* [Blog](https://www2.paloaltonetworks.com/blog) * [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/) * [News and Events](https://www2.paloaltonetworks.com/blog/security-operations/category/news-and-events/) * Automate Validation of Yo... # Automate Validation of Your Security Controls with SafeBreach \& Cortex XSOAR [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsafebreach-cortex-xsoar-xdr%2F) [](https://twitter.com/share?text=Automate+Validation+of+Your+Security+Controls+with+SafeBreach+%26%23038%3B+Cortex+XSOAR&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsafebreach-cortex-xsoar-xdr%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsafebreach-cortex-xsoar-xdr%2F&title=Automate+Validation+of+Your+Security+Controls+with+SafeBreach+%26%23038%3B+Cortex+XSOAR&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/safebreach-cortex-xsoar-xdr/&ts=markdown) \[\](mailto:?subject=Automate Validation of Your Security Controls with SafeBreach \& Cortex XSOAR) Link copied By [Emily Laufer](https://www.paloaltonetworks.com/blog/author/emily-laufer/?ts=markdown "Posts by Emily Laufer") Aug 10, 2021 4 minutes [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [Automation Playbooks](https://www.paloaltonetworks.com/blog/tag/automation-playbooks/?ts=markdown) [Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown) [Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown) [Cortex XSOAR Marketplace](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar-marketplace/?ts=markdown) [Map Attack Simulations](https://www.paloaltonetworks.com/blog/tag/map-attack-simulations/?ts=markdown) [Partner Integrations](https://www.paloaltonetworks.com/blog/tag/partner-integrations/?ts=markdown) [SafeBreach](https://www.paloaltonetworks.com/blog/tag/safebreach/?ts=markdown) [Security Control Validation](https://www.paloaltonetworks.com/blog/tag/security-control-validation/?ts=markdown) [security orchestration](https://www.paloaltonetworks.com/blog/tag/security-orchestration/?ts=markdown) [SOAR content](https://www.paloaltonetworks.com/blog/tag/soar-content/?ts=markdown) [SOAR Innovation](https://www.paloaltonetworks.com/blog/tag/soar-innovation/?ts=markdown) [SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown) [Top Use Cases Webinar](https://www.paloaltonetworks.com/blog/tag/top-use-cases-webinar/?ts=markdown) [Validate Your System](https://www.paloaltonetworks.com/blog/tag/validate-your-system/?ts=markdown) In the quest to defend the enterprise amid the ever-changing threat landscape, security teams have implemented numerous tools and processes to prevent devastating attacks. The downside to these solutions is the effort it takes to manage the heavy volume of resulting IOCs and reduce the number of false positives to identify the real threats in your environment before they can cause any harm. These challenges are further impacted by major gaps in visibility across your security controls, and the inability to measure and tune how effectively your processes, tools, and controls work together. Leveraging SafeBreach with Cortex XSOAR provides unparalleled visibility into the performance of all your security controls and helps you automate the remediation of identified vulnerabilities. Using the **SafeBreach Hacker's Playbook™** with Cortex XSOAR enables you to maximize the efficacy of your security controls through continuous validation by automatically launching tens of thousands of safe attacks against your existing network, endpoint, and cloud infrastructure. This holistic outcome-driven process presents results as SafeBreach Insights to help you to proactively identify the most current risks in your organization. Available within Cortex XSOAR, SafeBreach Insights can be used to gain enriched context around alerts and automate policy changes across your whole enterprise environment. ### **Orchestrated Remediation of IOCs** This integration automates the remediation steps to update your endpoint, cloud, and network security controls, unburdening your analysts by providing fully automated closed-loop remediation. Cortex XSOAR fetches **non-behavioral IOCs** from SafeBreach that were missed by your security controls, allowing you to address them directly from the Cortex XSOAR War Room. SafeBreach also uncovers **behavioral indicators of compromise (BIOCs)** that are proven through simulated attacks to bypass your security controls. The SafeBreach Insights content pack found in the Cortex XSOAR Marketplace correlates BIOCs (e.g., exposed non-standard ports and protocols used for brute force attacks) for your security team to orchestrate investigation and automate configuration updates. ### **Orchestrate and Automate Remediation of High-Priority Attack Methods** By automatically executing thousands of attacks, safely and