SafeBreach

this connector integrates safebreach api with swimlane turbine the safebreach breach and attack simulation (bas) platform allows you to continuously validate all layers of your security by simulating real world attacks to identify gaps in controls, prioritize and reveal actual risk prerequisites the safebreach connector asset requires an url and an api token to interact with the api capabilities this connector provides the following capabilities add simulation label delete simulation label delete test summary get detailed test summaries get execution history suggestions get executions history results get service status get simulation stats regarding path between nodes get simulations labels list vulnerability detections for all simulators post simulation stats regarding path between nodes return insight list return insight through post includes filters return remediation data for a specified insight return remediation data through post and so on configurations safebreach api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x apitoken api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add simulation label add a label to the specified simulation endpoint url /api/data/v1/accounts/{{accountid}}/rt/simulation/{{simulationid}}/labels/{{labelvalue}} method post input argument name type required description accountid number required safebreach account id located in administration > api keys simulationid string required unique identifier labelvalue string required value for the parameter planrunid string optional the test run id for which the operation is required, otherwise, use executions table output parameter type description status code number http status code of the response reason string response reason phrase data object response data labelvalue string value for the parameter example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] delete simulation label delete a specified tag from a specified simulation endpoint url /api/data/v1/accounts/{{accountid}}/rt/simulation/{{simulationid}}/labels/{{labelvalue}} method delete input argument name type required description accountid number required safebreach account id located in administration > api keys simulationid string required unique identifier labelvalue string required value for the parameter planrunid string optional the test run id for which the operation is required, otherwise, use executions table output parameter type description status code number http status code of the response reason string response reason phrase data object response data labelvalue string value for the parameter example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] delete test summary delete the specified test summary and all the results associated with it endpoint url /api/data/v1/accounts/{{accountid}}/tests/{{planrunid}} method delete input argument name type required description accountid number required safebreach account id located in administration > api keys planrunid string required unique identifier softdelete boolean optional if true, test summary will be marked as deleted and if false, test summary will be deleted from the database output parameter type description status code number http status code of the response reason string response reason phrase status string status value example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "status" "" } } ] get detailed test summaries return all detailed test summaries endpoint url /api/data/v1/accounts/{{accountid}}/detailedtestsummaries method get input argument name type required description accountid number required safebreach account id located in administration > api keys planrunids string required a list of tests runids to filter by the elements needs to be separated by pipes ( ) output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ \[], \[] ] } ] get execution history suggestions returns the executions history suggestions endpoint url /api/data/v1/accounts/{{accountid}}/executionshistorysuggestions method get input argument name type required description accountid number required safebreach account id located in administration > api keys output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] get executions history results returns the executions history results endpoint url /api/data/v1/accounts/{{accountid}}/executionshistoryresults method get input argument name type required description accountid number required safebreach account id located in administration > api keys runid string required the run id for the operation id string optional the id of the execution history record query string optional the search query for executions see readme for further details pagesize number optional page size for response paging if omitted, default page size will be used, if page exists otherwise, all results will be returned page number optional page number from the results, starting from 1 if omitted, and page size parameter exists, first page is returned if both omitted, all results are returned filetype string optional if exists, the result will be provided as a file type instead of json output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] get service status return the current connection status of all system services endpoint url /api/data/v1/status method get output parameter type description status code number http status code of the response reason string response reason phrase data object response data example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get simulation stats regarding path between nodes returns list of edges between nodes, and number or methods on each edge endpoint url /api/data/v1/accounts/{{accountid}}/breachexplorer method get input argument name type required description accountid number required safebreach account id located in administration > api keys planrunids string optional a list of tests runids to filter by the elements needs to be separated by pipes ( ) output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation attackernodeid number unique identifier targetnodeid number unique identifier packageid number unique identifier count number count value example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "results" \[] } } ] get simulations labels returns simulations labels endpoint url /api/data/v1/accounts/{{accountid}}/executionshistory/labels method get input argument name type required description accountid number required safebreach account id located in administration > api keys output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] list vulnerability