the SafeBreach Insights integration with Cortex XSOAR and benefit from closed-loop automated security control remediation of behavioral and non-behavioral IOCs via an enriched SafeBreach Dashboard in your Cortex XSOAR platform:

  • Discover security gaps with continuous breach & attack simulation
  • Remediate and validate missed indicators automatically
  • Orchestrate remediation of behavioral indicators
  • Maximize the effectiveness and value of your existing security controls

What does this pack do?

  • Processes behavioral indicators, creating SafeBreach Insight incidents
  • Handles the SafeBreach Insight incidents with a dedicated playbook, orchestrating the remediation process for closing discovered security gaps
  • Summarizes the current status of actionable insights and related indicators in a dedicated SafeBreach Insights prioritization dashboard

How to enable it?

  1. Install SafeBreach - Breach and Attack Simulation platform pack
  2. Enable and configure SafeBreach v2 integration
  3. Install SafeBreach Insights - Breach and Attack Simulation platform premium pack
  4. Create a feed-triggered job that will be triggered for SafeBreach behavioral indicators
  5. Assign the playbook for the job - "SafeBreach - Process Behavioral Insights Feed"
  6. Assign "SafeBreach - Handle Insight Incident" playbook as a default playbook for "SafeBreach Insight" incident type

Watch a product demo at




Cortex XSOAR


CertificationRead more
Supported ByPartner
CreatedJanuary 10, 2021
Last ReleaseMay 25, 2021
Breach Notification
Threat Intelligence Management
Breach And Attack Simulation

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.