The Cisco Content Security Management Appliance (SMA) centralizes management and reporting functions across multiple Cisco email and web security appliances. It simplifies administration and planning, improves compliance monitoring, helps to enable consistent enforcement of policies, and enhances threat protection.
This document provides information about the Cisco SMA connector, which facilitates automated interactions, with a Cisco SMA server using FortiSOAR™ playbooks. Add the Cisco SMA connector as a step in FortiSOAR™ playbooks and perform automated operations, such as automatically tracking emails in Cisco SMA, retrieving message details from Cisco SMA, and releasing specific emails from quarantine in Cisco SMA.
Connector Version: 1.0.1
Authored By: Fortinet
Certified: No
Following enhancements have been made to the Cisco SMA connector in version 1.0.1:
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root
user to install connectors:
yum install cyops-connector-cisco-sma
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Cisco SMA connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of the Cisco SMA server to which you will connect and perform automated operations. |
Username | Username of the Cisco SMA server to which you will connect and perform automated operations. |
Password | Password of the Cisco SMA server to which you will connect and perform automated operations. |
Port | AsyncOS API port of the Cisco SMA server.
Defaults to 6443 for the https protocol. For the http protocol port should be set as 6080. |
Is Two Factor Authentication Enable | Select this checkbox if you have enabled 2FA. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Track Emails | Track emails on Cisco SMA based on the search option, start and end time of the emails and other input parameters that you have specified. | track_emails Investigation |
Get Message Details | Retrieves details of a specific message from Cisco SMA based on the start and end time of the message, ICID, message ID, and other input parameters that you have specified. | get_message_details Investigation |
Fetch Emails From SPAM Quarantine | Fetches emails from the SPAM quarantine in Cisco SMA based on the start and end time of the emails other input parameters that you have specified. | fetch_from_spam_quarantine Investigation |
Fetch Emails From Other Quarantine | Fetches emails from a specific quarantine in Cisco SMA based quarantine name, quarantine type, the start and end time of the emails, and other input parameters that you have specified. | fetch_from_other_quarantine Investigation |
Release Emails From Quarantine | Releases specific emails from quarantine in Cisco SMA based on the quarantine name, quarantine type, and message IDs you have specified. | release_emails_from_quarantine Investigation |
Delete Message | Deletes specific emails from Cisco SMA based on the quarantine name, quarantine type, and message IDs you have specified. | delete_message Investigation |
Parameter | Description |
---|---|
Start Time | Start time from when you want to track emails on Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
End Time | End time till when you want to track emails on Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
Search Option | Search option, for example, messages, based on which you want to track emails on Cisco SMA. |
Cisco Host | (Optional) Hostname based on which you want to track emails on Cisco SMA. |
Cisco MID | (Optional) Input message ID based on which you want to track emails on Cisco SMA. |
Sender IP | (Optional) Sender IP address based on which you want to track emails on Cisco SMA. |
File Hash | (Optional) Input file hash based on which you want to track emails on Cisco SMA. |
Subject | (Optional) Value of the subject based on which you want to track emails on Cisco SMA. You can choose from the following options: Is, Is Empty, Contains, or Begins With. If you select Is Empty, then this operation will track only those emails with empty subjects. If you select Is, then you must specify the following parameter:
|
Envelope Sender | (Optional) Value of the Envelope Sender based on which you want to track emails from Cisco SMA. You can choose from the following options: Contains, Is and Begins With. If you select Contains, then you must specify the following parameter:
|
Envelope Recipient | (Optional) Value of the Envelope Recipient based on which you want to track emails from Cisco SMA. You can choose from the following options: Contains, Is and Begins With. If you select Contains, then you must specify the following parameter:
|
Message ID Header | (Optional) ID of the input message header based on which you want to track emails on Cisco SMA. |
Message Delivery Status | (Optional) Status of the input message delivery based on which you want to track emails on Cisco SMA. You can choose from the following options: Delivered, Dropped, Aborted, or Bounced. |