detections for all simulators return list of vulnerability detections for all simulators end fragment endpoint url /api/data/v1/accounts/{{accountid}}/vulnerabilities method post input argument name type required description accountid number required safebreach account id located in administration > api keys runids string optional a list of tests run ids to filter by the elements needs to be separated by pipes ( ) sort object optional parameter for list vulnerability detections for all simulators severity number optional parameter for list vulnerability detections for all simulators criticalpercent number optional parameter for list vulnerability detections for all simulators distance from infiltration number optional parameter for list vulnerability detections for all simulators direct access number optional parameter for list vulnerability detections for all simulators distance to critical number optional parameter for list vulnerability detections for all simulators attack surface number optional parameter for list vulnerability detections for all simulators filter object optional parameter for list vulnerability detections for all simulators severity object optional parameter for list vulnerability detections for all simulators type string optional type of the resource value array optional value for the parameter criticalpercent object optional parameter for list vulnerability detections for all simulators type string optional type of the resource value array optional value for the parameter distance from infiltration object optional parameter for list vulnerability detections for all simulators type string optional type of the resource value array optional value for the parameter direct access object optional parameter for list vulnerability detections for all simulators type string optional type of the resource value array optional value for the parameter distance to critical object optional parameter for list vulnerability detections for all simulators type string optional type of the resource value array optional value for the parameter output parameter type description status code number http status code of the response reason string response reason phrase sort object output field sort severity number output field severity criticalpercent number output field criticalpercent distance from infiltration number output field distance from infiltration direct access number output field direct access distance to critical number output field distance to critical attack surface number output field attack surface filter object output field filter severity object output field severity type string type of the resource value array value for the parameter criticalpercent object output field criticalpercent type string type of the resource value array value for the parameter distance from infiltration object output field distance from infiltration type string type of the resource value array value for the parameter direct access object output field direct access type string type of the resource value array value for the parameter distance to critical object output field distance to critical type string type of the resource value array value for the parameter example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "sort" {}, "filter" {}, "refresh" true } } ] post simulation stats regarding path between nodes returns list of edges between nodes, and number or methods on each edge endpoint url /api/data/v1/accounts/{{accountid}}/breachexplorer method post input argument name type required description accountid number required safebreach account id located in administration > api keys planrunids array optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation attackernodeid number unique identifier targetnodeid number unique identifier packageid number unique identifier count number count value example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "results" \[] } } ] return insight list retrieve the remediation data for an insight based on specified parameters such as simulators involved and type of insight or file endpoint url /api/data/v1/accounts/{{accountid}}/insights method get input argument name type required description accountid number required safebreach account id located in administration > api keys type string optional if exists, type of insights \[actionbased, locationbased] attackersnodesids string optional a list of attackers nodes to filter by the elements needs to be separated by pipes ( ) targetnodesids string optional a list of targets nodes to filter by the elements needs to be separated by pipes ( ) planrunids string optional a list of tests runids to filter by the elements needs to be separated by pipes ( ) filetype string optional the type of result file returned by the request, if not assigned the response will return in a json string format output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] return insight through post includes filters return the list of insights through post action endpoint url /api/data/v1/accounts/{{accountid}}/insights method post input argument name type required description accountid number required safebreach account id located in administration > api keys filters array optional parameter for return insight through post includes filters key string optional parameter for return insight through post includes filters timerange object optional parameter for return insight through post includes filters size number optional parameter for return insight through post includes filters type string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] return remediation data for a specified insight return the remediation data for a specified insight endpoint url /api/data/v1/accounts/{{accountid}}/insights/{{insightid}}/remediation method get input argument name type required description accountid number required safebreach account id located in administration > api keys insightid number required unique identifier targetnodeid string optional the target node id used for remediation calculation type string optional if exists, type of insights \[actionbased, locationbased] attackersnodesids string optional a list of attackers nodes to filter by the elements needs to be separated by pipes ( ) vendor string optional an indication for the remediation data export format planrunids string optional a list of tests runids to filter by the elements needs to be separated by pipes ( ) output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[] } ] return remediation data through post get remediation data through