SafeBreach
App Vendor: SafeBreach
App Category: Attack Simulation
Connector Version: 1.0.0
API Version: v1 and above
Note
This app is currently released as a beta version.
About App
The SafeBreach app integrates breach and attack simulation capabilities into your workflows so security teams can safely simulate attacks, validate controls, and uncover actionable insights to improve detection and response.
The SafeBreach app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Add Test to Processing Queue | This action adds a test (plan) to the processing queue for execution. |
Create Deployment | This action creates a new deployment in the account. |
Create Random Secret | This action creates a new random verification secret for all simulator (node) instances in your SafeBreach account. |
Create Scenario | This action creates a new attack scenario (plan) in the account. |
Create Simulator | This action creates a new simulator node in the account. |
Delete Deployment | This action deletes a deployment from the account. |
Delete Scenario | This action deletes an existing attack scenario from the account. |
Delete Simulator | This action deletes a simulator node from the account. |
Get Current Secret | This action retrieves the currently used verification secret for the account. If a secret does not exist, a new random secret will be created and returned. |
Get Deployment Details | This action retrieves the details of a specific deployment by its ID. |
Get Detailed Test Summaries | This action retrieves detailed test summaries for multiple plan runs at once. |
Get Scenario Details | This action retrieves the full details of a specific attack scenario, including its steps and filters. |
Get Simulation Execution Results | This action retrieves the execution history results for simulations in your SafeBreach account. |
Get Simulation Result Details | This action retrieves the detailed results of a specific simulation run. |
Get Simulator Details | This action retrieves the details of a specific simulator node by its ID. |
Get Test Summary | This action retrieves the full details of a specific test summary by its plan run ID. |
Get User Details | This action retrieves the details of a specific user by their ID. |
List Attacks | This action retrieves a list of all attacks (moves) available in the attack playbook. |
List Deployments | This action retrieves a list of all deployments for the account. |
List Scenarios | This action retrieves a list of all attack scenarios (plans) defined in the account. |
List Schedules | This action retrieves a list of all schedules for the account. |
List Simulators | This action retrieves the list of all nodes (agents) for your SafeBreach account, including both active and inactive nodes. |
List Simulators in Bulk | This action retrieves a bulk list of simulator nodes (agents) in your SafeBreach account. |
List Test Summaries | This action retrieves a list of all test summaries for the account. |
List Users | This action retrieves a list of users for the account. |
Pause or Resume Scheduled Scenarios | This action pauses or resumes all scheduled scenarios in your SafeBreach account. |
Update Deployment | This action updates an existing deployment. |
Update Simulator Details | This action updates the configuration of an existing simulator node. |
Generic Action | This is a generic action used to make requests to any SafeBreach endpoint. |
Configuration Parameters
The following configuration parameters are required for the SafeBreach app to communicate with the SafeBreach enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL of your SafeBreach API instance. Example: https://companyname.safebreach.com | Text | Required | |
API Key | Enter the API key generated in the SafeBreach console to authenticate requests. | Password | Required | |
Account ID | Enter the tenant account identifier to scope API requests to the correct account. | Text | Required | |
Verify | Choose to verify SSL/TLS certification. allowed values are true and false. | Boolean | Optional | By default, verification is enabled. |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with SafeBreach. | Integer | Optional | Allowed range: 15-120 Default timeout: 15 |
Action: Add Test to Processing Queue
This action adds a test (plan) to the processing queue for execution.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Plan | Enter the plan object as key-value pairs to define which test (scenario) should be added to the processing queue and how it should execute. | Key Value | Required | Allowed keys: id, name, accountId, planId, testId, tags, planRunId, capture, debug, enableFeedbackLoop, draft, force, priority, successCriteria, actions, edges, originalScenarioId, steps, and flowControl |
Position | Enter the position in the processing queue where the test should be inserted. | Integer | Optional | By default, the plan is inserted at the end of the queue. |
Enable Feedback Loop | Choose true if the feedback loop should be activated for the simulation. | Boolean | Optional | |
Priority | Enter the priority level for the simulation execution. Example: low | Text | Optional |
Action: Create Deployment
This action creates a new deployment in the account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Payload | Enter the deployment creation payload as key-value pairs. | Key Value | Required | Allowed values: name, description, and nodes |
Action: Create Random Secret
This action creates a new random verification secret for all simulator (node) instances in your SafeBreach account.
Action Input Parameters
No input parameters are required for this action.
