Symantec Email Security.cloud stops targeted spear-phishing and other email threats by blocking the sender IPs, domains, URLs, and email addresses, etc.
This document provides information about the Symantec Email Security.cloud connector, which facilitates automated interactions, with Symantec Email Security.cloud server using FortiSOAR™ playbooks. Add the Symantec Email Security.cloud connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blacklisting email addresses, domains, URLs, IP addresses, etc, for specific IOCs, and downloading IOCs from Symantec Email Security.cloud.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 5.1.0-464
Authored By: Fortinet
Certified: Yes
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-symantec-cloud
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Symantec Email Security.cloud connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of Symantec Email Security.cloud to which you will connect and perform automated operations. |
Username | Username for accessing Symantec Email Security.cloud to which you will connect and perform the automated operations. |
Password | Encrypted Password for accessing Symantec Email Security.cloud to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations fromFortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Blacklist IP Address | Blocks all emails containing the IP address or IP range that you have specified as an IOC on Symantec Email Security.cloud based on the IP address or IP range and other input parameters you have specified. | block_ip Containment |
Blacklist Domain | Blocks all emails containing the domain(s) that you have specified as an IOC on Symantec Email Security.cloud based on the Domain IOC type, IOC value, and other input parameters you have specified. | block_domain Containment |
Blacklist Email Address | Blocks all emails containing the email address(s) that you have specified as an IOC on Symantec Email Security.cloud based on the Email IOC type, IOC value, and other input parameters you have specified. | block_email Containment |
Blacklist URL | Blocks all emails containing the URL(s) that you have specified as an IOC on Symantec Email Security.cloud based on the URL(s) and other input parameters you have specified. | block_url Containment |
Block Subject Text | Blocks all emails containing the specified subject that you have specified as an IOC on Symantec Email Security.cloud based on the subject(s) and other input parameters you have specified. | block_subject Containment |
Blacklist MD5 | Blocks all emails containing the specified MD5 value that you have specified as an IOC on Symantec Email Security.cloud based on the MD5 value(s) and other input parameters you have specified. | block_md5 Containment |
Blacklist SHA-2 | Blocks all emails containing the specified SHA-2 value that you have specified as an IOC on Symantec Email Security.cloud based on the SHA-2 value(s) and other input parameters you have specified. | block_sha2 Containment |
Merge IOCs In Blacklist | Adds or Updates multiple IOCs of any type in blacklist on Symantec Email Security.cloud based on the type and value of the IOCs And other input parameters you have specified. | merge_iocs Containment |
Replace All IOCs In Blacklist | Replaces multiple IOCs of any type in a blacklist on Symantec Email Security.cloud based on the type and value of the IOCs and other input parameters you have specified. | replace_iocs Containment |
Remove IOC from Blacklist | Removes IOC of any type from a blacklist on Symantec Email Security.cloud based on the type and value of the IOCs, IOC Blacklist ID and other input parameters you have specified. | delete_ioc Remediation |
Download IOCs | Downloads a list of all IOCs or IOCs specific to a particular domain from Symantec Email Security.cloud in the JSON or CSV format. | download_iocs Investigation |
Parameter | Description |
---|---|
Operation | Operation that you want to perform for blacklisting IP address(es), i.e., you can either Add New IOCs or Update an IOC to the IP address.
|
Email Direction | Select the direction in which you want to block emails that contain the IP address or IP range that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs in its IP address. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Domain IOC Type | Type of domain IOC that you want to block on Symantec Email Security.cloud. You can choose from the following types:
|
Operation | Operation that you want to perform for blacklisting domain(s), i.e., you can either Add New IOCs or Update an IOC to the domain.
|
Email Direction | Select the direction in which you want to block emails that contain the domain(s) that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs in its domain. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Email IOC Type | Type of Email IOC that you want to block on Symantec Email Security.cloud. You can choose from the following types:
|
Operation | Operation that you want to perform for blacklisting domain(s), i.e., you can either Add New IOCs or Update an IOC to the Email Address.
|
Email Direction | Select the direction in which you want to block emails that contain the email address(es) that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs in its email address. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Operation | Operation that you want to perform for blacklisting URL(s), i.e., you can either Add New IOCs or Update an IOC to the URL.
|
Email Direction | Select the direction in which you want to block emails that contain the URL(s) that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs in its URL. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Operation | Operation that you want to perform for blocking the subject(s), i.e., you can either Add New IOCs or Update an IOC to the Subject Text.
