Safebreach
For enterprises using SafeBreach and XSOAR, integrating this package streamlines operations by allowing you to operate SafeBreach through XSOAR, making SafeBreach an integral part of the enterprise workflows. This integration includes commands for managing tests, insight indicators, simulators and deployments, users, API keys, integration issues, and more.
Deception & Breach Simulation · SafeBreach - Breach and Attack Simulation platform
Configuration parameters
base_url— Server URL (required)credentials— (required)account_id— Account ID (required)verify— Verify SSL Certificateproxy— Use system proxy settings
Commands (39)
-
safebreach-approve-simulatorThis command approves the simulator with the specified simulator_id.
-
safebreach-clear-integration-issuesThis command deletes connector-related errors and warnings for the specified connector_id (retrieved using the get-all-integration-issues command).
-
safebreach-create-deploymentThis command creates a deployment, grouping the list of simulators provided with a name and optionally a description.
-
safebreach-create-userThis command creates a user, including credentials and permissions.
-
safebreach-delete-api-keyThis command deletes the API key with the name as specified in SafeBreach Management. It is not case sensitive.
-
safebreach-delete-deploymentThis command deletes a deployment with the deployment_id (retrieved using the get-all-deployments command).
-
safebreach-delete-scheduled-scenariosThis command deletes the scheduled scenario with the specified schedule_id.
-
safebreach-delete-simulatorThe provided command facilitates the deletion of a simulator identified by its unique ID.To obtain the respective simulator ID, execute the "safebreach-get-all-simulators" command.
-
safebreach-delete-test-with-idThis command deletes tests with given test ID.
-
safebreach-delete-userThis command deletes a user with given data.
-
safebreach-generate-api-keyThis command creates an API key with the name and optionally the description provided. The API key created will be shown on the Settings > API Keys page of SafeBreach Management. Important: The API key generated can be seen only once, so it is recommended to store/save it in a safe place for further use.
-
safebreach-get-all-usersThis command gives all users who are not deleted.
-
safebreach-get-available-simulator-countThis command gives all details related to account, we are using this to find assigned simulator quota.
-
safebreach-get-available-simulator-detailsThis command to get all available simulators. if details is set to true then it retrieves simulator details like name, hostname, internal and external ips, types of targets and attacker configurations this simulator is associated with etc. if its set to false then it retrieves just name, id, simulation users, proxies etc. if deleted is set to true then it retrieves the data which has been deleted.
-
safebreach-get-custom-scenariosThis command retrieves scenarios which are saved by user as custom scenarios. they generally have configurations and everything set up and will be ready to run as tests.
-
safebreach-get-indicatorsThis command fetches SafeBreach Insights from which indicators are extracted, creating new indicators or updating existing indicators.
-
safebreach-get-integration-issuesThis command gives all integrations related issues and warning. this will show the integrations error and warnings which are generally displayed in installed integrations page.
-
safebreach-get-prebuilt-scenariosThis command gets scenarios which are built by safebreach. They will be available by default even in new instance of your safebreach instance. They can be modified and saved as custom scenarios or used as it is.
-
safebreach-get-running-simulationsThis command gets simulations which are in running or queued state.
-
safebreach-get-running-testsThis command gets tests which are in running state.
-
safebreach-get-scheduled-scenariosThis command retrieves schedules from safebreach which user has set and they will display it to user. By default Name is not shown, to retrieve and see it, please run 'safebreach-get-custom-scenarios' command to find name of scenario to which the schedule is associated with.
-
safebreach-get-services-statusThis command facilitates the retrieval of service statuses from SafeBreach,presenting them to the user in a tabular format. In the event that services are inactive,pertinent details regarding their downtime or last operational status are also displayed.
-
safebreach-get-simulationsThis command facilitates the retrieval of simulations and their associated data for a specified test. It can be used as a precursor command for the rerun-simulations command, streamlining the process of queuing simulations. It's important to note that this command currently lacks pagination limiters, potentially resulting in the retrieval of a large volume of data.
-
safebreach-get-simulator-download-linksThis command gets a list of links for download (item per operating system) for the latest available version.
-
safebreach-get-simulator-with-idThis command gives simulator with given id.
-
safebreach-get-simulators-versions-listThis command fetches the list of SafeBreach simulators.
-
safebreach-get-testsThis command gets tests with given modifiers.
-
safebreach-get-tests-with-scenario-idThis command gets tests with given scenario ID as part of it.
-
safebreach-get-user-with-matching-name-or-emailThe command retrieves users based on the provided inputs. If an email is provided, it returns the user associated with that email, as email is a unique identifierIf a name is provided, exact name matching is required to ensure accurate retrieval of a single user;otherwise, multiple users may be returned. It's essential to note that either a name or an email must be populated as input;failure to provide either results in an error.
-
safebreach-get-verification-tokenThis command retrieves existing verification token needed for verification of the simulators.
-
safebreach-list-deploymentsThis command gets all deployments present for this instance.
-
safebreach-pause/resume-simulations-testsThis command gets simulations/tests which are in running or queued state and pauses/resumes them based on input selected. The state selected will be applied for all running/queued state tasks whether they are simulations/tests.
-
safebreach-rerun-simulationthis commands puts given simulation ids into queue for running.
-
safebreach-rerun-testThis command puts given test data in queue for execution.
-
safebreach-rotate-verification-tokenThis command rotates generated verification token meaning it creates a new token which will be used for verification of simulator and adding the simulator.
-
safebreach-update-deploymentThis command updates a deployment with given data. The deployment_id field of this command can be retrieved from 'safebreach-list-deployments' command. If the user wants to search with deployment ID then they can search it.
-
safebreach-update-simulatorThis command updates simulator with given id. the given inputs for update fields will be updated to the selected filed values will be updated to given value.
-
safebreach-update-userThis command updates a user with given data.
-
safebreach-upgrade-simulatorThis command updates the simulator using the Simulator ID and available version.