Message Delivered | (Optional) Select this option to track only those emails that have been delivered. |
Message Direction | (Optional) Direction based on which you want to track emails on Cisco SMA. You can choose between Incoming or Outgoing. |
Messages with Malicious URLs | (Optional) Select this option to track only those emails that contain malicious URLs. |
Attachment | (Optional) Input attachment name based on which you want to track emails on Cisco SMA. You can choose from the following options: Contains, Is and Begins With. If you select Contains, then you must specify the following parameter:
|
Offset | (Optional) Specify an offset value to retrieve a subset of records starting with the offset value. Offset works with limit, which determines how many records to retrieve starting from the offset. |
Limit | (Optional) Maximum number of records this operation should retrieve from Cisco SMA. |
The output contains the following populated JSON schema:
{
"meta": {
"totalCount": "",
"num_bad_records": ""
},
"data": [
{
"attributes": {
"recipient": [],
"replyTo": "",
"senderDomain": "",
"messageStatus": "",
"direction": "",
"senderIp": "",
"hostName": "",
"serialNumber": "",
"sender": "",
"timestamp": "",
"isCompleteData": "",
"senderGroup": "",
"subject": "",
"sbrs": "",
"mid": [],
"icid": "",
"verdictChart": "",
"mailPolicy": []
}
}
]
}
Parameter | Description |
---|---|
Start Time | Start time from when you want to retrieve message details from Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
End Time | End time till when you want to retrieve message details from Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
Message ID | ID of the message for which you want to retrieve message details from Cisco SMA. For example, 150 . |
ICID | ICID of the message for which you want to retrieve message details from Cisco SMA. For example, 150 . |
Serial Number | Serial number whose associated message details from Cisco SMA. Serial Number to get its details. For example, 64122536256E-FCH1812V1ST . |
The output contains the following populated JSON schema:
{
"data": {
"messages": {
"recipient": [],
"hostName": "",
"showSummaryTimeBox": "",
"messageStatus": "",
"direction": "",
"showAMP": "",
"showDLP": "",
"summary": [
{
"description": "",
"timestamp": "",
"lastEvent": ""
}
],
"sender": "",
"messageSize": "",
"sendingHostSummary": {
"ipAddress": "",
"sbrsScore": "",
"reverseDnsHostname": ""
},
"senderGroup": "",
"attachments": [],
"timestamp": "",
"showURL": "",
"isCompleteData": "",
"midHeader": "",
"mid": [],
"subject": "",
"smtpAuthId": "",
"mailPolicy": []
}
}
}
Parameter | Description |
---|---|
Start Time | Start time from when the emails are quarantined in the SPAM folder based on which you want to retrieve emails from Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
End Time | End time till when the emails are quarantined in the SPAM folder based on which you want to retrieve emails from Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
Sorting | (Optional) Value and/or direction to sort the results retrieved by this operation. You can specify the following options: Order By or Order Direction. You can also specify both Order By and Order Direction. If you select Order Direction, then you must specify the following parameter:
|
Lazy Loading | Select this option if you want to limit the result data retrieved by this operation using lazy loading. If you check the Lazy Loading checkbox, then you must specify the following parameters:
|
Envelope Recipient | (Optional) Value of the Envelope Recipient based on which you want to retrieve emails from Cisco SMA. You can choose from the following options: Contains, Is, Begins With, Ends With, or Does Not Contain. If you select Is, then you must specify the following parameter:
|
The output contains the following populated JSON schema:
{
"meta": {
"totalCount": ""
},
"data": [
{
"mid": "",
"attributes": {
"subject": "",
"date": "",
"toAddress": [],
"fromAddress": [],
"envelopeRecipient": [],
"size": ""
}
}
]
}
Parameter | Description |
---|---|
Start Time | Start time from when the emails are quarantined in the quarantine folder that you have specified based on which you want to retrieve emails from Cisco SMA. |
End Time | End time till when the emails are quarantined in the quarantine folder that you have specified based on which you want to retrieve emails from Cisco SMA. |
Quarantine Name | Name of the quarantine in which you want to search in Cisco SMA, and from you want to retrieve emails. |
Quarantine Type | Type of the quarantine that you want to search in Cisco SMA, and from you want to retrieve emails. For example, pvo . |
Offset | Specify an offset value to retrieve a subset of records starting with the offset value. Offset works with Limit, which determines how many records to retrieve starting from the offset. |
