Skip to main content

Trustwave Secure Email Gateway

This Integration is part of the TrustwaveSEG Pack.#

Trustwave SEG is a secure messaging solution that protects businesses and users from email-borne threats, including phishing, blended threats, and spam. Trustwave Secure Email Gateway also delivers improved policy enforcement and data leakage prevention. This integration was integrated and tested with version 10 of trustwave secure email gateway.

Configure trustwave secure email gateway in Cortex#

ParameterDescriptionRequired
Hostname or IPHostname or IP address (localhost or 127.0.0.1).True
SEG Configuration Service PortUsed for retrieving a token for the commands.True
SEG API PortUsed for accessing the API console.True
User CredentialsTrue
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

trustwave-seg-get-version#


Gets Trustwave version information.

Base Command#

trustwave-seg-get-version

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
TrustwaveSEG.Version.configVersionNumberThe configuration version.
TrustwaveSEG.Version.productVersionStringThe product version.
TrustwaveSEG.Version.rpcInterfaceVersionNumberThe RPC interface version.

Command Example#

!trustwave-seg-get-version

Context Example#

{
"TrustwaveSEG": {
"Version": {
"configVersion": 39,
"productVersion": "10.0.1.2030",
"rpcInterfaceVersion": 31
}
}
}

Human Readable Output#

Version Information#

Config VersionProduct Version
3910.0.1.2030

trustwave-seg-automatic-config-backup-list#


Returns a list of automatic configuration backups.

Base Command#

trustwave-seg-automatic-config-backup-list

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
TrustwaveSEG.AutomaticBackupConfig.fileSizeNumberThe file size of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.filenameStringThe filename of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.info.backupTimeNumberThe backup time of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.info.backupTimeStrDateThe backup time string of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.info.backupTypeStringThe backup type of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.info.backupUserStringThe back up user of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.info.commitDescriptionStringThe commit description of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.info.commitSetIdNumberThe commit set ID of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.info.commitUserStringThe commit user of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.info.configVersionNumberThe configuration version of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.info.containsDkimKeysBooleanWhether there are DomainKeys Identified Mail (DKIM) keys for the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.info.productVersionStringThe product version of the automatic configuration backup.
TrustwaveSEG.AutomaticBackupConfig.lastModifiedNumberThe date the automatic backup configuration was last modified.

Command Example#

!trustwave-seg-automatic-config-backup-list

Context Example#

{
"TrustwaveSEG": {
"AutomaticBackupConfig": [
{
"backupTime": 1620650406,
"backupTimeStr": "2021-05-10T12:40:06Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 102,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69732378,
"filename": "MailMarshal-10.0.1-ManualBackup_10-May-2021-05-40-05",
"info": {
"backupTime": 1620650406,
"backupTimeStr": "2021-05-10T12:40:06Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 102,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620650415,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620601203,
"backupTimeStr": "2021-05-09T23:00:03Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 100,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69732255,
"filename": "MailMarshal-10.0.1-AutomaticBackup_09-May-2021-16-00-00",
"info": {
"backupTime": 1620601203,
"backupTimeStr": "2021-05-09T23:00:03Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 100,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620601213,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620514801,
"backupTimeStr": "2021-05-08T23:00:01Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 100,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69732256,
"filename": "MailMarshal-10.0.1-AutomaticBackup_08-May-2021-16-00-00",
"info": {
"backupTime": 1620514801,
"backupTimeStr": "2021-05-08T23:00:01Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 100,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620514812,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620428401,
"backupTimeStr": "2021-05-07T23:00:01Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 100,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69732256,
"filename": "MailMarshal-10.0.1-AutomaticBackup_07-May-2021-16-00-00",
"info": {
"backupTime": 1620428401,
"backupTimeStr": "2021-05-07T23:00:01Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 100,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620428412,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620342000,
"backupTimeStr": "2021-05-06T23:00:00Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 99,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69728288,
"filename": "MailMarshal-10.0.1-AutomaticBackup_06-May-2021-16-00-00",
"info": {
"backupTime": 1620342000,
"backupTimeStr": "2021-05-06T23:00:00Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 99,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620342009,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620300775,
"backupTimeStr": "2021-05-06T11:32:55Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 98,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723684,
"filename": "MailMarshal-10.0.1-ManualBackup_06-May-2021-04-32-55",
"info": {
"backupTime": 1620300775,
"backupTimeStr": "2021-05-06T11:32:55Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 98,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620300784,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620285980,
"backupTimeStr": "2021-05-06T07:26:20Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 96,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723497,
"filename": "MailMarshal-10.0.1-ManualBackup_06-May-2021-00-26-20",
"info": {
"backupTime": 1620285980,
"backupTimeStr": "2021-05-06T07:26:20Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 96,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620285989,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620285625,
"backupTimeStr": "2021-05-06T07:20:25Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 94,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723673,
"filename": "MailMarshal-10.0.1-ManualBackup_06-May-2021-00-20-25",
"info": {
"backupTime": 1620285625,
"backupTimeStr": "2021-05-06T07:20:25Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 94,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620285634,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620283437,
"backupTimeStr": "2021-05-06T06:43:57Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 93,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723593,
"filename": "MailMarshal-10.0.1-ManualBackup_05-May-2021-23-43-56",
"info": {
"backupTime": 1620283437,
"backupTimeStr": "2021-05-06T06:43:57Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 93,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620283446,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620283281,
"backupTimeStr": "2021-05-06T06:41:21Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 92,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723594,
"filename": "MailMarshal-10.0.1-ManualBackup_05-May-2021-23-41-20",
"info": {
"backupTime": 1620283281,
"backupTimeStr": "2021-05-06T06:41:21Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 92,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620283289,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620255600,
"backupTimeStr": "2021-05-05T23:00:00Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 89,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723546,
"filename": "MailMarshal-10.0.1-AutomaticBackup_05-May-2021-16-00-00",
"info": {
"backupTime": 1620255600,
"backupTimeStr": "2021-05-05T23:00:00Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 89,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620255609,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620217869,
"backupTimeStr": "2021-05-05T12:31:09Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 88,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723589,
"filename": "MailMarshal-10.0.1-ManualBackup_05-May-2021-05-31-09",
"info": {
"backupTime": 1620217869,
"backupTimeStr": "2021-05-05T12:31:09Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 88,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620217878,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620217689,
"backupTimeStr": "2021-05-05T12:28:09Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 86,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723490,
"filename": "MailMarshal-10.0.1-ManualBackup_05-May-2021-05-28-09",
"info": {
"backupTime": 1620217689,
"backupTimeStr": "2021-05-05T12:28:09Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 86,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620217698,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620217531,
"backupTimeStr": "2021-05-05T12:25:31Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 84,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723751,
"filename": "MailMarshal-10.0.1-ManualBackup_05-May-2021-05-25-31",
"info": {
"backupTime": 1620217531,
"backupTimeStr": "2021-05-05T12:25:31Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 84,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620217540,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620217310,
"backupTimeStr": "2021-05-05T12:21:50Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 84,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723751,
"filename": "MailMarshal-10.0.1-ManualBackup_05-May-2021-05-21-50",
"info": {
"backupTime": 1620217310,
"backupTimeStr": "2021-05-05T12:21:50Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 84,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620217319,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620217071,
"backupTimeStr": "2021-05-05T12:17:51Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 84,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69723751,
"filename": "MailMarshal-10.0.1-ManualBackup_05-May-2021-05-17-51",
"info": {
"backupTime": 1620217071,
"backupTimeStr": "2021-05-05T12:17:51Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 84,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620217080,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620198296,
"backupTimeStr": "2021-05-05T07:04:56Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 83,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69718651,
"filename": "MailMarshal-10.0.1-ManualBackup_05-May-2021-00-04-56",
"info": {
"backupTime": 1620198296,
"backupTimeStr": "2021-05-05T07:04:56Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 83,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620198305,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620198215,
"backupTimeStr": "2021-05-05T07:03:35Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 82,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69718538,
"filename": "MailMarshal-10.0.1-ManualBackup_05-May-2021-00-03-35",
"info": {
"backupTime": 1620198215,
"backupTimeStr": "2021-05-05T07:03:35Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 82,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620198225,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620169200,
"backupTimeStr": "2021-05-04T23:00:00Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 80,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69718485,
"filename": "MailMarshal-10.0.1-AutomaticBackup_04-May-2021-16-00-00",
"info": {
"backupTime": 1620169200,
"backupTimeStr": "2021-05-04T23:00:00Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 80,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620169209,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620111035,
"backupTimeStr": "2021-05-04T06:50:35Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 79,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69714284,
"filename": "MailMarshal-10.0.1-ManualBackup_03-May-2021-23-50-35",
"info": {
"backupTime": 1620111035,
"backupTimeStr": "2021-05-04T06:50:35Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Committing Marshal RBL credentials update",
"commitSetId": 79,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620111045,
"productVersion": "10.0.1.2030"
},
{
"backupTime": 1620082800,
"backupTimeStr": "2021-05-03T23:00:00Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 77,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"fileSize": 69714339,
"filename": "MailMarshal-10.0.1-AutomaticBackup_03-May-2021-16-00-00",
"info": {
"backupTime": 1620082800,
"backupTimeStr": "2021-05-03T23:00:00Z",
"backupType": "full",
"backupUser": "admin",
"commitDescription": "Files updates automatically applied.",
"commitSetId": 77,
"commitUser": "admin",
"configVersion": 39,
"containsDkimKeys": false,
"productVersion": "10.0.1.2030"
},
"lastModified": 1620082809,
"productVersion": "10.0.1.2030"
}
]
}
}

