Symantec Messaging Gateway (SMG) delivers inbound and outbound messaging security, real-time antispam and antivirus protection, advanced content filtering, threat detection and sandboxing, and data loss prevention to your enterprise. SMG provides various features such as detection of spam, denial-of-service attacks, and other inbound email threats, filtration of email by policies to remove unwanted content, compliance with regulations, and protection against intellectual property and data loss over email, and integration with Symantec Content Analysis to provide advanced threat detection and virtual sandboxing.
This document provides information about the Symantec Messaging Gateway connector, which facilitates automated interactions, with Symantec Messaging Gateway using FortiSOAR™ playbooks. Add the Symantec Messaging Gateway connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking IP addresses, domains, or emails.
Connector Version: 1.1.1
Authored By: Fortinet
The following enhancements have been made to the Symantec Messaging Gateway Connector in version 1.1.1:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-symantec-messaging-gateway
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Symantec Messaging Gateway connector card. On the connector popup, click the Configurations tab to enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of the Symantec Messaging Gateway server to which you will connect and perform automated operations. |
Username | Username for accessing Symantec Messaging Gateway to which you will connect and perform the automated operations. |
Password | Password for accessing Symantec Messaging Gateway to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. Defaults to True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Block Email | Adds an email address you have specified to the list of bad senders on Symantec Messaging Gateway. | block_email Containment |
Unblock Email | Removes an email address you have specified from the list of bad senders on Symantec Messaging Gateway. | unblock_email Remediation |
Block Domain | Adds a domain you have specified to the list of bad senders on Symantec Messaging Gateway. | block_domain Containment |
Unblock Domain | Removes a domain you have specified from the list of bad senders on Symantec Messaging Gateway. | unblock_domain Remediation |
Block IP | Adds an IP address you have specified to the list of bad senders on Symantec Messaging Gateway. | block_ip Containment |
Unblock IP | Removes an IP address you have specified from the list of bad senders on Symantec Messaging Gateway. | unblock_ip Remediation |
Quick Audit Log Search | Searches for audit logs in Symantec Messaging Gateway based on the filter criteria you have specified. This operation returns the main event fields. | audit_logs_search Investigation |
Advanced Audit Log Search | Searches for audit logs in Symantec Messaging Gateway based on the filter criteria you have specified. This operation returns all available event fields. | advanced_audit_logs_search Investigation |
Parameter | Description |
---|---|
Email Address | Specify the email address that you want to block, i.e., add to the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the email address that you have specified is successfully added to the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
Email Address | Specify the email address that you want to unblock, i.e., remove from the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the email address that you have specified is successfully removed from the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
Domain | Specify the name of the domain that you want to block, i.e., add to the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the domain name that you have specified is successfully added to the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
Domain | Specify the name of the domain that you want to unblock, i.e., remove from the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the domain name that you have specified is successfully removed from the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
IP Address | Specify the IP address that you want to block, i.e., add to the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the IP address that you have specified is successfully added to the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
IP Address | Specify the IP address that you want to unblock, i.e., remove from the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the IP address that you have specified is successfully removed from the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
Search By | Select the search filter based on which you want to search the audit logs in Symantec Messaging Gateway. You can choose from the following options: Sender, Recipient, Subject, Audit ID, Connection IP, or Logical IP. |
Search Value | Specify the value using which you want to search the audit logs in Symantec Messaging Gateway, based on the filter selected in the 'Search By' drop-down list. For example, enter baduser@badomain.com if you have selected 'Sender' in the 'Search By' drop-down list. |
Start Time | (Optional) Select the DateTime using which you want to filter the result set to only include only those items that have been created after the specified timestamp. |
End Time | (Optional) Select the DateTime using which you want to filter the result set to only include only those items that have been created before the specified timestamp. |
Limit | (Optional) Specify the maximum number of results, per page, that this operation should return. By default, this option is set as 10. |
Offset | (Optional) Specify the index of the first item to be returned by this operation. This parameter is useful for pagination and for getting a subset of items. By default, this is set as 1. |
The output contains the following populated JSON schema:
{
"Time": "",
"From": "",
"auditUID": "",
"To": "",
"Original Subject": "",
"Verdict(s)": "",
"Action(s)": ""
}
Parameter | Description |
---|---|
Search By | Select the search filter based on which you want to search the audit logs in Symantec Messaging Gateway. You can choose from the following available options: Sender, Recipient, Subject, Audit ID, Connection IP, or Logical IP. |