Limit | Maximum number of records this operation should retrieve from Cisco SMA. |
Subject | (Optional) Value of the subject based on which you want to retrieve emails from Cisco SMA. You can choose from the following options: Contains, Matches Exactly, Begins With, Ends With, Does Not Contain, Does Not Start With, or Does Not End With. If you select Matches Exactly, then you must specify the following parameter:
|
Originating ESA | IP address of the ESA in which the email was processed. |
Attachment Details | (Optional) Name and/or size based on which you want to filter emails retrieved by this operation. You can specify the following options: Attachment Name or Attachment Size Filter By. You can also specify both Attachment Name and Attachment Size Filter By. If you select Attachment Name, then you must specify the following parameter:
|
Sorting | (Optional) Value and/or direction to sort the results retrieved by this operation. You can specify the following options: Order By or Order Direction. You can also specify both Order By and Order Direction. If you select Order Direction, then you must specify the following parameter:
|
Envelope Recipient | (Optional) Value of the Envelope Recipient based on which you want to retrieve emails from Cisco SMA. You can choose from the following options: Contains, Matches Exactly, Begins With, Ends With, or Does Not Contain. If you select Matches Exactly, then you must specify the following parameter:
|
Envelope Sender | (Optional) Value of the Envelope Sender based on which you want to retrieve emails from Cisco SMA. You can choose from the following options: Contains, Matches Exactly, Begins With, Ends With, or Does Not Contain. If you select Matches Exactly, then you must specify the following parameter:
|
The output contains the following populated JSON schema:
{
"meta": {
"totalCount": ""
},
"data": [
{
"mid": "",
"attributes": {
"received": "",
"originatingEsaIp": "",
"esaHostName": "",
"esaMid": "",
"scheduledExit": "",
"sender": "",
"recipient": [],
"subject": "",
"quarantineForReasonDict": [
{
"quarantineName": "",
"reason": []
}
],
"quarantineForReason": [],
"inQuarantines": "",
"size": ""
}
}
]
}
Parameter | Description |
---|---|
Message IDs | List of Message IDs that you want to release from quarantine in Cisco SMA. You can enter multiple message IDs in the CSV or List format. For example, 150,151,152 or [150,151,152] |
Quarantine Type | Type of the quarantine from which you want to release the emails. For example, pvo . |
Quarantine Name | Name of the quarantine from which you want to release the emails. For example, spam . |
The output contains the following populated JSON schema:
{
"data": {
"action": "",
"totalCount": ""
}
}
Parameter | Description |
---|---|
Message IDs | List of Message IDs that you want to delete from Cisco SMA. You can enter multiple message IDs in the CSV or List format. For example, 150,151,152 or [150,151,152] |
Quarantine Type | Type of the quarantine from which you want to delete the emails. For example, pvo . |
Quarantine Name | Name of the quarantine from which you want to release the emails. For example, spam . |
The output contains the following populated JSON schema:
{
"data": {
"action": "",
"totalCount": ""
}
}
The Sample - Cisco SMA - 1.0.1
playbook collection comes bundled with the Cisco SMA connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in CyOPsTM after importing the Cisco SMA connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
The Cisco Content Security Management Appliance (SMA) centralizes management and reporting functions across multiple Cisco email and web security appliances. It simplifies administration and planning, improves compliance monitoring, helps to enable consistent enforcement of policies, and enhances threat protection.
This document provides information about the Cisco SMA connector, which facilitates automated interactions, with a Cisco SMA server using FortiSOAR™ playbooks. Add the Cisco SMA connector as a step in FortiSOAR™ playbooks and perform automated operations, such as automatically tracking emails in Cisco SMA, retrieving message details from Cisco SMA, and releasing specific emails from quarantine in Cisco SMA.
Connector Version: 1.0.1
Authored By: Fortinet
Certified: No
Following enhancements have been made to the Cisco SMA connector in version 1.0.1:
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root
user to install connectors:
yum install cyops-connector-cisco-sma
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Cisco SMA connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of the Cisco SMA server to which you will connect and perform automated operations. |
Username | Username of the Cisco SMA server to which you will connect and perform automated operations. |
Password | Password of the Cisco SMA server to which you will connect and perform automated operations. |
Port | AsyncOS API port of the Cisco SMA server.
