Symantec Email Security.cloud
Integration version: 1.0
Configure Symantec Email Security.cloud integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| IOC API Root | String | https://iocapi.emailsecurity.symantec.com | Yes | IOC API root of the Symantec Email Security.Cloud instance. |
| Username | String | N/A | Yes | Username of the Symantec Email Security.Cloud instance. |
| Password | Secret | N/A | Yes | Password of the Symantec Email Security.Cloud instance. |
| Verify SSL | Checkbox | Unchecked | Yes | If enabled, verifies that the SSL certificate for the connection to the Symantec Email Security.Cloud server is valid. |
Use Cases
Block entities.
Actions
Ping
Description
Test connectivity to the Symantec Email Security.Cloud integration with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.
Parameters
N/A
Run On
This action doesn't run on entities, nor has mandatory input parameters.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success=False |
JSON Result
N/A
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution: If successful: "Successfully connected to the Symantec Email Security.Cloud server with the provided connection parameters!" The action should fail and stop a playbook execution: If not successful: "Failed to connect to the Symantec Email Security.Cloud server! Error is {0}".format(exception.stacktrace)" |
General |
Block Entities
Description
Block entities in Symantec Email Security.Cloud. Supported entities: Hostname, IP Address, URL, Filehash, Email Subject, Email Address (user entity that matches email regex).
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Remediation Action | DDL | Block and Delete Possible values:
|
No | Specify the remediation action for the entities. |
| Description | String | Blocked by PRODUCT_NAME | Yes | Specify a description that should be added to the blocked entities. |
Run On
This action runs on the following entities:
- Hostname
- IP Address
- URL
- Filehash
- Email Subject
- Email Address (user entity that matches email regex)
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success=False |
JSON Result
{
"status": "Failure",
"reason": "Invalid MD5 value"
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution: If data is available for one entity (is_success=true): "Successfully blocked the following entities in Symantec Email Security.Cloud: {entity.identifier}." If data is not available for one entity (is_success=true): "Action wasn't able to block the following entities in Symantec Email Security.Cloud: {entity.identifier}." If data is not available for all entities (is_success=false): "None of the provided entities were blocked." The action should fail and stop a playbook execution: If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "Block Entities". Reason: {0}''.format(error.Stacktrace)" |
General |