Symantec Messaging Gateway
This Integration is part of the Symantec Messaging Gateway Pack.#
Use Symantec Messaging Gateway (SMG) to block and unblock domains, email addresses, and IP addresses.
This integration was integrated and tested with Symantec Messaging Gateway v10.6.4.
Use Cases
- Block and unblock domains, email addresses and IP addresses.
- Get blocked domains and blocked IP addresses.
Known limitations
- SMG does not have a REST API, therefore the integration parses HTML response using the Beautiful Soup package. It also sends and gets data through it.
- The integration adds and removes IoCs to the relevant default Bad Sender lists, and not custom ones.
Configure Symantec Messaging Gateway on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for Symantec Messaging Gateway.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance
- Server URL (for example, https://192.168.0.1:20013)
- Username
- Do not validate server certificate (not secure)
- Use system proxy settings
- Click Test to validate URLs and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Block an email address: smg-block-email
- Block a domain: smg-block-domain
- Block an IP address: smg-block-ip
- Unblock an email address: smg-unblock-email
- Unblock a domain: smg-unblock-domain
- Unblock an IP address: smg-unblock-ip
- Get blocked Domains: smg-get-blocked-domains
- Get blocked IP addresses: smg-get-blocked-ips
1. Block an email address
Blocks an email address.
Base Command
smg-block-email
Input
| Parameter | Description |
| Email address to block |
Context Output
| Path | Description |
| Email.Address | Email address that was blocked |
| Email.Blocked | True if blocked, False if unblocked |
Raw Output
Email address admin@example.com was blocked successfully.
2. Block a domain
Block a domain.
Base Command
smg-block-domain
Input
| Parameter | Description |
| domain | Domain to block |
Context Output
| Path | Description |
| Domain.Name | Name of the domain that was blocked |
| Domain.Blocked | True if blocked, False if unblocked |
Raw Output
Domain google.com was blocked successfully.
3. Block an IP address
Blocks an IP address.
Base Command
smg-block-ip
Input
| Parameter | Description |
| ip | IP address to block |
Context Output
| Path | Description |
| IP.Address | IP address that was blocked |
| IP.Blocked | True if blocked, False if unblocked |
Raw Output
IP address 8.8.8.8 was blocked successfully.
4. Unblock an email address
Unblock an email address.
Base Command
smg-unblock-email
Input
| Parameter | Description |
| Email address to unblock |
Context Output
| Path | Description |
| Email.Address | Email address that was unblocked |
| Email.Blocked | True if blocked, False if unblocked |
Raw Output
Email address admin@example.com was unblocked successfully.
5. Unblock a domain
Unblock a domain.
Base Command
smg-unblock-domain
Input
| Parameter | Description |
| domain | Domain to unblock |
Context Output
| Path | Description |
| Domain.Name | Name of the domain that was blocked |
| Domain.Blocked | True if blocked, False if unblocked |
Raw Output
Domain google.com was unblocked successfully.
6. Unblock an IP address
Unblock an IP address.
Base Command
smg-unblock-ip
Input
| Parameter | Description |
| ip | IP address to unblock |
Context Output
| Path | Description |
| IP.Address | IP address that was unblocked |
| IP.Blocked | True if blocked, False if unblocked |
Raw Output
IP address 8.8.8.8 was unblocked successfully.
7. Get a list of blocked domains
Returns a list of blocked domains.
Base Command
smg-get-blocked-domains
Input
There is no input.
Context Output
There is no context output for this command.
Raw Output
### SMG Blocked domains: - abc.net - abc.org
8. Get blocked IP addresses
Get blocked IP addresses.
Base Command
smg-get-blocked-ips
Input
There is no input.
Context Output
There is no context output for this command..
Raw Output
### SMG Blocked IP addresses: - 1.2.3.4 - 8.8.8.8