continuously, SafeBreach helps identify high priority weaknesses in your security defenses. The data-driven simulation results are mapped to an interactive heat map of the MITRE ATT\&CK^Ⓡ^ framework for automated remediation of high-priority exposures with Cortex XSOAR. Following remediation, Cortex XSOAR triggers SafeBreach to rerun the attack simulations to validate that hardening of your defenses was successful across your network and endpoint controls. ### **Together, SafeBreach and Cortex XSOAR Empower You to:** * Unburden your security analysts by fully orchestrating and automating the remediation of IOCs for your network, endpoint, and cloud security controls * Maximize the effectiveness of your existing security controls by continuously validating their performance against current and upcoming threats * Receive SafeBreach Insight remediations directly in the Cortex XSOAR War Room to help optimize your security configurations * Map attack simulations to the MITRE ATT\&CK framework to easily drill down on simulation results and verify your remediation tactics ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/08/word-image-7.png) ### **Simplify Configuration Updates with Cortex XDR** SafeBreach provides visibility into the impact of different attacks forms across your environment to help you proactively identify vulnerabilities in your security program. The dedicated SafeBreach Labs team monitors the threat landscape for the changes in IOCs to ensure the SafeBreach Hacker's Playbook uses the most current data and techniques. In addition to program validation, security teams can utilize Cortex XDR to better protect your security ecosystem. Using the SafeBreach content pack for Cortex XSOAR, you can automate test attacks against your Cortex XDR endpoint protection to identify which IOCs were not blocked, automatically remediate the unblocked IOCs, and rerun attack scenarios to ensure the loop is closed on all misconfigurations and security gaps. Leveraging Cortex XSOAR and XDR together with the SafeBreach Insights content pack streamlines the process of configuration updates with uniquely designed playbooks to keep up with the continuous evolution of threats. This seamless combination is the most powerful and effective solution to proactively protect your organization without adding overhead or the complexity of disparate systems. . ![Diagram showing Safebreach ecosytem](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/08/word-image-8.png) ### **Learn More** Build out your security program with the SafeBreach content pack, available now on the [Cortex XSOAR Marketplace](https://www.paloaltonetworks.com/cortex/xsoar/marketplace). Look up prebuilt integrations for your top security tools with over 700 content packs available for Cortex XSOAR, the market's leading SOAR platform. To learn more visit [the SafeBreach pack on the Marketplace](https://xsoar.pan.dev/docs/reference/integrations/safe-breach-v2). Discover how to automate attack simulation with SafeBreach and optimize your Cortex XSOAR and XDR incident response workflows during the [Cortex XSOAR Marketplace Top Use Cases Webinar](https://register.paloaltonetworks.com/cortexxsoarmarketplacetopusecaseswebinar-august262) hosted live with Q\&A on August 26th at 9 AM PST/12 PM EST. *** ** * ** *** ## Related Blogs ### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### Secure your SOC with AI Assistance from Cortex XSOAR and Arcanna.ai](https://www2.paloaltonetworks.com/blog/security-operations/secure-your-soc-with-ai-assistance-from-cortex-xsoar-and-arcanna-ai/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Use VMRay Analyzer's Contextual Threat Intelligence for Automated Threat Hunting in Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/use-vmray-analyzers-contextual-threat-intelligence-for-automated-threat-hunting-in-cortex-xsoar/) ### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### Streamlining Access Management with Cortex XSOAR and Thales](https://www2.paloaltonetworks.com/blog/security-operations/thales-xsoar-marketplace/) ### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### Enable Next Level Phishing Analysis and Response with Cortex XSOAR and Cofense Triage](https://www2.paloaltonetworks.com/blog/security-operations/cofense-xsoar-marketplace/) ### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### Code42 Incydr + Cortex XSOAR: Right-Sizing Insider Risk Response](https://www2.paloaltonetworks.com/blog/security-operations/code42-xsoar-marketplace/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### It's All About the Future - A Cortex XSOAR Marketplace Update](https://www2.paloaltonetworks.com/blog/security-operations/its-all-about-the-future-a-cortex-xsoar-marketplace-update/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language