Action: Create Scenario
This action creates a new attack scenario (plan) in the account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Payload | Enter the scenario definition as key-value pairs to define the structure, logic, filters, and execution behavior of the attack scenario. | Key Value | Required | Allowed keys: id, description, integration, planId, accountId, name, successCriteria, capture, steps, edges, draft, originalScenarioId, createdAt, updatedAt, and deletedAt. |
Action: Create Simulator
This action creates a new simulator node in the account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Payload | Enter the simulator creation payload as key-value pairs to define the configuration and properties of the new node. | Key Value | Required | Allowed keys: id, proxies, advancedActions, deployments, accountId, name, isEnabled, isConnected, isProxySupported, status, isCritical, isExfiltration, isInfiltration, isMailTarget, isMailAttacker, isPreExecutor, isAWSAttacker, isAzureAttacker, isWebApplicationAttacker, useSystemUser, externalIp, internalIp, preferredInterface, preferredIp, frameworkVersion, connectionType, hostname, tunnel, nodeInfo, updates, cloudProxyUrl, connectionUrl, lastHealthcheck, version, simulatorVersion, group, createdAt, updatedAt, deletedAt, secret, and additionalData. |
Action: Delete Deployment
This action deletes a deployment from the account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Deployment ID | Enter the unique ID of the deployment you want to delete. | Text | Required | You can retrieve the deployment ID using the List Deployments action. |
Action: Delete Scenario
This action deletes an existing attack scenario from the account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scenario ID | Enter the unique scenario (plan) ID to retrieve its detailed information. | Text | Required | You can retrieve the scenario ID using the List Scenarios action. |
Action: Delete Simulator
This action deletes a simulator node from the account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Node ID | Enter the unique node ID to delete. Example: ad8e5ab9-cbee-deb8-af5c-dab00ec5a1ac | Text | Required | |
Force | Choose true if the node should be force-deleted even if it is currently in use. | Boolean | Optional |
Action: Get Current Secret
This action retrieves the currently used verification secret for the account. If no secret exists, a new random secret will be created and returned.
Action Input Parameters
No input parameters are required for this action.
Action: Get Deployment Details
This action retrieves the details of a specific deployment by its ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Deployment ID | Enter the unique deployment ID to retrieve details for. | Text | Required | You can retrieve the deployment ID using the List Deployments action. |
Nodes | Choose true if associated nodes should be included in the response. | Boolean | Optional | The default value is false. |
Action: Get Detailed Test Summaries
This action retrieves detailed test summaries for multiple plan runs at once.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Plan Run IDs | Enter the plan run IDs to retrieve detailed summaries for multiple simulation executions. To include multiple runs, separate each ID with a | symbol. | Text | Required |
Action: Get Scenario Details
This action retrieves the full details of a specific attack scenario, including its steps and filters.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scenario ID | Enter the unique scenario (plan) ID to retrieve its detailed information. | Text | Required |
Action: Get Simulation Execution Results
This action retrieves the execution history results for simulations in your SafeBreach account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Plan Run ID | Enter the plan run ID to retrieve execution results for a specific simulation run. | Text | Required | |
Query | Enter a query string to refine the results based on specific execution criteria. | Text | Optional | |
Extra Fields | Enter additional request fields as key-value pairs to refine the results. | Key Value | Optional | Allowed keys: id, pageSize, page, and fileType |
Action: Get Simulation Result Details
This action retrieves the detailed results of a specific simulation run.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Run ID | Enter the unique simulation run ID to retrieve details for. | Text | Optional |
Action: Get Simulator Details
This action retrieves the details of a specific simulator node by its ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Node ID | Enter the unique node ID to retrieve details for. Example: ad8e5ab9-cbee-deb8-af5c-dab00ec5a1ac | Text | Required | |
Secret | Choose true if you want to include the node authentication secret in the response. | Boolean | Optional | The default value is false. |
Action: Get Test Summary
This action retrieves the full details of a specific test summary by its plan run ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Plan run ID | Enter the unique plan run ID to retrieve the test summary for. | Text | Required | You can retrieve the plan run ID using the List Test Summaries action. |
Action: Get User Details
This action retrieves the details of a specific user by their ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User ID | Enter the unique user ID to retrieve details for. | Text | Required | You can retrieve the user ID using the List Users action. |
Action: List Attacks
This action retrieves a list of all attacks (moves) available in the attack playbook.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Details | Choose true if extended details should be included for each attack move. | Boolean | Optional | The default is false. |
Action: List Deployments
This action retrieves a list of all deployments for the account.
Action Input Parameters
No input parameters are required for this action.
