Safebreach

For enterprises using SafeBreach and XSOAR, integrating this package streamlines operations by allowing you to operate SafeBreach through XSOAR, making SafeBreach an integral part of the enterprise workflows. This integration includes commands for managing tests, insight indicators, simulators and deployments, users, API keys, integration issues, and more.

Deception & Breach Simulation · SafeBreach - Breach and Attack Simulation platform

Configuration parameters

  • base_url — Server URL (required)
  • credentials — (required)
  • account_id — Account ID (required)
  • verify — Verify SSL Certificate
  • proxy — Use system proxy settings

Commands (39)

  • safebreach-approve-simulator

    This command approves the simulator with the specified simulator_id.

  • safebreach-clear-integration-issues

    This command deletes connector-related errors and warnings for the specified connector_id (retrieved using the get-all-integration-issues command).

  • safebreach-create-deployment

    This command creates a deployment, grouping the list of simulators provided with a name and optionally a description.

  • safebreach-create-user

    This command creates a user, including credentials and permissions.

  • safebreach-delete-api-key

    This command deletes the API key with the name as specified in SafeBreach Management. It is not case sensitive.

  • safebreach-delete-deployment

    This command deletes a deployment with the deployment_id (retrieved using the get-all-deployments command).

  • safebreach-delete-scheduled-scenarios

    This command deletes the scheduled scenario with the specified schedule_id.

  • safebreach-delete-simulator

    The provided command facilitates the deletion of a simulator identified by its unique ID.To obtain the respective simulator ID, execute the "safebreach-get-all-simulators" command.

  • safebreach-delete-test-with-id

    This command deletes tests with given test ID.

  • safebreach-delete-user

    This command deletes a user with given data.

  • safebreach-generate-api-key

    This command creates an API key with the name and optionally the description provided. The API key created will be shown on the Settings > API Keys page of SafeBreach Management. Important: The API key generated can be seen only once, so it is recommended to store/save it in a safe place for further use.

  • safebreach-get-all-users

    This command gives all users who are not deleted.

  • safebreach-get-available-simulator-count

    This command gives all details related to account, we are using this to find assigned simulator quota.

  • safebreach-get-available-simulator-details

    This command to get all available simulators. if details is set to true then it retrieves simulator details like name, hostname, internal and external ips, types of targets and attacker configurations this simulator is associated with etc. if its set to false then it retrieves just name, id, simulation users, proxies etc. if deleted is set to true then it retrieves the data which has been deleted.

  • safebreach-get-custom-scenarios

    This command retrieves scenarios which are saved by user as custom scenarios. they generally have configurations and everything set up and will be ready to run as tests.

  • safebreach-get-indicators

    This command fetches SafeBreach Insights from which indicators are extracted, creating new indicators or updating existing indicators.

  • safebreach-get-integration-issues

    This command gives all integrations related issues and warning. this will show the integrations error and warnings which are generally displayed in installed integrations page.

  • safebreach-get-prebuilt-scenarios

    This command gets scenarios which are built by safebreach. They will be available by default even in new instance of your safebreach instance. They can be modified and saved as custom scenarios or used as it is.

  • safebreach-get-running-simulations

    This command gets simulations which are in running or queued state.

  • safebreach-get-running-tests

    This command gets tests which are in running state.

  • safebreach-get-scheduled-scenarios

    This command retrieves schedules from safebreach which user has set and they will display it to user. By default Name is not shown, to retrieve and see it, please run 'safebreach-get-custom-scenarios' command to find name of scenario to which the schedule is associated with.

  • safebreach-get-services-status

    This command facilitates the retrieval of service statuses from SafeBreach,presenting them to the user in a tabular format. In the event that services are inactive,pertinent details regarding their downtime or last operational status are also displayed.

  • safebreach-get-simulations

    This command facilitates the retrieval of simulations and their associated data for a specified test. It can be used as a precursor command for the rerun-simulations command, streamlining the process of queuing simulations. It's important to note that this command currently lacks pagination limiters, potentially resulting in the retrieval of a large volume of data.

  • safebreach-get-simulator-download-links

    This command gets a list of links for download (item per operating system) for the latest available version.

  • safebreach-get-simulator-with-id

    This command gives simulator with given id.

  • safebreach-get-simulators-versions-list

    This command fetches the list of SafeBreach simulators.

  • safebreach-get-tests

    This command gets tests with given modifiers.

  • safebreach-get-tests-with-scenario-id

    This command gets tests with given scenario ID as part of it.

  • safebreach-get-user-with-matching-name-or-email

    The command retrieves users based on the provided inputs. If an email is provided, it returns the user associated with that email, as email is a unique identifierIf a name is provided, exact name matching is required to ensure accurate retrieval of a single user;otherwise, multiple users may be returned. It's essential to note that either a name or an email must be populated as input;failure to provide either results in an error.

  • safebreach-get-verification-token

    This command retrieves existing verification token needed for verification of the simulators.

  • safebreach-list-deployments

    This command gets all deployments present for this instance.

  • safebreach-pause/resume-simulations-tests

    This command gets simulations/tests which are in running or queued state and pauses/resumes them based on input selected. The state selected will be applied for all running/queued state tasks whether they are simulations/tests.

  • safebreach-rerun-simulation

    this commands puts given simulation ids into queue for running.

  • safebreach-rerun-test

    This command puts given test data in queue for execution.

  • safebreach-rotate-verification-token

    This command rotates generated verification token meaning it creates a new token which will be used for verification of simulator and adding the simulator.

  • safebreach-update-deployment

    This command updates a deployment with given data. The deployment_id field of this command can be retrieved from 'safebreach-list-deployments' command. If the user wants to search with deployment ID then they can search it.

  • safebreach-update-simulator

    This command updates simulator with given id. the given inputs for update fields will be updated to the selected filed values will be updated to given value.

  • safebreach-update-user

    This command updates a user with given data.

  • safebreach-upgrade-simulator

    This command updates the simulator using the Simulator ID and available version.