Symantec Messaging Gateway
This Integration is part of the Symantec Messaging Gateway Pack.#
Supported versions
Available on Cortex XSOAR and Cortex XSIAM.
Use Symantec Messaging Gateway (SMG) to block and unblock domains, email addresses, and IP addresses.
This integration was integrated and tested with Symantec Messaging Gateway v10.6.4.
Use Cases
- Block and unblock domains, email addresses and IP addresses.
- Get blocked domains and blocked IP addresses.
Known limitations
- SMG does not have a REST API, therefore the integration parses HTML response using the Beautiful Soup package. It also sends and gets data through it.
- The integration adds and removes IoCs to the relevant default Bad Sender lists, and not custom ones.
Configure Symantec Messaging Gateway on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for Symantec Messaging Gateway.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance
- Server URL (for example, https://192.168.0.1:20013)
- Username
- Do not validate server certificate (not secure)
- Use system proxy settings
- Click Test to validate URLs and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Block an email address: smg-block-email
- Block a domain: smg-block-domain
- Block an IP address: smg-block-ip
- Unblock an email address: smg-unblock-email
- Unblock a domain: smg-unblock-domain
- Unblock an IP address: smg-unblock-ip
- Get blocked Domains: smg-get-blocked-domains
- Get blocked IP addresses: smg-get-blocked-ips
1. Block an email address
Blocks an email address.
Base Command
smg-block-email
Input
| Parameter | Description |
| Email address to block |
Context Output
| Path | Description |
| Email.Address | Email address that was blocked |
| Email.Blocked | True if blocked, False if unblocked |
Raw Output
Email address admin@example.com was blocked successfully.
2. Block a domain
Block a domain.
Base Command
smg-block-domain
Input
| Parameter | Description |
| domain | Domain to block |
Context Output
| Path | Description |
| Domain.Name | Name of the domain that was blocked |
| Domain.Blocked | True if blocked, False if unblocked |
Raw Output
Domain google.com was blocked successfully.
3. Block an IP address
Blocks an IP address.
Base Command
smg-block-ip
Input
| Parameter | Description |
| ip | IP address to block |
Context Output
| Path | Description |
| IP.Address | IP address that was blocked |
| IP.Blocked | True if blocked, False if unblocked |
Raw Output
IP address 8.8.8.8 was blocked successfully.
4. Unblock an email address
Unblock an email address.
Base Command
smg-unblock-email
Input
| Parameter | Description |
| Email address to unblock |
Context Output
| Path | Description |
| Email.Address | Email address that was unblocked |
| Email.Blocked | True if blocked, False if unblocked |
Raw Output
Email address admin@example.com was unblocked successfully.
5. Unblock a domain
Unblock a domain.
Base Command
smg-unblock-domain
Input
| Parameter | Description |
| domain | Domain to unblock |
Context Output
| Path | Description |
| Domain.Name | Name of the domain that was blocked |
| Domain.Blocked | True if blocked, False if unblocked |
Raw Output
Domain google.com was unblocked successfully.
6. Unblock an IP address
Unblock an IP address.
Base Command
smg-unblock-ip
Input
| Parameter | Description |
| ip | IP address to unblock |
Context Output
| Path | Description |
| IP.Address | IP address that was unblocked |
| IP.Blocked | True if blocked, False if unblocked |
Raw Output
IP address 8.8.8.8 was unblocked successfully.
7. Get a list of blocked domains
Returns a list of blocked domains.
Base Command
smg-get-blocked-domains
Input
There is no input.
Context Output
There is no context output for this command.
Raw Output
### SMG Blocked domains: - abc.net - abc.org
8. Get blocked IP addresses
Get blocked IP addresses.
Base Command
smg-get-blocked-ips
Input
There is no input.
Context Output
There is no context output for this command..
Raw Output
### SMG Blocked IP addresses: - 1.2.3.4 - 8.8.8.8