Human Readable Output#

Automatic Configured Backups#

FilenameContains Dkim KeysBackup UserProduct VersionConfig VersionCommit DescriptionBackup Type
MailMarshal-10.0.1-ManualBackup_10-May-2021-05-40-05falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-AutomaticBackup_09-May-2021-16-00-00falseadmin10.0.1.203039Files updates automatically applied.full
MailMarshal-10.0.1-AutomaticBackup_08-May-2021-16-00-00falseadmin10.0.1.203039Files updates automatically applied.full
MailMarshal-10.0.1-AutomaticBackup_07-May-2021-16-00-00falseadmin10.0.1.203039Files updates automatically applied.full
MailMarshal-10.0.1-AutomaticBackup_06-May-2021-16-00-00falseadmin10.0.1.203039Files updates automatically applied.full
MailMarshal-10.0.1-ManualBackup_06-May-2021-04-32-55falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-ManualBackup_06-May-2021-00-26-20falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-ManualBackup_06-May-2021-00-20-25falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-ManualBackup_05-May-2021-23-43-56falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-ManualBackup_05-May-2021-23-41-20falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-AutomaticBackup_05-May-2021-16-00-00falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-ManualBackup_05-May-2021-05-31-09falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-ManualBackup_05-May-2021-05-28-09falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-ManualBackup_05-May-2021-05-25-31falseadmin10.0.1.203039Files updates automatically applied.full
MailMarshal-10.0.1-ManualBackup_05-May-2021-05-21-50falseadmin10.0.1.203039Files updates automatically applied.full
MailMarshal-10.0.1-ManualBackup_05-May-2021-05-17-51falseadmin10.0.1.203039Files updates automatically applied.full
MailMarshal-10.0.1-ManualBackup_05-May-2021-00-04-56falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-ManualBackup_05-May-2021-00-03-35falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-AutomaticBackup_04-May-2021-16-00-00falseadmin10.0.1.203039Files updates automatically applied.full
MailMarshal-10.0.1-ManualBackup_03-May-2021-23-50-35falseadmin10.0.1.203039Committing Marshal RBL credentials updatefull
MailMarshal-10.0.1-AutomaticBackup_03-May-2021-16-00-00falseadmin10.0.1.203039Files updates automatically applied.full

trustwave-seg-automatic-config-backup-restore#


Restores a specific automatic configuration backup.

Base Command#

trustwave-seg-automatic-config-backup-restore

Input#

Argument NameDescriptionRequired
nameThe name of the backup to restore (e.g., MailMarshal-10.0.1-ManualBackup_11-Apr-2021-05-00-10).Required
timeoutThe timeout for the request in seconds. This request might take a while. If the request fails due to a connectivity error, try to add more time to this argument. Default is 30.Optional
include_dkimWhether DKIM (DomainKeys Identified Mail) should be used. Possible values are: true, false. Default is false.Optional
dkim_passwordIf include_dkim is true, the DKIM password for the action.Optional

Context Output#

PathTypeDescription
TrustwaveSEG.AutomaticBackupRestore.errorsStringThe errors of the AutomaticBackupRestore.
TrustwaveSEG.AutomaticBackupRestore.reasonStringThe reason for the AutomaticBackupRestore.
TrustwaveSEG.AutomaticBackupRestore.warningsStringThe warnings of the AutomaticBackupRestore.

Command Example#

!trustwave-seg-automatic-config-backup-restore name="MailMarshal-10.0.1-ManualBackup_05-May-2021-05-25-31" timeout=200

Context Example#

{
"TrustwaveSEG": {
"AutomaticBackupRestore": {
"errors": "",
"reason": "backup restored",
"warnings": "DKIM password not set - DKIM restore is ignored.\n"
}
}
}

Human Readable Output#

Automatic Configuration Backup Restore Completed#

NameReasonWarnings
MailMarshal-10.0.1-ManualBackup_05-May-2021-05-25-31backup restoredDKIM password not set - DKIM restore is ignored.

trustwave-seg-automatic-config-backup-run#


Run automatic backup now.

Base Command#

trustwave-seg-automatic-config-backup-run

Input#

Argument NameDescriptionRequired
timeoutThe timeout for the request in seconds. This request might take a while. If the request fails due to a connectivity error, try to add more seconds to the timeout. Default is 30.Optional
include_dkimChoose if DKIM (DomainKeys Identified Mail) should be used. Possible values are: true, false. Default is false.Optional
dkim_passwordIf include_dkim equals true - Please specify the DKIM password (defaults to configured password).Optional

Context Output#

PathTypeDescription
TrustwaveSEG.AutomaticBackupRun.backupNameStringThe backup name of the automatic backup run.
TrustwaveSEG.AutomaticBackupRun.reasonStringThe reason for the automatic backup run.

Command Example#

!trustwave-seg-automatic-config-backup-run

Context Example#

{
"TrustwaveSEG": {
"AutomaticBackupRun": {
"backupName": "MailMarshal-10.0.1-ManualBackup_10-May-2021-05-50-37",
"reason": "backup successful"
}
}
}

Human Readable Output#

Automatic Configuration Backup Run Completed#

Backup NameReason
MailMarshal-10.0.1-ManualBackup_10-May-2021-05-50-37backup successful

trustwave-seg-list-alerts#


Gets a list of current alerts.

Base Command#

trustwave-seg-list-alerts

Input#

Argument NameDescriptionRequired
active_onlyWhether to return only active alarms. Possible values are: true, false. Default is false.Optional

Context Output#

PathTypeDescription
TrustwaveSEG.Alert.activeBooleanThe activity of the alert.
TrustwaveSEG.Alert.descriptionStringThe description of the alert.
TrustwaveSEG.Alert.nodeNumberThe node of the alert.
TrustwaveSEG.Alert.sourceStringThe source of the alert.
TrustwaveSEG.Alert.triggeredNumberThe trigger of the alert.
TrustwaveSEG.Alert.typeNumberThe type of the alert.

Command Example#

!trustwave-seg-list-alerts

Context Example#

{
"TrustwaveSEG": {
"Alert": [
{
"active": false,
"description": "MMEngine is now running",
"node": 1,
"source": "Engine",
"triggered": 1618920768,
"type": 0
},
{
"active": false,
"description": "MMSender is now running",
"node": 1,
"source": "Sender",
"triggered": 1618920374,
"type": 0
},
{
"active": false,
"description": "MMReceiver is now running",
"node": 1,
"source": "Receiver",
"triggered": 1618920374,
"type": 0
},
{
"active": false,
"description": "MMEngine has stopped",
"node": 1,
"source": "Engine",
"triggered": 1618918602,
"type": 7
},
{
"active": false,
"description": "MMSender has stopped",
"node": 1,
"source": "Sender",
"triggered": 1618918602,
"type": 7
},
{
"active": false,
"description": "MMReceiver has stopped",
"node": 1,
"source": "Receiver",
"triggered": 1618918602,
"type": 7
}
]
}
}

Human Readable Output#

Alerts#

DescriptionActiveNodeSourceTriggered
MMEngine is now runningfalse1Engine20/04/2021, 12:12:48
MMSender is now runningfalse1Sender20/04/2021, 12:06:14
MMReceiver is now runningfalse1Receiver20/04/2021, 12:06:14
MMEngine has stoppedfalse1Engine20/04/2021, 11:36:42
MMSender has stoppedfalse1Sender20/04/2021, 11:36:42
MMReceiver has stoppedfalse1Receiver20/04/2021, 11:36:42

trustwave-seg-statistics#


Gets Trustwave SEG statistics. Must provide a start time or time range.