Search Value | Specify the value using which you want to search the audit logs in Symantec Messaging Gateway, based on the filter selected in the 'Search By' drop-down list. For example, enter baduser@badomain.com if you have selected 'Sender' in the 'Search By' drop-down list. |
Start Time | Select the DateTime using which you want to filter the result set to only include only those items that have been created after the specified timestamp. |
End Time | Select the DateTime using which you want to filter the result set to only include only those items that have been created before the specified timestamp. |
Remove None ASCII characters | Select this option to remove 'none' ASCII characters from the search results. |
The output contains the following populated JSON schema:
{
"Audit ID": "",
"Hosts": "",
"Accept From": "",
"Accept Time": "",
"Source": "",
"Message ID": "",
"Sender": "",
"Recipient": "",
"Original Recipients": "",
"Intended Recipients": "",
"Subject": "",
"Filter Policy": "",
"Policy Group": "",
"Verdict": "",
"Details": "",
"Viruses": "",
"Attachments": "",
"Suspect Attachments": "",
"Scanner Actions": "",
"Quarantine Actions": "",
"Day Zero Actions": "",
"Content Incident Folder Actions": "",
"Deliver To": "",
"Deliver Time": "",
"Untested Verdicts": ""
}
The Sample - Symantec Messaging Gateway - 1.1.1
playbook collection comes bundled with the Symantec Messaging Gateway connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec Messaging Gateway connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
Symantec Messaging Gateway (SMG) delivers inbound and outbound messaging security, real-time antispam and antivirus protection, advanced content filtering, threat detection and sandboxing, and data loss prevention to your enterprise. SMG provides various features such as detection of spam, denial-of-service attacks, and other inbound email threats, filtration of email by policies to remove unwanted content, compliance with regulations, and protection against intellectual property and data loss over email, and integration with Symantec Content Analysis to provide advanced threat detection and virtual sandboxing.
This document provides information about the Symantec Messaging Gateway connector, which facilitates automated interactions, with Symantec Messaging Gateway using FortiSOAR™ playbooks. Add the Symantec Messaging Gateway connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking IP addresses, domains, or emails.
Connector Version: 1.1.1
Authored By: Fortinet
The following enhancements have been made to the Symantec Messaging Gateway Connector in version 1.1.1:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-symantec-messaging-gateway
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Symantec Messaging Gateway connector card. On the connector popup, click the Configurations tab to enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of the Symantec Messaging Gateway server to which you will connect and perform automated operations. |
Username | Username for accessing Symantec Messaging Gateway to which you will connect and perform the automated operations. |
Password | Password for accessing Symantec Messaging Gateway to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. Defaults to True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Block Email | Adds an email address you have specified to the list of bad senders on Symantec Messaging Gateway. | block_email Containment |
Unblock Email | Removes an email address you have specified from the list of bad senders on Symantec Messaging Gateway. | unblock_email Remediation |
Block Domain | Adds a domain you have specified to the list of bad senders on Symantec Messaging Gateway. | block_domain Containment |
Unblock Domain | Removes a domain you have specified from the list of bad senders on Symantec Messaging Gateway. | unblock_domain Remediation |
Block IP | Adds an IP address you have specified to the list of bad senders on Symantec Messaging Gateway. | block_ip Containment |
Unblock IP | Removes an IP address you have specified from the list of bad senders on Symantec Messaging Gateway. | unblock_ip Remediation |
Quick Audit Log Search | Searches for audit logs in Symantec Messaging Gateway based on the filter criteria you have specified. This operation returns the main event fields. | audit_logs_search Investigation |
Advanced Audit Log Search | Searches for audit logs in Symantec Messaging Gateway based on the filter criteria you have specified. This operation returns all available event fields. | advanced_audit_logs_search Investigation |
Parameter | Description |
---|---|
Email Address | Specify the email address that you want to block, i.e., add to the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the email address that you have specified is successfully added to the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
Email Address | Specify the email address that you want to unblock, i.e., remove from the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the email address that you have specified is successfully removed from the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
Domain | Specify the name of the domain that you want to block, i.e., add to the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the domain name that you have specified is successfully added to the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
Domain | Specify the name of the domain that you want to unblock, i.e., remove from the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the domain name that you have specified is successfully removed from the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
IP Address | Specify the IP address that you want to block, i.e., add to the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the IP address that you have specified is successfully added to the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
IP Address | Specify the IP address that you want to unblock, i.e., remove from the list of bad senders on Symantec Messaging Gateway. |
The JSON output returns a Success
message if the IP address that you have specified is successfully removed from the list of bad senders on Symantec Messaging Gateway.