|
Email Direction | Select the direction in which you want to block emails that contain the subject that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs in its subject. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Operation | Operation that you want to perform for blacklisting the MD5(s), i.e., you can either Add New IOCs or Update an IOC to the MD5.
|
Email Direction | Select the direction in which you want to block emails that contain the MD5 value that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified MD5 values. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Operation | Operation that you want to perform for blacklisting the SHA-2(s), i.e., you can either Add New IOCs or Update an IOC to the SH-2.
|
Email Direction | Select the direction in which you want to block emails that contain the SHA-2 value that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified SHA-2 values. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
IOC Type | IOC type that describes the IOC Value, which you want to add or update in a blacklist on Symantec Email Security.cloud. You can choose from the following options: IP Address, Domain, Email, URL, Subject Text, MD5, or SHA-2.
|
Email Direction | Select the direction in which you want to block emails that contain the specified IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
IOC Type | IOC type that describes the IOC Value, which you want to replace in a blacklist on Symantec Email Security.cloud. You can choose from the following options: IP Address, Domain, Email, or URL.
|
Email Direction | Select the direction in which you want to block emails that contain the specified IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
IOC Type | IOC type that describes the IOC Value, which you want to remove from a blacklist on Symantec Email Security.cloud. You can choose from the following options: IP Address, Domain, Email, or URL.
|
Email Direction | Select the direction in which you want to block emails that contain the specified IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Response Format | Select the format in which you want to download the IOCs from Symantec Email Security.cloud. You can choose between the CSV or JSON formats. |
Domain Name | Specify the name of the domain whose associated IOCs you want to download from Symantec Email Security.cloud or you can specify global to download IOCs for all domains. |
The output contains the following populated JSON schema:
{
"attachments_iri": "",
"file_iri": ""
}
The Sample - Symantec Cloud Email Security.cloud - 2.0.0
playbook collection comes bundled with the Symantec Email Security.cloud connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec Email Security.cloud connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
Symantec Email Security.cloud stops targeted spear-phishing and other email threats by blocking the sender IPs, domains, URLs, and email addresses, etc.
This document provides information about the Symantec Email Security.cloud connector, which facilitates automated interactions, with Symantec Email Security.cloud server using FortiSOAR™ playbooks. Add the Symantec Email Security.cloud connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blacklisting email addresses, domains, URLs, IP addresses, etc, for specific IOCs, and downloading IOCs from Symantec Email Security.cloud.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 5.1.0-464
Authored By: Fortinet
Certified: Yes
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-symantec-cloud
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Symantec Email Security.cloud connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of Symantec Email Security.cloud to which you will connect and perform automated operations. |
Username | Username for accessing Symantec Email Security.cloud to which you will connect and perform the automated operations. |
Password | Encrypted Password for accessing Symantec Email Security.cloud to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations fromFortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Blacklist IP Address | Blocks all emails containing the IP address or IP range that you have specified as an IOC on Symantec Email Security.cloud based on the IP address or IP range and other input parameters you have specified. | block_ip Containment |
Blacklist Domain | Blocks all emails containing the domain(s) that you have specified as an IOC on Symantec Email Security.cloud based on the Domain IOC type, IOC value, and other input parameters you have specified. | block_domain Containment |
Blacklist Email Address | Blocks all emails containing the email address(s) that you have specified as an IOC on Symantec Email Security.cloud based on the Email IOC type, IOC value, and other input parameters you have specified. | block_email Containment |
Blacklist URL | Blocks all emails containing the URL(s) that you have specified as an IOC on Symantec Email Security.cloud based on the URL(s) and other input parameters you have specified. | block_url Containment |
Block Subject Text | Blocks all emails containing the specified subject that you have specified as an IOC on Symantec Email Security.cloud based on the subject(s) and other input parameters you have specified. | block_subject Containment |
Blacklist MD5 | Blocks all emails containing the specified MD5 value that you have specified as an IOC on Symantec Email Security.cloud based on the MD5 value(s) and other input parameters you have specified. | block_md5 Containment |
Blacklist SHA-2 | Blocks all emails containing the specified SHA-2 value that you have specified as an IOC on Symantec Email Security.cloud based on the SHA-2 value(s) and other input parameters you have specified. | block_sha2 Containment |
Merge IOCs In Blacklist | Adds or Updates multiple IOCs of any type in blacklist on Symantec Email Security.cloud based on the type and value of the IOCs And other input parameters you have specified. | merge_iocs Containment |
Replace All IOCs In Blacklist | Replaces multiple IOCs of any type in a blacklist on Symantec Email Security.cloud based on the type and value of the IOCs and other input parameters you have specified. | replace_iocs Containment |
Remove IOC from Blacklist | Removes IOC of any type from a blacklist on Symantec Email Security.cloud based on the type and value of the IOCs, IOC Blacklist ID and other input parameters you have specified. | delete_ioc Remediation |
Download IOCs | Downloads a list of all IOCs or IOCs specific to a particular domain from Symantec Email Security.cloud in the JSON or CSV format. | download_iocs Investigation |
Parameter | Description |
---|---|
Operation | Operation that you want to perform for blacklisting IP address(es), i.e., you can either Add New IOCs or Update an IOC to the IP address.