Base Command#

trustwave-seg-statistics

Input#

Argument NameDescriptionRequired
time_rangeAn optional time range, i.e., 3 months, 1 week, 1 day ago, etc.Optional
start_timeStart time in the format of: YYYY-mm-ddTHH:MM:SSZ or i.e., 3 months, 1 week, 1 day ago, etc. Given only the start_time, end_time will be set to the current time.Optional
end_timeEnd time in the format of: YYYY-mm-ddTHH:MM:SSZ or i.e., 3 months, 1 week, 1 day ago, etc.Optional

Context Output#

PathTypeDescription
TrustwaveSEG.Statistics.maliciousUrlsNumberThe number of malicious URLs in the statistics.
TrustwaveSEG.Statistics.msgsBlendedThreatsNumberThe number blended threats messages in the statistics.
TrustwaveSEG.Statistics.msgsInNumberThe number of incoming messages in the statistics.
TrustwaveSEG.Statistics.msgsInternalNumberThe number of internal messages in the statistics.
TrustwaveSEG.Statistics.msgsOutNumberThe number of outgoing messages in the statistics.
TrustwaveSEG.Statistics.msgsSpamNumberThe number of spam messages in the statistics.
TrustwaveSEG.Statistics.msgsVirusNumberThe number of virus messages in the statistics.
TrustwaveSEG.Statistics.numQuarantinedNumberThe number of quarantined messages in the statistics.
TrustwaveSEG.Statistics.numQuarantinesPerMsgNumberThe number of quarantines per message in the statistics.
TrustwaveSEG.Statistics.pFoldersNumberThe number of pFolders in the statistics.
TrustwaveSEG.Statistics.pThreatsNumberThe number of pThreats in the statistics.
TrustwaveSEG.Statistics.safeClicksNumberThe number of safe clicks in the statistics.in the statistics.
TrustwaveSEG.Statistics.unsafeClicksNumberThe number of unsafe clicks
TrustwaveSEG.Statistics.unsafeUrlsNumberThe number of unsafe URLs in the statistics.
TrustwaveSEG.Statistics.urlsFoundNumberThe number of URLs found in the statistics.
TrustwaveSEG.Statistics.urlsRewrittenNumberThe number of urls rewritten in the statistics.
TrustwaveSEG.Statistics.virusDetectedNumberThe number of viruses detected in the statistics.
TrustwaveSEG.Statistics.virusScannedNumberThe number of virus-scanned statistics.

Command Example#

!trustwave-seg-statistics time_range="1 day ago"

Context Example#

{
"TrustwaveSEG": {
"Statistics": {
"maliciousUrls": 0,
"msgsBlendedThreats": 0,
"msgsIn": 0,
"msgsInternal": 0,
"msgsOut": 0,
"msgsSpam": 0,
"msgsVirus": 0,
"numQuarantined": 0,
"numQuarantinesPerMsg": 0,
"pFolders": null,
"pThreats": null,
"safeClicks": 0,
"unsafeClicks": 0,
"unsafeUrls": 0,
"urlsFound": 0,
"urlsRewritten": 0,
"virusDetected": 0,
"virusScanned": 0
}
}
}

Human Readable Output#

Statistics Information between 09/05/2021, 12:50:34 to 10/05/2021, 12:50:34#

Msgs InMsgs OutMalicious UrlsMsgs Blended ThreatsMsgs SpamMsgs VirusNum QuarantinedUnsafe ClicksUnsafe UrlsVirus Detected
0000000000

trustwave-seg-list-servers#


Gets a list of servers.

Base Command#

trustwave-seg-list-servers

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
TrustwaveSEG.Server.configCommitSetIdNumberThe configuration commit set ID of the server.
TrustwaveSEG.Server.configTimeStampNumberThe configuration timestamp of the server.
TrustwaveSEG.Server.disconnectedReasonStringDisconnected reason for the server.
TrustwaveSEG.Server.isActiveBooleanActivation status of the Server.
TrustwaveSEG.Server.isConfigDeferredBooleanWhether the configuration of the server is deferred.
TrustwaveSEG.Server.lastConnectedNumberLast connected time of the server.
TrustwaveSEG.Server.osVersionStringThe operating system version of the server.
TrustwaveSEG.Server.pServiceStatus.descriptionStringThe description of the server.
TrustwaveSEG.Server.pServiceStatus.lastErrorUnknownLast error of the server.
TrustwaveSEG.Server.pServiceStatus.nameStringThe name of the server.
TrustwaveSEG.Server.pServiceStatus.serviceIdNumberThe service ID of the server.
TrustwaveSEG.Server.pServiceStatus.stateNumberThe state of the server.
TrustwaveSEG.Server.productVersionStringThe product version of the server.
TrustwaveSEG.Server.serverDescriptionStringThe description of the server.
TrustwaveSEG.Server.serverIdNumberThe ID of the server.
TrustwaveSEG.Server.serverLocationStringThe location of the server.
TrustwaveSEG.Server.serverNameStringThe name of the server.
TrustwaveSEG.Server.timeZoneNameStringTimezone name of the server.
TrustwaveSEG.Server.timeZoneOffsetNumberTimezone offset of the server.

Command Example#

!trustwave-seg-list-servers

Context Example#

{
"TrustwaveSEG": {
"Server": {
"configCommitSetId": 102,
"configTimeStamp": 0,
"disconnectedReason": "RPC call timed-out",
"isActive": true,
"isConfigDeferred": false,
"lastConnected": 1620650994,
"osVersion": "Windows Server 2016 ",
"pServiceStatus": [
{
"description": "Trustwave SEG Receiver.\nAccepts email messages for processing.",
"lastError": null,
"name": "Receiver",
"serviceId": 0,
"state": 0
},
{
"description": "Trustwave SEG Content Engine.\nApplies your email policy to messages.",
"lastError": null,
"name": "Engine",
"serviceId": 1,
"state": 0
},
{
"description": "Trustwave SEG Sender.\nForwards processed messages for delivery.",
"lastError": null,
"name": "Sender",
"serviceId": 2,
"state": 0
}
],
"productVersion": "10.0.1.2030",
"serverDescription": "",
"serverId": 1,
"serverLocation": "test",
"serverName": "DEV-TRUSTWAVE",
"timeZoneName": "Jerusalem Daylight Time",
"timeZoneOffset": -120
}
}
}

Human Readable Output#

Servers Details#

Server NameServer IdProduct VersionIs ActiveServer LocationServices
DEV-TRUSTWAVE110.0.1.2030truetestReceiver, Engine, Sender

trustwave-seg-get-server#


Gets server details.

Base Command#

trustwave-seg-get-server

Input#

Argument NameDescriptionRequired
server_idThe ID of the server from which to retrieve information.Required

Context Output#

PathTypeDescription
TrustwaveSEG.Server.configCommitSetIdNumberThe configuration commit set ID of the server.
TrustwaveSEG.Server.configTimeStampNumberThe configuration timestamp of the server.
TrustwaveSEG.Server.disconnectedReasonStringDisconnected reason for the server.
TrustwaveSEG.Server.isActiveBooleanActivation status of the Server.
TrustwaveSEG.Server.isConfigDeferredBooleanWhether the configuration of the server is deferred.
TrustwaveSEG.Server.lastConnectedNumberLast connected time of the server.
TrustwaveSEG.Server.osVersionStringThe operating system version of the server.
TrustwaveSEG.Server.pServiceStatus.descriptionStringThe description of the server.
TrustwaveSEG.Server.pServiceStatus.lastErrorUnknownLast error of the server.
TrustwaveSEG.Server.pServiceStatus.nameStringThe name of the server.
TrustwaveSEG.Server.pServiceStatus.serviceIdNumberThe service ID of the server.
TrustwaveSEG.Server.pServiceStatus.stateNumberThe state of the server.
TrustwaveSEG.Server.productVersionStringThe product version of the server.
TrustwaveSEG.Server.serverDescriptionStringThe description of the server.
TrustwaveSEG.Server.serverIdNumberThe ID of the server.
TrustwaveSEG.Server.serverLocationStringThe location of the server.
TrustwaveSEG.Server.serverNameStringThe name of the server.
TrustwaveSEG.Server.timeZoneNameStringTimezone name of the server.
TrustwaveSEG.Server.timeZoneOffsetNumberTimezone offset of the server.

