Symantec Email Security Cloud
Symantec Email Security.cloud is a hosted service that filters email messages and helps protect organizations from malware (including targeted attacks and phishing), spam, and unwanted bulk email. The service offers encryption and data protection options to help control sensitive information sent by email and supports multiple mailbox types from various vendors.
Email · SymantecEmailSecurity
Configuration parameters
url_ioc— Server URL - IOCurl_data_feeds— Server URL - Data Feedsurl_email_queue— Server URL - Email Queueurl_quarantine— Server URL - Quarantinecredentials— Usernamequarantine_credentials— Quarantine Usernameproxy— Use system proxy settingsinsecure— Trust any certificate (not secure)isFetch— Fetch incidentsincidentType— Incident typemax_fetch— Maximum number of incidents per fetchfirst_fetch— First Fetch Timefetch_type— Fetch Typeseverity— Severity - Email Data Feedtype— Type - Email Data Feedinclude_delivery— Include Delivery - Email Data Feedquery_quarantine— Query - Email Quarantinetype_quarantine— Type - Email Quarantineadmin_domain_quarantine— Admin Domain - mail Quarantine
Commands (15)
-
symantec-email-security-data-listRetrieves data feeds from Symantec Email Security.cloud. Available feeds: 'all' (metadata for all scanned email), 'malware' (malware-containing email data), 'threat-isolation' (events from URL and Attachment Isolation), 'clicktime' (metadata from end-user clicks on rewritten URLs), 'anti-spam' (spam detection metadata), and 'ec-reports' (contextual information about emails blocked by Anti-Malware service).
-
symantec-email-security-email-queue-listReturns a list of domains owned by the customer, with queue statistics for each domain.
-
symantec-email-security-ioc-actionAdd, update, delete, and renew multiple IOCs through the `entry_id` or a single IOC through the rest of the parameters.
-
symantec-email-security-ioc-listList the IOCs that apply to a specific domain or to all domains.
-
symantec-email-security-ioc-renewRenew all IOCs previously uploaded and still in the database, whether active or inactive, for a specific domain or all domains. The default retention period for IOCs is 7 days and the maximum is 30 days. After 30 days IOCs are retained in an inactive state for another 14 days. If an organization receives new email containing previously block listed IOCs, then the IOCs can renewed in the block list within this grace period. Thereafter, IOCs are removed from the system and must be uploaded again to remain in the block list.
-
symantec-email-security-item-allow-listRetrieve the allow list items.
-
symantec-email-security-item-allow-list-deleteAllows a SUDULS (allow quarantine users to maintain their own lists of email addresses or domains) user to delete an item from the allow list.
-
symantec-email-security-item-allow-list-updateAllows a SUDULS (allow quarantine users to maintain their own lists of email addresses or domains) user to add or update an item to the allow list.
-
symantec-email-security-item-block-listRetrieve the block list items.
-
symantec-email-security-item-block-list-deleteAllows a SUDULS (allow quarantine users to maintain their own lists of email addresses or domains) user to delete an item from the block list.
-
symantec-email-security-item-block-list-updateAllows a SUDULS (allow quarantine users to maintain their own lists of email addresses or domains) user to add or update an item to the block list.
-
symantec-email-security-quarantine-email-deleteDeletes the set of quarantined emails specified in the request. The items are marked as deleted in the backend data store, but are not physically deleted.
-
symantec-email-security-quarantine-email-listRetrieves the metadata for quarantined emails belonging to the authenticated user. If the user is an administrator, the API provides options to retrieve the metadata for emails quarantined for another user under his administration.
-
symantec-email-security-quarantine-email-previewRetrieves the contents of the email specified in the request. To preview an email the compliance policy must allow it.
-
symantec-email-security-quarantine-email-releaseReleases the set of quarantined emails specified in the request.