The output contains the following populated JSON schema:
{
"data": "",
"status": "",
"message": "",
"operation": "",
"execution_time": ""
}
Parameter | Description |
---|---|
Search By | Select the search filter based on which you want to search the audit logs in Symantec Messaging Gateway. You can choose from the following options: Sender, Recipient, Subject, Audit ID, Connection IP, or Logical IP. |
Search Value | Specify the value using which you want to search the audit logs in Symantec Messaging Gateway, based on the filter selected in the 'Search By' drop-down list. For example, enter baduser@badomain.com if you have selected 'Sender' in the 'Search By' drop-down list. |
Start Time | (Optional) Select the DateTime using which you want to filter the result set to only include only those items that have been created after the specified timestamp. |
End Time | (Optional) Select the DateTime using which you want to filter the result set to only include only those items that have been created before the specified timestamp. |
Limit | (Optional) Specify the maximum number of results, per page, that this operation should return. By default, this option is set as 10. |
Offset | (Optional) Specify the index of the first item to be returned by this operation. This parameter is useful for pagination and for getting a subset of items. By default, this is set as 1. |
The output contains the following populated JSON schema:
{
"Time": "",
"From": "",
"auditUID": "",
"To": "",
"Original Subject": "",
"Verdict(s)": "",
"Action(s)": ""
}
Parameter | Description |
---|---|
Search By | Select the search filter based on which you want to search the audit logs in Symantec Messaging Gateway. You can choose from the following available options: Sender, Recipient, Subject, Audit ID, Connection IP, or Logical IP. |
Search Value | Specify the value using which you want to search the audit logs in Symantec Messaging Gateway, based on the filter selected in the 'Search By' drop-down list. For example, enter baduser@badomain.com if you have selected 'Sender' in the 'Search By' drop-down list. |
Start Time | Select the DateTime using which you want to filter the result set to only include only those items that have been created after the specified timestamp. |
End Time | Select the DateTime using which you want to filter the result set to only include only those items that have been created before the specified timestamp. |
Remove None ASCII characters | Select this option to remove 'none' ASCII characters from the search results. |
The output contains the following populated JSON schema:
{
"Audit ID": "",
"Hosts": "",
"Accept From": "",
"Accept Time": "",
"Source": "",
"Message ID": "",
"Sender": "",
"Recipient": "",
"Original Recipients": "",
"Intended Recipients": "",
"Subject": "",
"Filter Policy": "",
"Policy Group": "",
"Verdict": "",
"Details": "",
"Viruses": "",
"Attachments": "",
"Suspect Attachments": "",
"Scanner Actions": "",
"Quarantine Actions": "",
"Day Zero Actions": "",
"Content Incident Folder Actions": "",
"Deliver To": "",
"Deliver Time": "",
"Untested Verdicts": ""
}
The Sample - Symantec Messaging Gateway - 1.1.1
playbook collection comes bundled with the Symantec Messaging Gateway connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec Messaging Gateway connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.