Command Example#

!trustwave-seg-get-server server_id="1"

Context Example#

{
"TrustwaveSEG": {
"Server": {
"configCommitSetId": 102,
"configTimeStamp": 0,
"disconnectedReason": "RPC call timed-out",
"isActive": false,
"isConfigDeferred": false,
"lastConnected": 1620650994,
"osVersion": "Windows Server 2016 ",
"pServiceStatus": [
{
"description": "Trustwave SEG Receiver.\nAccepts email messages for processing.",
"lastError": null,
"name": "Receiver",
"serviceId": 0,
"state": 0
},
{
"description": "Trustwave SEG Content Engine.\nApplies your email policy to messages.",
"lastError": null,
"name": "Engine",
"serviceId": 1,
"state": 0
},
{
"description": "Trustwave SEG Sender.\nForwards processed messages for delivery.",
"lastError": null,
"name": "Sender",
"serviceId": 2,
"state": 0
}
],
"productVersion": "10.0.1.2030",
"serverDescription": "",
"serverId": 1,
"serverLocation": "test",
"serverName": "DEV-TRUSTWAVE",
"timeZoneName": "Jerusalem Daylight Time",
"timeZoneOffset": -120
}
}
}

Human Readable Output#

Server Details. ID: 1#

Server NameServer IdProduct VersionIs ActiveServer LocationServices
DEV-TRUSTWAVE110.0.1.2030falsetestReceiver, Engine, Sender

trustwave-seg-list-classifications#


Gets a list of classifications.

Base Command#

trustwave-seg-list-classifications

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
TrustwaveSEG.Classification.codeNumberThe code of the classification.
TrustwaveSEG.Classification.idNumberThe ID of the classification.
TrustwaveSEG.Classification.nameStringThe name of the classification.
TrustwaveSEG.Classification.typeNumberThe type of the classification.

Command Example#

!trustwave-seg-list-classifications

Context Example#

{
"TrustwaveSEG": {
"Classification": [
{
"code": 1,
"id": 1,
"name": "Folders",
"type": 1
},
{
"code": 2,
"id": 2,
"name": "Mail Recycle Bin",
"type": 1
},
{
"code": 3,
"id": 3,
"name": "Dead Letters",
"type": 1
},
{
"code": 4,
"id": 4,
"name": "Unpacking",
"type": 1
},
{
"code": 5,
"id": 5,
"name": "Routing",
"type": 1
},
{
"code": 7,
"id": 6,
"name": "Undetermined",
"type": 1
},
{
"code": 8,
"id": 7,
"name": "Malformed",
"type": 1
},
{
"code": 9,
"id": 8,
"name": "Virus",
"type": 1
},
{
"code": 10,
"id": 9,
"name": "Spam",
"type": 1
},
{
"code": 11,
"id": 10,
"name": "Archiving",
"type": 1
},
{
"code": 1,
"id": 11,
"name": "Delivered successfully",
"type": 0
},
{
"code": 2,
"id": 12,
"name": "Temporarily undeliverable",
"type": 0
},
{
"code": 3,
"id": 13,
"name": "Undeliverable",
"type": 0
},
{
"code": 4,
"id": 14,
"name": "Message killed",
"type": 0
},
{
"code": 5,
"id": 15,
"name": "Delivery not tried",
"type": 0
},
{
"code": 6,
"id": 16,
"name": "Delivered successfully over TLS",
"type": 0
},
{
"code": 7,
"id": 17,
"name": "Temporarily undeliverable due to TLS",
"type": 0
},
{
"code": 1,
"id": 18,
"name": "Operator passthrough",
"type": 3
},
{
"code": 2,
"id": 19,
"name": "Operator deleted",
"type": 3
},
{
"code": 3,
"id": 20,
"name": "Operator forwarded",
"type": 3
},
{
"code": 4,
"id": 21,
"name": "Operator reprocessed",
"type": 3
},
{
"code": 5,
"id": 22,
"name": "Operator continued",
"type": 3
},
{
"code": 6,
"id": 23,
"name": "Operator sent to recycle bin",
"type": 3
},
{
"code": 7,
"id": 24,
"name": "Operator restored from recycle bin",
"type": 3
},
{
"code": 8,
"id": 25,
"name": "Operator emptied recycle bin",
"type": 3
},
{
"code": 9,
"id": 26,
"name": "User deleted",
"type": 3
},
{
"code": 10,
"id": 27,
"name": "Forwarded to Trustwave as spam",
"type": 3
},
{
"code": 11,
"id": 28,
"name": "Forwarded to Trustwave as not spam",
"type": 3
},
{
"code": 12,
"id": 29,
"name": "Message viewed in console",
"type": 3
},
{
"code": 1,
"id": 30,
"name": "Deleted by rules",
"type": 4
},
{
"code": 1000,
"id": 31,
"name": "Sent History",
"type": 1
},
{
"code": 1001,
"id": 32,
"name": "DMARC Reports",
"type": 1
},
{
"code": 1002,
"id": 33,
"name": "BEC - Executive Name",
"type": 1
},
{
"code": 1003,
"id": 34,
"name": "Suspect",
"type": 1
},
{
"code": 1004,
"id": 35,
"name": "Spoofed",
"type": 1
},
{
"code": 1005,
"id": 36,
"name": "Junk",
"type": 1
},
{
"code": 1006,
"id": 37,
"name": "Archive In",
"type": 1
},
{
"code": 1007,
"id": 38,
"name": "Archive Out",
"type": 1
},
{
"code": 1008,
"id": 39,
"name": "Language",
"type": 1
},
{
"code": 1009,
"id": 40,
"name": "Parked Large Files",
"type": 1
},
{
"code": 1010,
"id": 41,
"name": "Oversize",
"type": 1
},
{
"code": 1011,
"id": 42,
"name": "Awaiting Challenge - Response",
"type": 1
},
{
"code": 1012,
"id": 43,
"name": "Attachment Type - Executables",
"type": 1
},
{
"code": 1013,
"id": 44,
"name": "Attachment Type - Images",
"type": 1
},
{
"code": 1014,
"id": 45,
"name": "Attachment Type - Video and Sound",
"type": 1
},
{
"code": 1015,
"id": 46,
"name": "Attachment Type - Encrypted",
"type": 1
},
{
"code": 1016,
"id": 47,
"name": "Attachment Type - Unknown",
"type": 1
},
{
"code": 1017,
"id": 48,
"name": "Policy Breaches",
"type": 1
},
{
"code": 1018,
"id": 49,
"name": "Policy Breaches - SEC",
"type": 1
},
{
"code": 1019,
"id": 50,
"name": "Policy Breaches - SOX",
"type": 1
},
{
"code": 1020,
"id": 51,
"name": "Attachment Type - Documents",
"type": 1
},
{
"code": 1021,
"id": 52,
"name": "Suspect Images",
"type": 1
},
{
"code": 1022,
"id": 53,
"name": "Policy Breaches - HIPAA",
"type": 1
},
{
"code": 1023,
"id": 54,
"name": "Spam - Confirmed",
"type": 1
},
{
"code": 1024,
"id": 55,
"name": "Spam - Scams",
"type": 1
},
{
"code": 1025,
"id": 56,
"name": "Spam - Suspected",
"type": 1
},
{
"code": 1026,
"id": 57,
"name": "TLS Failures",
"type": 1
},
{
"code": 1027,
"id": 58,
"name": "DKIM Failures",
"type": 1
},
{
"code": 1028,
"id": 59,
"name": "DKIM Signing Failures",
"type": 1
},
{
"code": 1029,
"id": 60,
"name": "Malware",
"type": 1
},
{
"code": 1030,
"id": 61,
"name": "Malware - Virus Scanner Errors",
"type": 1
},
{
"code": 1031,
"id": 62,
"name": "Malware - Suspected",
"type": 1
},
{
"code": 1032,
"id": 63,
"name": "SenderID Failures",
"type": 1
},
{
"code": 1033,
"id": 64,
"name": "Suspect URLs",
"type": 1
},
{
"code": 1034,
"id": 65,
"name": "Malware - AMAX",
"type": 1
},
{
"code": 1035,
"id": 66,
"name": "Malformed PDF",
"type": 1
},
{
"code": 1036,
"id": 67,
"name": "DMARC Failures - Quarantine policy",
"type": 1
},
{
"code": 1037,
"id": 68,
"name": "DMARC Failures - Reject policy",
"type": 1
},
{
"code": 1038,
"id": 69,
"name": "BEC - Fraud Filter",
"type": 1
},
{
"code": 1039,
"id": 70,
"name": "BEC - Domain Similarity",
"type": 1
},
{
"code": 71,
"id": 71,
"name": "Product Info Request",
"type": 2
},
{
"code": 73,
"id": 72,
"name": "Contains a CV",
"type": 2
},
{
"code": 74,
"id": 73,
"name": "Has Multiple Recipients",
"type": 2
},
{
"code": 75,
"id": 74,
"name": "Message to Old Domain",
"type": 2
},
{
"code": 72,
"id": 75,
"name": "Release Requests",
"type": 2
}
]
}
}

