Symantec Email Security Cloud

Symantec Email Security.cloud is a hosted service that filters email messages and helps protect organizations from malware (including targeted attacks and phishing), spam, and unwanted bulk email. The service offers encryption and data protection options to help control sensitive information sent by email and supports multiple mailbox types from various vendors.

Email · SymantecEmailSecurity

Configuration parameters

  • url_ioc — Server URL - IOC
  • url_data_feeds — Server URL - Data Feeds
  • url_email_queue — Server URL - Email Queue
  • url_quarantine — Server URL - Quarantine
  • credentials — Username
  • quarantine_credentials — Quarantine Username
  • proxy — Use system proxy settings
  • insecure — Trust any certificate (not secure)
  • isFetch — Fetch incidents
  • incidentType — Incident type
  • max_fetch — Maximum number of incidents per fetch
  • first_fetch — First Fetch Time
  • fetch_type — Fetch Type
  • severity — Severity - Email Data Feed
  • type — Type - Email Data Feed
  • include_delivery — Include Delivery - Email Data Feed
  • query_quarantine — Query - Email Quarantine
  • type_quarantine — Type - Email Quarantine
  • admin_domain_quarantine — Admin Domain - mail Quarantine

Commands (15)

  • symantec-email-security-data-list

    Retrieves data feeds from Symantec Email Security.cloud. Available feeds: 'all' (metadata for all scanned email), 'malware' (malware-containing email data), 'threat-isolation' (events from URL and Attachment Isolation), 'clicktime' (metadata from end-user clicks on rewritten URLs), 'anti-spam' (spam detection metadata), and 'ec-reports' (contextual information about emails blocked by Anti-Malware service).

  • symantec-email-security-email-queue-list

    Returns a list of domains owned by the customer, with queue statistics for each domain.

  • symantec-email-security-ioc-action

    Add, update, delete, and renew multiple IOCs through the `entry_id` or a single IOC through the rest of the parameters.

  • symantec-email-security-ioc-list

    List the IOCs that apply to a specific domain or to all domains.

  • symantec-email-security-ioc-renew

    Renew all IOCs previously uploaded and still in the database, whether active or inactive, for a specific domain or all domains. The default retention period for IOCs is 7 days and the maximum is 30 days. After 30 days IOCs are retained in an inactive state for another 14 days. If an organization receives new email containing previously block listed IOCs, then the IOCs can renewed in the block list within this grace period. Thereafter, IOCs are removed from the system and must be uploaded again to remain in the block list.

  • symantec-email-security-item-allow-list

    Retrieve the allow list items.

  • symantec-email-security-item-allow-list-delete

    Allows a SUDULS (allow quarantine users to maintain their own lists of email addresses or domains) user to delete an item from the allow list.

  • symantec-email-security-item-allow-list-update

    Allows a SUDULS (allow quarantine users to maintain their own lists of email addresses or domains) user to add or update an item to the allow list.

  • symantec-email-security-item-block-list

    Retrieve the block list items.

  • symantec-email-security-item-block-list-delete

    Allows a SUDULS (allow quarantine users to maintain their own lists of email addresses or domains) user to delete an item from the block list.

  • symantec-email-security-item-block-list-update

    Allows a SUDULS (allow quarantine users to maintain their own lists of email addresses or domains) user to add or update an item to the block list.

  • symantec-email-security-quarantine-email-delete

    Deletes the set of quarantined emails specified in the request. The items are marked as deleted in the backend data store, but are not physically deleted.

  • symantec-email-security-quarantine-email-list

    Retrieves the metadata for quarantined emails belonging to the authenticated user. If the user is an administrator, the API provides options to retrieve the metadata for emails quarantined for another user under his administration.

  • symantec-email-security-quarantine-email-preview

    Retrieves the contents of the email specified in the request. To preview an email the compliance policy must allow it.

  • symantec-email-security-quarantine-email-release

    Releases the set of quarantined emails specified in the request.