Symantec™ Cloud is a hosted service that filters Email messages and helps protect organizations from Malware (including targeted attacks and phishing), Spam, and unwanted bulk Email.
This document provides information about the Symantec Cloud connector, which facilitates automated interactions, with Symantec Cloud using FortiSOAR™ playbooks. Add the Symantec Cloud connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blacklisting or whitelisting of email addresses, domains, and IP addresses, and retrieving verdict information for emails from Symantec Cloud.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.10.3-161 and later
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the Symantec Cloud connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of Symantec Cloud to which you will connect and perform automated operations. |
Username | Username for accessing Symantec Cloud to which you will connect and perform the automated operations. |
Secret Key | Encrypted Password for accessing Symantec Cloud to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. Defaults to True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Blacklist IP | Blocks all emails that originate from the IP address that you have specified. | block_ip Containment |
Whitelist IP | Allows all emails that are coming in from the IP address that you have specified. | allow_ip Remediation |
Blacklist Domain | Blocks all emails that originate from the domain name that you have specified. | block_domain Containment |
Whitelist Domain | Allows all emails that are coming in from the domain name that you have specified. | allow_domain Remediation |
Blacklist Email Address | Blocks all emails that originate from the email address that you have specified. | block_email Containment |
Whitelist Email Address | Allows all emails that are coming in from the email address that you have specified. | allow_email Remediation |
Get Threat Intelligence Feed | Retrieves detailed information, including verdict information, for all emails that have been received within an organization, retrieved from Symantec Cloud, based on the type of feed you have specified. Verdict information specifies whether the email is tagged as malware, isolation, or clean. You can fetch verdict information based on the following feeds: All (Malware + Clean), Malware, or Isolation URL. |
get_feed Miscellaneous |
Parameter | Description |
---|---|
IP | IP address based on which you want to block all originating emails. |
The JSON output returns a Success
message if the IP that you have specified is successfully added to the Blocked list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
IP | IP address based on which you want to allow all originating emails. |
The JSON output returns a Success
message if the IP that you have specified is successfully added to the Approved list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
Domain | Domain name based on which you want to block all originating emails. |
The JSON output returns a Success
message if the Domain that you have specified is successfully added to the Blocked list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
Domain | Domain name based on which you want to allow all originating emails. |
The JSON output returns a Success
message if the domain name that you have specified is successfully added to the Approved list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
Email address based on which you want to block all originating emails. |
The JSON output returns a Success
message if the email address that you have specified is successfully added to the Blocked list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
Email address based on which you want to allow all originating emails. |
The JSON output returns a Success
message if the email address that you have specified is successfully added to the Approved list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
Feed Start Date | Datetime from when you want to start retrieving feed (alert) information from Symantec Cloud. |
Feed | Type of feed based on which you want to retrieve email information (including verdict information) from Symantec Cloud. You can choose from the following options: All(Malware + Clean), Malware, or Isolation URL. |
The JSON output contains detailed information, including verdict information, for all emails that have been received within an organization, retrieved from Symantec Cloud. Verdict information specifies whether the email is tagged as malware, isolation, or clean.
Following image displays a sample output:
The Sample - Symantec Cloud - 1.0.0
playbook collection comes bundled with the Symantec Cloud connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec Cloud connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Symantec™ Cloud is a hosted service that filters Email messages and helps protect organizations from Malware (including targeted attacks and phishing), Spam, and unwanted bulk Email.
This document provides information about the Symantec Cloud connector, which facilitates automated interactions, with Symantec Cloud using FortiSOAR™ playbooks. Add the Symantec Cloud connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blacklisting or whitelisting of email addresses, domains, and IP addresses, and retrieving verdict information for emails from Symantec Cloud.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.10.3-161 and later
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the Symantec Cloud connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of Symantec Cloud to which you will connect and perform automated operations. |
Username | Username for accessing Symantec Cloud to which you will connect and perform the automated operations. |
Secret Key | Encrypted Password for accessing Symantec Cloud to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. Defaults to True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Blacklist IP | Blocks all emails that originate from the IP address that you have specified. | block_ip Containment |
Whitelist IP | Allows all emails that are coming in from the IP address that you have specified. | allow_ip Remediation |
Blacklist Domain | Blocks all emails that originate from the domain name that you have specified. | block_domain Containment |
Whitelist Domain | Allows all emails that are coming in from the domain name that you have specified. | allow_domain Remediation |
Blacklist Email Address | Blocks all emails that originate from the email address that you have specified. | block_email Containment |
Whitelist Email Address | Allows all emails that are coming in from the email address that you have specified. | allow_email Remediation |
Get Threat Intelligence Feed | Retrieves detailed information, including verdict information, for all emails that have been received within an organization, retrieved from Symantec Cloud, based on the type of feed you have specified. Verdict information specifies whether the email is tagged as malware, isolation, or clean. You can fetch verdict information based on the following feeds: All (Malware + Clean), Malware, or Isolation URL. |
get_feed Miscellaneous |
Parameter | Description |
---|---|
IP | IP address based on which you want to block all originating emails. |
The JSON output returns a Success
message if the IP that you have specified is successfully added to the Blocked list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
IP | IP address based on which you want to allow all originating emails. |
The JSON output returns a Success
message if the IP that you have specified is successfully added to the Approved list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
Domain | Domain name based on which you want to block all originating emails. |
The JSON output returns a Success
message if the Domain that you have specified is successfully added to the Blocked list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
Domain | Domain name based on which you want to allow all originating emails. |
The JSON output returns a Success
message if the domain name that you have specified is successfully added to the Approved list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
Email address based on which you want to block all originating emails. |
The JSON output returns a Success
message if the email address that you have specified is successfully added to the Blocked list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
Email address based on which you want to allow all originating emails. |
The JSON output returns a Success
message if the email address that you have specified is successfully added to the Approved list on Symantec Cloud.
Following image displays a sample output:
Parameter | Description |
---|---|
Feed Start Date | Datetime from when you want to start retrieving feed (alert) information from Symantec Cloud. |
Feed | Type of feed based on which you want to retrieve email information (including verdict information) from Symantec Cloud. You can choose from the following options: All(Malware + Clean), Malware, or Isolation URL. |
The JSON output contains detailed information, including verdict information, for all emails that have been received within an organization, retrieved from Symantec Cloud. Verdict information specifies whether the email is tagged as malware, isolation, or clean.
Following image displays a sample output:
The Sample - Symantec Cloud - 1.0.0
playbook collection comes bundled with the Symantec Cloud connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec Cloud connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.