Human Readable Output#

Classifications#

IdName
1Folders
2Mail Recycle Bin
3Dead Letters
4Unpacking
5Routing
6Undetermined
7Malformed
8Virus
9Spam
10Archiving
11Delivered successfully
12Temporarily undeliverable
13Undeliverable
14Message killed
15Delivery not tried
16Delivered successfully over TLS
17Temporarily undeliverable due to TLS
18Operator passthrough
19Operator deleted
20Operator forwarded
21Operator reprocessed
22Operator continued
23Operator sent to recycle bin
24Operator restored from recycle bin
25Operator emptied recycle bin
26User deleted
27Forwarded to Trustwave as spam
28Forwarded to Trustwave as not spam
29Message viewed in console
30Deleted by rules
31Sent History
32DMARC Reports
33BEC - Executive Name
34Suspect
35Spoofed
36Junk
37Archive In
38Archive Out
39Language
40Parked Large Files
41Oversize
42Awaiting Challenge - Response
43Attachment Type - Executables
44Attachment Type - Images
45Attachment Type - Video and Sound
46Attachment Type - Encrypted
47Attachment Type - Unknown
48Policy Breaches
49Policy Breaches - SEC
50Policy Breaches - SOX
51Attachment Type - Documents
52Suspect Images
53Policy Breaches - HIPAA
54Spam - Confirmed
55Spam - Scams
56Spam - Suspected
57TLS Failures
58DKIM Failures
59DKIM Signing Failures
60Malware
61Malware - Virus Scanner Errors
62Malware - Suspected
63SenderID Failures
64Suspect URLs
65Malware - AMAX
66Malformed PDF
67DMARC Failures - Quarantine policy
68DMARC Failures - Reject policy
69BEC - Fraud Filter
70BEC - Domain Similarity
71Product Info Request
72Contains a CV
73Has Multiple Recipients
74Message to Old Domain
75Release Requests

trustwave-seg-list-quarantine-folders#


Gets a list of folders.

Base Command#

trustwave-seg-list-quarantine-folders

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
TrustwaveSEG.Folder.descriptionStringThe description of the folder.
TrustwaveSEG.Folder.folderIdNumberThe ID of the folder.
TrustwaveSEG.Folder.folderTypeNumberThe type of the folder.
TrustwaveSEG.Folder.iconIndexNumberThe icon index of the folder.
TrustwaveSEG.Folder.isDeletedBooleanWhether the folder is deleted.
TrustwaveSEG.Folder.isFingerprintingEnabledBooleanWhether fingerprinting is enabled for the folder.
TrustwaveSEG.Folder.isPassThruBooleanWhether pass thru is enabled for the folder.
TrustwaveSEG.Folder.isPublishedInboundBooleanWhether the folder is published inbound.
TrustwaveSEG.Folder.isPublishedOutboundBooleanWhether the folder is published outbound.
TrustwaveSEG.Folder.isReadOnlyBooleanWhether the folder is read-only.
TrustwaveSEG.Folder.nameStringThe name of the folder.
TrustwaveSEG.Folder.numFilesNumberThe number of files in the folder.
TrustwaveSEG.Folder.parentIdNumberThe parent ID of the folder.
TrustwaveSEG.Folder.pathStringThe path of the folder.
TrustwaveSEG.Folder.retentionNumberThe retention of the folder.
TrustwaveSEG.Folder.securityDescriptionStringThe security description of the folder.