post endpoint url /api/data/v1/accounts/{{accountid}}/insights/{{insightid}}/remediation method post input argument name type required description accountid number required safebreach account id located in administration > api keys insightid number required unique identifier planrunids array optional unique identifier attackersnodesids array optional unique identifier targetnodeid string optional unique identifier type string optional type of the resource vendor string optional parameter for return remediation data through post output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" {} } ] return report definitions returns a list of report definitions endpoint url /api/data/v1/accounts/{{accountid}}/reports method get input argument name type required description accountid number required safebreach account id located in administration > api keys headers object required http headers for the request x deployment ids string required scope query for deployment output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] return report layout returns the report layout endpoint url /api/data/v1/accounts/{{accountid}}/reports/{{reportid}}/layout method get input argument name type required description accountid number required safebreach account id located in administration > api keys reportid number required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase rows array output field rows columns array output field columns rows array output field rows value string value for the parameter width object unique identifier xs number output field xs sm number output field sm md number output field md lg number output field lg widget object unique identifier type string type of the resource title object output field title title string output field title style string output field style ds string output field ds settings object output field settings description string output field description repeat object output field repeat name string name of the resource foreach string output field foreach repeat object output field repeat name string name of the resource foreach string output field foreach example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "rows" \[] } } ] return report parameters returns a list of report parameters endpoint url /api/data/v1/accounts/{{accountid}}/reports/{{reportid}}/params method get input argument name type required description accountid number required safebreach account id located in administration > api keys reportid number required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] return simulator statistics per simulator pair returns list of edges between nodes, and number or methods on each edge endpoint url /api/data/v1/accounts/{{accountid}}/risk method get input argument name type required description accountid number required safebreach account id located in administration > api keys packageid number optional attack type kri string required which type of kri matching the security posture report output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] return step summary return the summary info for a step within a test endpoint url /api/data/v1/accounts/{{accountid}}/stepsummary/{{steprunid}} method get input argument name type required description accountid number required safebreach account id located in administration > api keys steprunid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] return test running info return the number of simulations which were blocked, not blocked, and with no results for the specified test endpoint url /api/data/v1/accounts/{{accountid}}/matrices/{{matrixid}}/stats method get input argument name type required description accountid number required safebreach account id located in administration > api keys matrixid number required unique identifier fromdate string required the execution date to start looking from todate string required the upper limit of execution time to search for documents output parameter type description status code number http status code of the response reason string response reason phrase blockedsimulations number output field blockedsimulations unblockedsimulations number output field unblockedsimulations failedsimulations number output field failedsimulations example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "blockedsimulations" 1, "unblockedsimulations" 2, "failedsimulations" 3 } } ] return test summary return the test summary info for a specific test end fragment endpoint url /api/data/v1/accounts/{{accountid}}/testsummaries/{{planrunid}} method get input argument name type required description accountid number required safebreach account id located in administration > api keys planrunid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] return test summary list return a list of all test summaries endpoint url /api/data/v1/accounts/{{accountid}}/testsummaries method get input argument name type required description accountid number required safebreach account id located in administration > api keys planid number optional the plan id as appears in the plan status string optional the plan status size number optional the amount of plan summaries to return simulationid string optional the unique identifier of a single simulation sortby string optional the sortby field summaries without this field will be removed output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ \[], \[] ] } ] returns execution history suggestions through post returns the executions suggestions through post endpoint url /api/data/v1/accounts/{{accountid}}/executionshistorysuggestions method post input argument name type required description accountid number required safebreach account id located in administration > api keys runid string optional unique identifier query string optional parameter for returns execution history suggestions through post output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] returns mitre stats returns mitre stats endpoint url /api/data/v1/accounts/{{accountid}}/mitre/stats method get input argument name type required description accountid number required safebreach account id located in administration > api keys query string optional the search query for executions see readme for further details output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] returns the dashboards query through post returns the dashboards query endpoint url /api/data/v1/accounts/{{accountid}}/dashboards method post input argument name type required description accountid number required safebreach account id located in administration > api keys