|
Email Direction | Select the direction in which you want to block emails that contain the IP address or IP range that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs in its IP address. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Domain IOC Type | Type of domain IOC that you want to block on Symantec Email Security.cloud. You can choose from the following types:
|
Operation | Operation that you want to perform for blacklisting domain(s), i.e., you can either Add New IOCs or Update an IOC to the domain.
|
Email Direction | Select the direction in which you want to block emails that contain the domain(s) that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs in its domain. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Email IOC Type | Type of Email IOC that you want to block on Symantec Email Security.cloud. You can choose from the following types:
|
Operation | Operation that you want to perform for blacklisting domain(s), i.e., you can either Add New IOCs or Update an IOC to the Email Address.
|
Email Direction | Select the direction in which you want to block emails that contain the email address(es) that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs in its email address. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Operation | Operation that you want to perform for blacklisting URL(s), i.e., you can either Add New IOCs or Update an IOC to the URL.
|
Email Direction | Select the direction in which you want to block emails that contain the URL(s) that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs in its URL. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Operation | Operation that you want to perform for blocking the subject(s), i.e., you can either Add New IOCs or Update an IOC to the Subject Text.
|
Email Direction | Select the direction in which you want to block emails that contain the subject that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs in its subject. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Operation | Operation that you want to perform for blacklisting the MD5(s), i.e., you can either Add New IOCs or Update an IOC to the MD5.
|
Email Direction | Select the direction in which you want to block emails that contain the MD5 value that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified MD5 values. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Operation | Operation that you want to perform for blacklisting the SHA-2(s), i.e., you can either Add New IOCs or Update an IOC to the SH-2.
|
Email Direction | Select the direction in which you want to block emails that contain the SHA-2 value that is specified as an IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified SHA-2 values. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
IOC Type | IOC type that describes the IOC Value, which you want to add or update in a blacklist on Symantec Email Security.cloud. You can choose from the following options: IP Address, Domain, Email, URL, Subject Text, MD5, or SHA-2.
|
Email Direction | Select the direction in which you want to block emails that contain the specified IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
IOC Type | IOC type that describes the IOC Value, which you want to replace in a blacklist on Symantec Email Security.cloud. You can choose from the following options: IP Address, Domain, Email, or URL.
|
Email Direction | Select the direction in which you want to block emails that contain the specified IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
IOC Type | IOC type that describes the IOC Value, which you want to remove from a blacklist on Symantec Email Security.cloud. You can choose from the following options: IP Address, Domain, Email, or URL.
|
Email Direction | Select the direction in which you want to block emails that contain the specified IOC on Symantec Email Security.cloud. You can choose between Inbound, Outbound, or Both. |
Description | Description of the IOCs(s), in the string format, that you are adding or updating on Symantec Email Security.cloud. Note: The maximum length of the description is 255 characters. |
Remediation Action | Remediation action that you want to perform on the email on Symantec Email Security.cloud, which contains the specified IOCs. You can choose from the following actions:
|
The output contains the following populated JSON schema:
{
"failure_response": [],
"blacklisted_iocs": []
}
Parameter | Description |
---|---|
Response Format | Select the format in which you want to download the IOCs from Symantec Email Security.cloud. You can choose between the CSV or JSON formats. |
Domain Name | Specify the name of the domain whose associated IOCs you want to download from Symantec Email Security.cloud or you can specify global to download IOCs for all domains. |
The output contains the following populated JSON schema:
{
"attachments_iri": "",
"file_iri": ""
}
The Sample - Symantec Cloud Email Security.cloud - 2.0.0
playbook collection comes bundled with the Symantec Email Security.cloud connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec Email Security.cloud connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.