Command Example#

!trustwave-seg-list-quarantine-folders

Context Example#

{
"TrustwaveSEG": {
"Folder": [
{
"description": "",
"folderId": 1,
"folderType": 4,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Folders",
"numFiles": 5,
"parentId": 0,
"path": "",
"retention": 7,
"securityDescription": ""
},
{
"description": "",
"folderId": 2,
"folderType": 3,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Mail Recycle Bin",
"numFiles": 0,
"parentId": 1,
"path": "",
"retention": 7,
"securityDescription": ""
},
{
"description": "",
"folderId": 3,
"folderType": 4,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Dead Letters",
"numFiles": 0,
"parentId": 1,
"path": "DeadLetter",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that could not be processed due to file corruption or other problems with structure.",
"folderId": 4,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Unpacking",
"numFiles": 0,
"parentId": 3,
"path": "Unpacking",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that could not be delivered due to a DNS lookup problem or other issues.",
"folderId": 5,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Routing",
"numFiles": 0,
"parentId": 3,
"path": "Routing",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that returned an unexpected result from virus scanning or an external command.",
"folderId": 7,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Undetermined",
"numFiles": 0,
"parentId": 3,
"path": "Undetermined",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that were blocked or could not be processed due to problems with encoding.",
"folderId": 8,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malformed",
"numFiles": 0,
"parentId": 3,
"path": "Malformed",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that could not be fully unpacked but are classified as containing a virus.",
"folderId": 9,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Virus",
"numFiles": 0,
"parentId": 3,
"path": "Virus",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that could not be fully unpacked but are classified as spam.",
"folderId": 10,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Spam",
"numFiles": 0,
"parentId": 3,
"path": "Spam",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that could not be delivered to the Archive.",
"folderId": 11,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Archiving",
"numFiles": 0,
"parentId": 3,
"path": "Archiving",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains historic logs for delivered email.",
"folderId": 1000,
"folderType": 5,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": true,
"name": "Sent History",
"numFiles": 0,
"parentId": 1,
"path": "4B7E81EE-9D7B-46E2-B027-ECDDFD26E947",
"retention": 7,
"securityDescription": ""
},
{
"description": "An archive folder for inbound messages with attached DMARC Reports for the local domains.",
"folderId": 1001,
"folderType": 6,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": true,
"name": "DMARC Reports",
"numFiles": 0,
"parentId": 1,
"path": "736A0F9F-A865-4519-A111-DA8A967D45A1",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that match an Executive Name in the From: field.",
"folderId": 1002,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "BEC - Executive Name",
"numFiles": 0,
"parentId": 1,
"path": "157803C1-1B20-4415-A92F-FA9D871B768C",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages with attachments deemed suspect, such as undesirable file extensions.",
"folderId": 1003,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Suspect",
"numFiles": 0,
"parentId": 1,
"path": "ED86938B-A2C4-4260-A4AB-D80BF8CE9C72",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that are identified as spoofed by the blocked spoofed messages rule.",
"folderId": 1004,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Spoofed",
"numFiles": 0,
"parentId": 1,
"path": "1AE86AF4-44FC-411D-95E5-20B8F3D0D55E",
"retention": 7,
"securityDescription": ""
},
{
"description": "Generic folder for unwanted messages such as chain letters and hoaxes.",
"folderId": 1005,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Junk",
"numFiles": 0,
"parentId": 1,
"path": "2A3E6EFE-38D6-438D-84B0-BE4AB2B7EFAD",
"retention": 7,
"securityDescription": ""
},
{
"description": "An archive folder for all inbound messages. By default, messages are kept for 3 months.",
"folderId": 1006,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": true,
"name": "Archive In",
"numFiles": 3,
"parentId": 1,
"path": "AA55C8DA-7BE2-4EA4-AD99-BAB37FC598DC",
"retention": 0,
"securityDescription": ""
},
{
"description": "An archive folder for all outbound messages. By default, messages are kept for 3 months.",
"folderId": 1007,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": true,
"name": "Archive Out",
"numFiles": 2,
"parentId": 1,
"path": "A11F07EA-7569-4596-9BC5-B4A25D428BAE",
"retention": 93,
"securityDescription": ""
},
{
"description": "Contains messages blocked because they contain profanity.",
"folderId": 1008,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Language",
"numFiles": 0,
"parentId": 1,
"path": "6F1422E1-CDB6-4669-ACC7-794CC0669663",
"retention": 7,
"securityDescription": ""
},
{
"description": "Used for temporarily 'parking' large outbound messages or message mailouts until after business hours.",
"folderId": 1009,
"folderType": 2,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Parked Large Files",
"numFiles": 0,
"parentId": 1,
"path": "350EC7AE-54FF-4106-903C-79871A72E6BC",
"retention": 0,
"securityDescription": ""
},
{
"description": "Used for quarantining large messages that exceed a threshold.",
"folderId": 1010,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Oversize",
"numFiles": 0,
"parentId": 1,
"path": "821EF706-6C63-4F56-8E4C-2E5D18F4FAFA",
"retention": 7,
"securityDescription": ""
},
{
"description": "A folder that holds messages awaiting a response in order to be released.",
"folderId": 1011,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Awaiting Challenge - Response",
"numFiles": 0,
"parentId": 1,
"path": "E6C18E25-6C63-4740-8783-39A8E9818844",
"retention": 3,
"securityDescription": ""
},
{
"description": "Contains messages with identified executable attachments.",
"folderId": 1012,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Executables",
"numFiles": 0,
"parentId": 1,
"path": "874AE4BA-F735-4067-AC91-DC3453AFC685",
"retention": 7,
"securityDescription": ""
},
{
"description": "Used for messages that contain an attached image.",
"folderId": 1013,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Images",
"numFiles": 0,
"parentId": 1,
"path": "C004A276-EAEB-4251-ADEC-494FAF0CB713",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages with sound or video attachments, such as MP3 or AVI files.",
"folderId": 1014,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Video and Sound",
"numFiles": 0,
"parentId": 1,
"path": "B0CD505E-8A44-434B-8194-E65976CDB4D9",
"retention": 7,
"securityDescription": ""
},
{
"description": "Used for messages with encrypted attachments, such as encrypted archive files.",
"folderId": 1015,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Encrypted",
"numFiles": 0,
"parentId": 1,
"path": "298D738E-7577-4A91-9E6F-03ED0C817F16",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages with binary files of an unknown type.",
"folderId": 1016,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Unknown",
"numFiles": 0,
"parentId": 1,
"path": "9A978764-CC8C-46F3-892A-D9E663246046",
"retention": 7,
"securityDescription": ""
},
{
"description": "Generic folder for messages that breach company policy.",
"folderId": 1017,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Policy Breaches",
"numFiles": 0,
"parentId": 1,
"path": "5FD9C657-C416-410B-8FA3-EB2BB2709DDE",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages which may indicate possible SEC compliance issues.",
"folderId": 1018,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Policy Breaches - SEC",
"numFiles": 0,
"parentId": 1,
"path": "290D7E3C-79EF-4E9C-8F2F-DCCBF41A2C9D",
"retention": 365,
"securityDescription": ""
},
{
"description": "Contains messages which trigger keywords which may indicate possible Sarbanes-Oxley compliance issues.",
"folderId": 1019,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Policy Breaches - SOX",
"numFiles": 0,
"parentId": 1,
"path": "8DD88244-BBA9-4100-9F54-62C37C4C3C64",
"retention": 365,
"securityDescription": ""
},
{
"description": "Contains messages with document attachments, such as PDF files.",
"folderId": 1020,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Documents",
"numFiles": 0,
"parentId": 1,
"path": "FECF5729-15B7-4530-BC15-2D22C98EB9A6",
"retention": 7,
"securityDescription": ""
},
{
"description": "Used by the integrated Image Analyzer component to hold images that may be Pornographic.",
"folderId": 1021,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Suspect Images",
"numFiles": 0,
"parentId": 1,
"path": "0E59FDA1-F197-4072-A8BC-3EF514E2E682",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that trigger health-related keywords which may indicate possible HIPAA compliance issues.",
"folderId": 1022,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Policy Breaches - HIPAA",
"numFiles": 0,
"parentId": 1,
"path": "D3062553-A54C-48DC-9447-372EE2268CB6",
"retention": 365,
"securityDescription": ""
},
{
"description": "Used where there is a high degree of confidence that the messages are spam. The folder is not end-user managed.",
"folderId": 1023,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Spam - Confirmed",
"numFiles": 0,
"parentId": 1,
"path": "3EFF33E4-22C3-41EA-98D7-74E3BB6357FD",
"retention": 7,
"securityDescription": ""
},
{
"description": "Suspected 419, Lottery and other scam emails.",
"folderId": 1024,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Spam - Scams",
"numFiles": 0,
"parentId": 1,
"path": "C95F143E-B4CD-4A10-9E3D-6E096CD19908",
"retention": 7,
"securityDescription": ""
},
{
"description": "Used where the message is suspected as spam. The folder is end-user managed.",
"folderId": 1025,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": true,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Spam - Suspected",
"numFiles": 0,
"parentId": 1,
"path": "335E332D-57D4-4D3A-BE50-C620E9D63151",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that failed to meet TLS criteria.",
"folderId": 1026,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "TLS Failures",
"numFiles": 0,
"parentId": 1,
"path": "192C2502-065C-48B6-BF0C-091C09CA9131",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that failed to pass DKIM verification.",
"folderId": 1027,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "DKIM Failures",
"numFiles": 0,
"parentId": 1,
"path": "1AE86AF4-44FC-411D-95E5-20B8F3D0D55E",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that could not have a DKIM signature applied.",
"folderId": 1028,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "DKIM Signing Failures",
"numFiles": 0,
"parentId": 1,
"path": "1F1EFD91-6E75-4DE8-B277-13C4997BE17F",
"retention": 7,
"securityDescription": ""
},
{
"description": "Messages tagged as having malware by an anti-virus scanner.",
"folderId": 1029,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malware",
"numFiles": 0,
"parentId": 1,
"path": "C9A5C59E-AA24-472B-9B39-A374354F0D05",
"retention": 7,
"securityDescription": ""
},
{
"description": "Messages that have caused the anti-virus scanner to report an error.",
"folderId": 1030,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malware - Virus Scanner Errors",
"numFiles": 0,
"parentId": 1,
"path": "23AFE871-65F2-4C91-B02B-942C96AB73AB",
"retention": 7,
"securityDescription": ""
},
{
"description": "Messages suspected of having malicious content by one of the gateway's threat filters.",
"folderId": 1031,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malware - Suspected",
"numFiles": 0,
"parentId": 1,
"path": "C0FE5CD3-71EF-4A94-B36D-CA319D674A5D",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that failed to pass SenderID verification.",
"folderId": 1032,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "SenderID Failures",
"numFiles": 0,
"parentId": 1,
"path": "C5510AFE-7119-4138-BD8D-5240BB3A94C4",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that include suspect URLs.",
"folderId": 1033,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Suspect URLs",
"numFiles": 0,
"parentId": 1,
"path": "CE15B1F6-0839-4A61-AD0C-D87E625CB14F",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages suspected of having malicious content by the Advanced Malware and Exploit Detection (AMAX) filter.",
"folderId": 1034,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malware - AMAX",
"numFiles": 0,
"parentId": 1,
"path": "61075A40-337E-4D4C-9368-48822F579AB8",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages with PDF attachments that are malformed or corrupt.",
"folderId": 1035,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malformed PDF",
"numFiles": 0,
"parentId": 1,
"path": "61075A40-337E-4D4C-9368-48822F579AB8",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that failed to pass DMARC verification, where the DMARC policy for message disposition was \"quarantine\".",
"folderId": 1036,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "DMARC Failures - Quarantine policy",
"numFiles": 0,
"parentId": 1,
"path": "F6C95742-0EDA-4BE7-9B5D-EE8AA32DBA43",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages that failed to pass DMARC verification, where the DMARC policy for message disposition was \"reject\".",
"folderId": 1037,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "DMARC Failures - Reject policy",
"numFiles": 0,
"parentId": 1,
"path": "51556EA9-390F-4AC2-B521-38B68BC7F3C9",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages detected by the BEC Fraud Filter.",
"folderId": 1038,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "BEC - Fraud Filter",
"numFiles": 0,
"parentId": 1,
"path": "13B5A560-257E-4D2C-8665-DE7840D26F2F",
"retention": 7,
"securityDescription": ""
},
{
"description": "Contains messages where the From: domain is similar to a local domain.",
"folderId": 1039,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "BEC - Domain Similarity",
"numFiles": 0,
"parentId": 1,
"path": "BE9625E3-2E9A-44A6-8BB4-A4254DFB341F",
"retention": 7,
"securityDescription": ""
}
]
}
}