Defaults to 6443 for the https protocol. For the http protocol port should be set as 6080. |
Is Two Factor Authentication Enable | Select this checkbox if you have enabled 2FA. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Track Emails | Track emails on Cisco SMA based on the search option, start and end time of the emails and other input parameters that you have specified. | track_emails Investigation |
Get Message Details | Retrieves details of a specific message from Cisco SMA based on the start and end time of the message, ICID, message ID, and other input parameters that you have specified. | get_message_details Investigation |
Fetch Emails From SPAM Quarantine | Fetches emails from the SPAM quarantine in Cisco SMA based on the start and end time of the emails other input parameters that you have specified. | fetch_from_spam_quarantine Investigation |
Fetch Emails From Other Quarantine | Fetches emails from a specific quarantine in Cisco SMA based quarantine name, quarantine type, the start and end time of the emails, and other input parameters that you have specified. | fetch_from_other_quarantine Investigation |
Release Emails From Quarantine | Releases specific emails from quarantine in Cisco SMA based on the quarantine name, quarantine type, and message IDs you have specified. | release_emails_from_quarantine Investigation |
Delete Message | Deletes specific emails from Cisco SMA based on the quarantine name, quarantine type, and message IDs you have specified. | delete_message Investigation |
Parameter | Description |
---|---|
Start Time | Start time from when you want to track emails on Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
End Time | End time till when you want to track emails on Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
Search Option | Search option, for example, messages, based on which you want to track emails on Cisco SMA. |
Cisco Host | (Optional) Hostname based on which you want to track emails on Cisco SMA. |
Cisco MID | (Optional) Input message ID based on which you want to track emails on Cisco SMA. |
Sender IP | (Optional) Sender IP address based on which you want to track emails on Cisco SMA. |
File Hash | (Optional) Input file hash based on which you want to track emails on Cisco SMA. |
Subject | (Optional) Value of the subject based on which you want to track emails on Cisco SMA. You can choose from the following options: Is, Is Empty, Contains, or Begins With. If you select Is Empty, then this operation will track only those emails with empty subjects. If you select Is, then you must specify the following parameter:
|
Envelope Sender | (Optional) Value of the Envelope Sender based on which you want to track emails from Cisco SMA. You can choose from the following options: Contains, Is and Begins With. If you select Contains, then you must specify the following parameter:
|
Envelope Recipient | (Optional) Value of the Envelope Recipient based on which you want to track emails from Cisco SMA. You can choose from the following options: Contains, Is and Begins With. If you select Contains, then you must specify the following parameter:
|
Message ID Header | (Optional) ID of the input message header based on which you want to track emails on Cisco SMA. |
Message Delivery Status | (Optional) Status of the input message delivery based on which you want to track emails on Cisco SMA. You can choose from the following options: Delivered, Dropped, Aborted, or Bounced. |
Message Delivered | (Optional) Select this option to track only those emails that have been delivered. |
Message Direction | (Optional) Direction based on which you want to track emails on Cisco SMA. You can choose between Incoming or Outgoing. |
Messages with Malicious URLs | (Optional) Select this option to track only those emails that contain malicious URLs. |
Attachment | (Optional) Input attachment name based on which you want to track emails on Cisco SMA. You can choose from the following options: Contains, Is and Begins With. If you select Contains, then you must specify the following parameter:
|
Offset | (Optional) Specify an offset value to retrieve a subset of records starting with the offset value. Offset works with limit, which determines how many records to retrieve starting from the offset. |
Limit | (Optional) Maximum number of records this operation should retrieve from Cisco SMA. |
The output contains the following populated JSON schema:
{
"meta": {
"totalCount": "",
"num_bad_records": ""
},
"data": [
{
"attributes": {
"recipient": [],
"replyTo": "",
"senderDomain": "",
"messageStatus": "",
"direction": "",
"senderIp": "",
"hostName": "",
"serialNumber": "",
"sender": "",
"timestamp": "",
"isCompleteData": "",
"senderGroup": "",
"subject": "",
"sbrs": "",
"mid": [],
"icid": "",
"verdictChart": "",
"mailPolicy": []
}
}
]
}
Parameter | Description |
---|---|
Start Time | Start time from when you want to retrieve message details from Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
End Time | End time till when you want to retrieve message details from Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
Message ID | ID of the message for which you want to retrieve message details from Cisco SMA. For example, 150 . |
ICID | ICID of the message for which you want to retrieve message details from Cisco SMA. For example, 150 . |
Serial Number | Serial number whose associated message details from Cisco SMA. Serial Number to get its details. For example, 64122536256E-FCH1812V1ST . |
The output contains the following populated JSON schema:
{
"data": {
"messages": {
"recipient": [],
"hostName": "",
"showSummaryTimeBox": "",
"messageStatus": "",
"direction": "",
"showAMP": "",
"showDLP": "",
"summary": [
{
"description": "",
"timestamp": "",
"lastEvent": ""
}
],
"sender": "",
"messageSize": "",
"sendingHostSummary": {
"ipAddress": "",
"sbrsScore": "",
"reverseDnsHostname": ""
},
"senderGroup": "",