label string optional parameter for returns the dashboards query through post id string optional unique identifier queryargs array optional parameter for returns the dashboards query through post key string optional parameter for returns the dashboards query through post timerange object optional parameter for returns the dashboards query through post size number optional parameter for returns the dashboards query through post chart string optional parameter for returns the dashboards query through post time string optional time value showna boolean optional parameter for returns the dashboards query through post issplit boolean optional parameter for returns the dashboards query through post orderby object optional parameter for returns the dashboards query through post filters array optional parameter for returns the dashboards query through post key string optional parameter for returns the dashboards query through post value array optional value for the parameter output parameter type description status code number http status code of the response reason string response reason phrase hits object output field hits aggregations object output field aggregations fugiat cd string output field fugiat cd example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "hits" {}, "aggregations" {}, "fugiat cd" "irure labore mollit occaecat" } } ] returns the execution history results through post returns the executions history results endpoint url /api/data/v1/accounts/{{accountid}}/executionshistoryresults method post input argument name type required description accountid number required safebreach account id located in administration > api keys runid string optional unique identifier id string optional unique identifier query string optional parameter for returns the execution history results through post pagesize number optional parameter for returns the execution history results through post page number optional parameter for returns the execution history results through post filetype string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] returns the executions returns the executions endpoint url /api/data/v1/accounts/{{accountid}}/simulationssummaryresults method post input argument name type required description accountid number required safebreach account id located in administration > api keys query string optional parameter for returns the executions parsedquery string optional parameter for returns the executions simulationsids array optional unique identifier methodids array optional http method to use output parameter type description status code number http status code of the response reason string response reason phrase runid string unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "runid" "" } } ] returns the executions of test specified by id returns the executions of the test specified by the id endpoint url /api/data/v1/accounts/{{accountid}}/executionshistoryresults/{{id}} method get input argument name type required description accountid number required safebreach account id located in administration > api keys id string required unique identifier runid string required the run id(test id) which the simulation belongs to output parameter type description status code number http status code of the response reason string response reason phrase movetagids object unique identifier resultcode string result of the operation resultdetails string result of the operation data string response data destnodename string name of the resource methodid number http method to use srcnodeostype string type of the resource movetags object output field movetags paramsstr string output field paramsstr id string unique identifier packagename string name of the resource srcnodename string name of the resource moveid number unique identifier matrixid number unique identifier destnodeostype string type of the resource packageid number unique identifier params string output field params labels array output field labels assettype string type of the resource srcnodeid string unique identifier destnodeid string unique identifier executiontime string time value latestexec string output field latestexec example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "movetagids" {}, "resultcode" "", "resultdetails" "", "data" "", "destnodename" "", "methodid" 1, "srcnodeostype" "", "movetags" {}, "paramsstr" "", "id" "", "packagename" "", "srcnodename" "", "moveid" 2, "matrixid" 3, "destnodeostype" "" } } ] run a report run a single report, with specified parameters endpoint url /api/data/v1/accounts/{{accountid}}/reports/{{reportid}}/generator method post input argument name type required description accountid number required safebreach account id located in administration > api keys reportid number required unique identifier outputformat string required the output format for the report can be 'json' params array optional parameter for run a report prm string optional parameter for run a report vals array optional parameter for run a report description string optional parameter for run a report datasets array optional response data id string optional unique identifier page number optional parameter for run a report pagesize number optional parameter for run a report runids array optional unique identifier headers object required http headers for the request x deployment ids string required scope query for deployment output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] update test summary update the test summary information end fragment endpoint url /api/data/v1/accounts/{{accountid}}/testsummaries/{{planrunid}} method put input argument name type required description accountid number required safebreach account id located in administration > api keys planrunid string required unique identifier userid number optional the fields to update comment string optional parameter for update test summary output parameter type description status code number http status code of the response reason string response reason phrase data object response data planrunid string unique identifier comment string output field comment example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 15 apr 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated mon, 15 apr 2024 20 37 23 gmt notes safebreach api documentation link https //www postman com/safebreach product api/workspace/safebreach api/collection/20710976 5e3423ef 0bbd 4c8d 927f 14b08fcbb8f3query link https //www elastic co/guide/en/elasticsearch/reference/current/query dsl query string query html#query string syntax