Human Readable Output#

Quarantine Folders#

Folder IdNameDescriptionIs DeletedIs Read OnlyNum FilesRetention
1Foldersfalsefalse57
2Mail Recycle Binfalsefalse07
3Dead Lettersfalsefalse07
4UnpackingContains messages that could not be processed due to file corruption or other problems with structure.falsefalse07
5RoutingContains messages that could not be delivered due to a DNS lookup problem or other issues.falsefalse07
7UndeterminedContains messages that returned an unexpected result from virus scanning or an external command.falsefalse07
8MalformedContains messages that were blocked or could not be processed due to problems with encoding.falsefalse07
9VirusContains messages that could not be fully unpacked but are classified as containing a virus.falsefalse07
10SpamContains messages that could not be fully unpacked but are classified as spam.falsefalse07
11ArchivingContains messages that could not be delivered to the Archive.falsefalse07
1000Sent HistoryContains historic logs for delivered email.falsetrue07
1001DMARC ReportsAn archive folder for inbound messages with attached DMARC Reports for the local domains.falsetrue07
1002BEC - Executive NameContains messages that match an Executive Name in the From: field.falsefalse07
1003SuspectContains messages with attachments deemed suspect, such as undesirable file extensions.falsefalse07
1004SpoofedContains messages that are identified as spoofed by the blocked spoofed messages rule.falsefalse07
1005JunkGeneric folder for unwanted messages such as chain letters and hoaxes.falsefalse07
1006Archive InAn archive folder for all inbound messages. By default, messages are kept for 3 months.falsetrue30
1007Archive OutAn archive folder for all outbound messages. By default, messages are kept for 3 months.falsetrue293
1008LanguageContains messages blocked because they contain profanity.falsefalse07
1009Parked Large FilesUsed for temporarily 'parking' large outbound messages or message mailouts until after business hours.falsefalse00
1010OversizeUsed for quarantining large messages that exceed a threshold.falsefalse07
1011Awaiting Challenge - ResponseA folder that holds messages awaiting a response in order to be released.falsefalse03
1012Attachment Type - ExecutablesContains messages with identified executable attachments.falsefalse07
1013Attachment Type - ImagesUsed for messages that contain an attached image.falsefalse07
1014Attachment Type - Video and SoundContains messages with sound or video attachments, such as MP3 or AVI files.falsefalse07
1015Attachment Type - EncryptedUsed for messages with encrypted attachments, such as encrypted archive files.falsefalse07
1016Attachment Type - UnknownContains messages with binary files of an unknown type.falsefalse07
1017Policy BreachesGeneric folder for messages that breach company policy.falsefalse07
1018Policy Breaches - SECContains messages which may indicate possible SEC compliance issues.falsefalse0365
1019Policy Breaches - SOXContains messages which trigger keywords which may indicate possible Sarbanes-Oxley compliance issues.falsefalse0365
1020Attachment Type - DocumentsContains messages with document attachments, such as PDF files.falsefalse07
1021Suspect ImagesUsed by the integrated Image Analyzer component to hold images that may be Pornographic.falsefalse07
1022Policy Breaches - HIPAAContains messages that trigger health-related keywords which may indicate possible HIPAA compliance issues.falsefalse0365
1023Spam - ConfirmedUsed where there is a high degree of confidence that the messages are spam. The folder is not end-user managed.falsefalse07
1024Spam - ScamsSuspected 419, Lottery and other scam emails.falsefalse07
1025Spam - SuspectedUsed where the message is suspected as spam. The folder is end-user managed.falsefalse07
1026TLS FailuresContains messages that failed to meet TLS criteria.falsefalse07
1027DKIM FailuresContains messages that failed to pass DKIM verification.falsefalse07
1028DKIM Signing FailuresContains messages that could not have a DKIM signature applied.falsefalse07
1029MalwareMessages tagged as having malware by an anti-virus scanner.falsefalse07
1030Malware - Virus Scanner ErrorsMessages that have caused the anti-virus scanner to report an error.falsefalse07
1031Malware - SuspectedMessages suspected of having malicious content by one of the gateway's threat filters.falsefalse07
1032SenderID FailuresContains messages that failed to pass SenderID verification.falsefalse07
1033Suspect URLsContains messages that include suspect URLs.falsefalse07
1034Malware - AMAXContains messages suspected of having malicious content by the Advanced Malware and Exploit Detection (AMAX) filter.falsefalse07
1035Malformed PDFContains messages with PDF attachments that are malformed or corrupt.falsefalse07
1036DMARC Failures - Quarantine policyContains messages that failed to pass DMARC verification, where the DMARC policy for message disposition was "quarantine".falsefalse07
1037DMARC Failures - Reject policyContains messages that failed to pass DMARC verification, where the DMARC policy for message disposition was "reject".falsefalse07
1038BEC - Fraud FilterContains messages detected by the BEC Fraud Filter.falsefalse07
1039BEC - Domain SimilarityContains messages where the From: domain is similar to a local domain.falsefalse07

trustwave-seg-list-quarantine-folders-with-day-info#


Gets a list of folders with current day information.

Base Command#

trustwave-seg-list-quarantine-folders-with-day-info

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
TrustwaveSEG.Folder.dayItemsUnknownThe items of the day for the folder.
TrustwaveSEG.Folder.descriptionStringThe description of the folder.
TrustwaveSEG.Folder.folderIdNumberThe ID of the folder.
TrustwaveSEG.Folder.folderTypeNumberThe type of the folder.
TrustwaveSEG.Folder.iconIndexNumberThe icon index of the folder.
TrustwaveSEG.Folder.isDeletedBooleanWhether the folder is deleted.
TrustwaveSEG.Folder.isFingerprintingEnabledBooleanWhether fingerprinting is enabled for the folder.
TrustwaveSEG.Folder.isPassThruBooleanWhether pass thru is enabled for the folder.
TrustwaveSEG.Folder.isPublishedInboundBooleanWhether the folder is published inbound.
TrustwaveSEG.Folder.isPublishedOutboundBooleanWhether the folder is published outbound.
TrustwaveSEG.Folder.isReadOnlyBooleanWhether the is folder read-only.
TrustwaveSEG.Folder.nameStringThe name of the folder.
TrustwaveSEG.Folder.numFilesNumberThe number of files in the folder.
TrustwaveSEG.Folder.parentIdNumberThe parent ID of the folder.
TrustwaveSEG.Folder.pathStringThe path of the folder.
TrustwaveSEG.Folder.retentionNumberThe retention of the folder.
TrustwaveSEG.Folder.securityDescriptionStringThe security description of the folder.