"attachments": [],
"timestamp": "",
"showURL": "",
"isCompleteData": "",
"midHeader": "",
"mid": [],
"subject": "",
"smtpAuthId": "",
"mailPolicy": []
}
}
}
Parameter | Description |
---|---|
Start Time | Start time from when the emails are quarantined in the SPAM folder based on which you want to retrieve emails from Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
End Time | End time till when the emails are quarantined in the SPAM folder based on which you want to retrieve emails from Cisco SMA. Enter the time in the YYYY-MM-DDThh:mm:00.000Z format. |
Sorting | (Optional) Value and/or direction to sort the results retrieved by this operation. You can specify the following options: Order By or Order Direction. You can also specify both Order By and Order Direction. If you select Order Direction, then you must specify the following parameter:
|
Lazy Loading | Select this option if you want to limit the result data retrieved by this operation using lazy loading. If you check the Lazy Loading checkbox, then you must specify the following parameters:
|
Envelope Recipient | (Optional) Value of the Envelope Recipient based on which you want to retrieve emails from Cisco SMA. You can choose from the following options: Contains, Is, Begins With, Ends With, or Does Not Contain. If you select Is, then you must specify the following parameter:
|
The output contains the following populated JSON schema:
{
"meta": {
"totalCount": ""
},
"data": [
{
"mid": "",
"attributes": {
"subject": "",
"date": "",
"toAddress": [],
"fromAddress": [],
"envelopeRecipient": [],
"size": ""
}
}
]
}
Parameter | Description |
---|---|
Start Time | Start time from when the emails are quarantined in the quarantine folder that you have specified based on which you want to retrieve emails from Cisco SMA. |
End Time | End time till when the emails are quarantined in the quarantine folder that you have specified based on which you want to retrieve emails from Cisco SMA. |
Quarantine Name | Name of the quarantine in which you want to search in Cisco SMA, and from you want to retrieve emails. |
Quarantine Type | Type of the quarantine that you want to search in Cisco SMA, and from you want to retrieve emails. For example, pvo . |
Offset | Specify an offset value to retrieve a subset of records starting with the offset value. Offset works with Limit, which determines how many records to retrieve starting from the offset. |
Limit | Maximum number of records this operation should retrieve from Cisco SMA. |
Subject | (Optional) Value of the subject based on which you want to retrieve emails from Cisco SMA. You can choose from the following options: Contains, Matches Exactly, Begins With, Ends With, Does Not Contain, Does Not Start With, or Does Not End With. If you select Matches Exactly, then you must specify the following parameter:
|
Originating ESA | IP address of the ESA in which the email was processed. |
Attachment Details | (Optional) Name and/or size based on which you want to filter emails retrieved by this operation. You can specify the following options: Attachment Name or Attachment Size Filter By. You can also specify both Attachment Name and Attachment Size Filter By. If you select Attachment Name, then you must specify the following parameter:
|
Sorting | (Optional) Value and/or direction to sort the results retrieved by this operation. You can specify the following options: Order By or Order Direction. You can also specify both Order By and Order Direction. If you select Order Direction, then you must specify the following parameter:
|
Envelope Recipient | (Optional) Value of the Envelope Recipient based on which you want to retrieve emails from Cisco SMA. You can choose from the following options: Contains, Matches Exactly, Begins With, Ends With, or Does Not Contain. If you select Matches Exactly, then you must specify the following parameter:
|
Envelope Sender | (Optional) Value of the Envelope Sender based on which you want to retrieve emails from Cisco SMA. You can choose from the following options: Contains, Matches Exactly, Begins With, Ends With, or Does Not Contain. If you select Matches Exactly, then you must specify the following parameter:
|
The output contains the following populated JSON schema:
{
"meta": {
"totalCount": ""
},
"data": [
{
"mid": "",
"attributes": {
"received": "",
"originatingEsaIp": "",
"esaHostName": "",
"esaMid": "",
"scheduledExit": "",
"sender": "",
"recipient": [],
"subject": "",
"quarantineForReasonDict": [
{
"quarantineName": "",
"reason": []
}
],
"quarantineForReason": [],
"inQuarantines": "",
"size": ""
}
}
]
}
Parameter | Description |
---|---|
Message IDs | List of Message IDs that you want to release from quarantine in Cisco SMA. You can enter multiple message IDs in the CSV or List format. For example, 150,151,152 or [150,151,152] |
Quarantine Type | Type of the quarantine from which you want to release the emails. For example, pvo . |
Quarantine Name | Name of the quarantine from which you want to release the emails. For example, spam . |
The output contains the following populated JSON schema:
{
"data": {
"action": "",
"totalCount": ""
}
}
Parameter | Description |
---|---|
Message IDs | List of Message IDs that you want to delete from Cisco SMA. You can enter multiple message IDs in the CSV or List format. For example, 150,151,152 or [150,151,152] |
Quarantine Type | Type of the quarantine from which you want to delete the emails. For example, pvo . |
Quarantine Name | Name of the quarantine from which you want to release the emails. For example, spam . |
The output contains the following populated JSON schema:
{
"data": {
"action": "",
"totalCount": ""
}
}
The Sample - Cisco SMA - 1.0.1
playbook collection comes bundled with the Cisco SMA connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in CyOPsTM after importing the Cisco SMA connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.