Action: List Scenarios
This action retrieves a list of all attack scenarios (plans) defined in the account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Details | Choose true if full details should be included for each scenario. | Boolean | Optional | The default value is false. |
Action: List Schedules
This action retrieves a list of all schedules for the account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Details | Choose true if you want to include detailed information (beyond name and ID) in the response. | Boolean | Optional | The default value is false. |
Deleted | Choose true to include deleted schedules in the response. | Boolean | Optional | The default value is false. |
Action: List Simulators
This action retrieves the list of all nodes (agents) for your SafeBreach account, including both active and inactive nodes.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Node IDs | Enter the node IDs as comma-separated values to filter results. | Text | Optional | |
Start row | Enter the pagination offset to indicate the starting row of results. | Integer | Optional | The default value is 0. |
Page size | Enter the number of results to return on each page. | Integer | Optional | By default, all records are retrieved. |
Details | Choose true if you want to include detailed information for each node (beyond name and ID) in the response. | Boolean | Optional | The default value is false. |
Extra Params | Enter any additional query parameters as key-value pairs to filter results. | Key Value | Optional | Allowed keys: externalIp, internalIp, os, status, shouldIncludeProxies, deploymentIds, proxyIds, hostname, connectionType, connectionUrl, name, ids, assetsIds, versions, roles, usersIds, isEnabled, isConnected, isCritical, isExfiltration, isInfiltration, isMailTarget, isMailAttacker, isPreExecutor, isAWSAttacker, isAzureAttacker, isWebApplicationAttacker, assets, startRow, pageSize, sortColumn, sortDirection, impersonatedUsers, advancedActions, deployments, and additionalData |
Action: List Simulators in Bulk
This action retrieves a bulk list of simulator nodes (agents) in your SafeBreach account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hostname | Enter the hostname to filter nodes by their specific network name. | Text | Optional | |
Extra Params | Enter additional optional query parameters as key-value pairs to filter results. | Key Value | Optional | Allowed keys: externalIp, internalIp, os, status, shouldIncludeProxies, deploymentIds, proxyIds, hostname, connectionType, connectionUrl, name, ids, assetsIds, versions, roles, usersIds, isEnabled, isConnected, isCritical, isExfiltration, isInfiltration, isMailTarget, isMailAttacker, isPreExecutor, isAWSAttacker, isAzureAttacker, isWebApplicationAttacker, assets, startRow, pageSize, sortColumn, sortDirection, impersonatedUsers, advancedActions, deployments, and additionalData |
Details | Choose true if you want to include detailed information (beyond name and ID) in the response. | Boolean | Optional | The default value is false. |
Deleted | Choose true to include deleted nodes in the response. | Boolean | Optional | The default value is false. |
Secret | Choose true to include node secrets in the response. | Boolean | Optional | The default value is false. |
Action: List Test Summaries
This action retrieves a list of all test summaries for the account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Params | Enter optional query parameters as key-value pairs to filter results. | Key Value | Optional | Allowed keys: planId, status, size, simulationId, sortBy, and includeArchived |
Action: List Users
This action retrieves a list of users for the account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Details | Choose true if you want to include detailed information for each user (beyond name and ID) in the response. | Boolean | Optional | The default value is false. |
Deleted | Choose true if you want to include deleted users in the response. | Boolean | Optional | The default value is false. |
Action: Pause or Resume Scheduled Scenarios
This action pauses or resumes all scheduled scenarios in your SafeBreach account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Status | Choose true if you want to pause all scheduled scenarios. Choose false if you want to resume previously paused scheduled scenarios. | Boolean | Required |
Action: Update Deployment
This action updates an existing deployment.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Deployment ID | Enter the unique ID of the deployment you want to update. | Text | Required | You can retrieve the deployment ID using the List Deployments action. |
Payload | Enter the fields to update as key-value pairs. | Key Value | Required | Allowed keys: id, accountid, name, and description |
Action: Update Simulator Details
This action updates the configuration of an existing simulator node.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Node ID | Enter the unique simulator (node) ID to identify which node you want to update. Example: ad8e5ab9-cbee-deb8-af5c-dab00ec5a1ac | Text | Required | |
Payload | Enter the fields to update as key-value pairs. | Key Value | Required | Allowed keys: hostname, tunnel, nodeinfo, proxies, advancedActions, deployments, accountId, name, isEnabled, isConnected, isProxySupported, status, isCritical, isExfiltration, isInfiltration, isMailTarget, isMailAttacker, isPreExecutor, isAWSAttacker, isAzureAttacker, isWebApplicationAttacker, useSystemUser, externalIp, internalIp, preferredInterface, preferredIp, frameworkVersion, connectionType, updates, cloudProxyUrl, connectionUrl, lastHealthcheck, version, simulatorVersion, group, createdAt, updatedAt, deletedAt, secret, and additionalData |
Restore | Choose true if you want to restore a previously deleted simulator (node). | Boolean | Optional |
Action: Generic Action
This is a generic action used to make requests to any SafeBreach endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request to. Example: api/orch/v1/status | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: headers, payload_data, custom_output, download, filename, files, retry_wait, retry_count, and response_type |