Command Example#

!trustwave-seg-list-quarantine-folders-with-day-info

Context Example#

{
"TrustwaveSEG": {
"Folder": [
{
"dayItems": [
{
"endTime": 1619125200,
"numFiles": 2,
"startTime": 1619038800
}
],
"description": "An archive folder for all outbound messages. By default, messages are kept for 3 months.",
"folderId": 1007,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": true,
"name": "Archive Out",
"numFiles": 2,
"parentId": 1,
"path": "A11F07EA-7569-4596-9BC5-B4A25D428BAE",
"retention": 93,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages blocked because they contain profanity.",
"folderId": 1008,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Language",
"numFiles": 0,
"parentId": 1,
"path": "6F1422E1-CDB6-4669-ACC7-794CC0669663",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "",
"folderId": 1,
"folderType": 4,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Folders",
"numFiles": 5,
"parentId": 0,
"path": "",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Used for temporarily 'parking' large outbound messages or message mailouts until after business hours.",
"folderId": 1009,
"folderType": 2,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Parked Large Files",
"numFiles": 0,
"parentId": 1,
"path": "350EC7AE-54FF-4106-903C-79871A72E6BC",
"retention": 0,
"securityDescription": ""
},
{
"dayItems": null,
"description": "",
"folderId": 2,
"folderType": 3,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Mail Recycle Bin",
"numFiles": 0,
"parentId": 1,
"path": "",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Used for quarantining large messages that exceed a threshold.",
"folderId": 1010,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Oversize",
"numFiles": 0,
"parentId": 1,
"path": "821EF706-6C63-4F56-8E4C-2E5D18F4FAFA",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "",
"folderId": 3,
"folderType": 4,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Dead Letters",
"numFiles": 0,
"parentId": 1,
"path": "DeadLetter",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "A folder that holds messages awaiting a response in order to be released.",
"folderId": 1011,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Awaiting Challenge - Response",
"numFiles": 0,
"parentId": 1,
"path": "E6C18E25-6C63-4740-8783-39A8E9818844",
"retention": 3,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that could not be processed due to file corruption or other problems with structure.",
"folderId": 4,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Unpacking",
"numFiles": 0,
"parentId": 3,
"path": "Unpacking",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages with identified executable attachments.",
"folderId": 1012,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Executables",
"numFiles": 0,
"parentId": 1,
"path": "874AE4BA-F735-4067-AC91-DC3453AFC685",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that could not be delivered due to a DNS lookup problem or other issues.",
"folderId": 5,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Routing",
"numFiles": 0,
"parentId": 3,
"path": "Routing",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Used for messages that contain an attached image.",
"folderId": 1013,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Images",
"numFiles": 0,
"parentId": 1,
"path": "C004A276-EAEB-4251-ADEC-494FAF0CB713",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages with sound or video attachments, such as MP3 or AVI files.",
"folderId": 1014,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Video and Sound",
"numFiles": 0,
"parentId": 1,
"path": "B0CD505E-8A44-434B-8194-E65976CDB4D9",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that returned an unexpected result from virus scanning or an external command.",
"folderId": 7,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Undetermined",
"numFiles": 0,
"parentId": 3,
"path": "Undetermined",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Used for messages with encrypted attachments, such as encrypted archive files.",
"folderId": 1015,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Encrypted",
"numFiles": 0,
"parentId": 1,
"path": "298D738E-7577-4A91-9E6F-03ED0C817F16",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that were blocked or could not be processed due to problems with encoding.",
"folderId": 8,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malformed",
"numFiles": 0,
"parentId": 3,
"path": "Malformed",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages with binary files of an unknown type.",
"folderId": 1016,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Unknown",
"numFiles": 0,
"parentId": 1,
"path": "9A978764-CC8C-46F3-892A-D9E663246046",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that could not be fully unpacked but are classified as containing a virus.",
"folderId": 9,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Virus",
"numFiles": 0,
"parentId": 3,
"path": "Virus",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Generic folder for messages that breach company policy.",
"folderId": 1017,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Policy Breaches",
"numFiles": 0,
"parentId": 1,
"path": "5FD9C657-C416-410B-8FA3-EB2BB2709DDE",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that could not be fully unpacked but are classified as spam.",
"folderId": 10,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Spam",
"numFiles": 0,
"parentId": 3,
"path": "Spam",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages which may indicate possible SEC compliance issues.",
"folderId": 1018,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Policy Breaches - SEC",
"numFiles": 0,
"parentId": 1,
"path": "290D7E3C-79EF-4E9C-8F2F-DCCBF41A2C9D",
"retention": 365,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that could not be delivered to the Archive.",
"folderId": 11,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Archiving",
"numFiles": 0,
"parentId": 3,
"path": "Archiving",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages which trigger keywords which may indicate possible Sarbanes-Oxley compliance issues.",
"folderId": 1019,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Policy Breaches - SOX",
"numFiles": 0,
"parentId": 1,
"path": "8DD88244-BBA9-4100-9F54-62C37C4C3C64",
"retention": 365,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages with document attachments, such as PDF files.",
"folderId": 1020,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Attachment Type - Documents",
"numFiles": 0,
"parentId": 1,
"path": "FECF5729-15B7-4530-BC15-2D22C98EB9A6",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Used by the integrated Image Analyzer component to hold images that may be Pornographic.",
"folderId": 1021,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Suspect Images",
"numFiles": 0,
"parentId": 1,
"path": "0E59FDA1-F197-4072-A8BC-3EF514E2E682",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that trigger health-related keywords which may indicate possible HIPAA compliance issues.",
"folderId": 1022,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Policy Breaches - HIPAA",
"numFiles": 0,
"parentId": 1,
"path": "D3062553-A54C-48DC-9447-372EE2268CB6",
"retention": 365,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Used where there is a high degree of confidence that the messages are spam. The folder is not end-user managed.",
"folderId": 1023,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Spam - Confirmed",
"numFiles": 0,
"parentId": 1,
"path": "3EFF33E4-22C3-41EA-98D7-74E3BB6357FD",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Suspected 419, Lottery and other scam emails.",
"folderId": 1024,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Spam - Scams",
"numFiles": 0,
"parentId": 1,
"path": "C95F143E-B4CD-4A10-9E3D-6E096CD19908",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Used where the message is suspected as spam. The folder is end-user managed.",
"folderId": 1025,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": true,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Spam - Suspected",
"numFiles": 0,
"parentId": 1,
"path": "335E332D-57D4-4D3A-BE50-C620E9D63151",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that failed to meet TLS criteria.",
"folderId": 1026,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "TLS Failures",
"numFiles": 0,
"parentId": 1,
"path": "192C2502-065C-48B6-BF0C-091C09CA9131",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that failed to pass DKIM verification.",
"folderId": 1027,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "DKIM Failures",
"numFiles": 0,
"parentId": 1,
"path": "1AE86AF4-44FC-411D-95E5-20B8F3D0D55E",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that could not have a DKIM signature applied.",
"folderId": 1028,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "DKIM Signing Failures",
"numFiles": 0,
"parentId": 1,
"path": "1F1EFD91-6E75-4DE8-B277-13C4997BE17F",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Messages tagged as having malware by an anti-virus scanner.",
"folderId": 1029,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malware",
"numFiles": 0,
"parentId": 1,
"path": "C9A5C59E-AA24-472B-9B39-A374354F0D05",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Messages that have caused the anti-virus scanner to report an error.",
"folderId": 1030,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malware - Virus Scanner Errors",
"numFiles": 0,
"parentId": 1,
"path": "23AFE871-65F2-4C91-B02B-942C96AB73AB",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Messages suspected of having malicious content by one of the gateway's threat filters.",
"folderId": 1031,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malware - Suspected",
"numFiles": 0,
"parentId": 1,
"path": "C0FE5CD3-71EF-4A94-B36D-CA319D674A5D",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that failed to pass SenderID verification.",
"folderId": 1032,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "SenderID Failures",
"numFiles": 0,
"parentId": 1,
"path": "C5510AFE-7119-4138-BD8D-5240BB3A94C4",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that include suspect URLs.",
"folderId": 1033,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Suspect URLs",
"numFiles": 0,
"parentId": 1,
"path": "CE15B1F6-0839-4A61-AD0C-D87E625CB14F",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages suspected of having malicious content by the Advanced Malware and Exploit Detection (AMAX) filter.",
"folderId": 1034,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malware - AMAX",
"numFiles": 0,
"parentId": 1,
"path": "61075A40-337E-4D4C-9368-48822F579AB8",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages with PDF attachments that are malformed or corrupt.",
"folderId": 1035,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Malformed PDF",
"numFiles": 0,
"parentId": 1,
"path": "61075A40-337E-4D4C-9368-48822F579AB8",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that failed to pass DMARC verification, where the DMARC policy for message disposition was \"quarantine\".",
"folderId": 1036,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "DMARC Failures - Quarantine policy",
"numFiles": 0,
"parentId": 1,
"path": "F6C95742-0EDA-4BE7-9B5D-EE8AA32DBA43",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that failed to pass DMARC verification, where the DMARC policy for message disposition was \"reject\".",
"folderId": 1037,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "DMARC Failures - Reject policy",
"numFiles": 0,
"parentId": 1,
"path": "51556EA9-390F-4AC2-B521-38B68BC7F3C9",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages detected by the BEC Fraud Filter.",
"folderId": 1038,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "BEC - Fraud Filter",
"numFiles": 0,
"parentId": 1,
"path": "13B5A560-257E-4D2C-8665-DE7840D26F2F",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages where the From: domain is similar to a local domain.",
"folderId": 1039,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "BEC - Domain Similarity",
"numFiles": 0,
"parentId": 1,
"path": "BE9625E3-2E9A-44A6-8BB4-A4254DFB341F",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains historic logs for delivered email.",
"folderId": 1000,
"folderType": 5,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": true,
"name": "Sent History",
"numFiles": 0,
"parentId": 1,
"path": "4B7E81EE-9D7B-46E2-B027-ECDDFD26E947",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "An archive folder for inbound messages with attached DMARC Reports for the local domains.",
"folderId": 1001,
"folderType": 6,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": true,
"name": "DMARC Reports",
"numFiles": 0,
"parentId": 1,
"path": "736A0F9F-A865-4519-A111-DA8A967D45A1",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that match an Executive Name in the From: field.",
"folderId": 1002,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "BEC - Executive Name",
"numFiles": 0,
"parentId": 1,
"path": "157803C1-1B20-4415-A92F-FA9D871B768C",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages with attachments deemed suspect, such as undesirable file extensions.",
"folderId": 1003,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Suspect",
"numFiles": 0,
"parentId": 1,
"path": "ED86938B-A2C4-4260-A4AB-D80BF8CE9C72",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Contains messages that are identified as spoofed by the blocked spoofed messages rule.",
"folderId": 1004,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Spoofed",
"numFiles": 0,
"parentId": 1,
"path": "1AE86AF4-44FC-411D-95E5-20B8F3D0D55E",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "Generic folder for unwanted messages such as chain letters and hoaxes.",
"folderId": 1005,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": false,
"name": "Junk",
"numFiles": 0,
"parentId": 1,
"path": "2A3E6EFE-38D6-438D-84B0-BE4AB2B7EFAD",
"retention": 7,
"securityDescription": ""
},
{
"dayItems": null,
"description": "An archive folder for all inbound messages. By default, messages are kept for 3 months.",
"folderId": 1006,
"folderType": 1,
"iconIndex": 0,
"isDeleted": false,
"isFingerprintingEnabled": false,
"isPassThru": false,
"isPublishedInbound": false,
"isPublishedOutbound": false,
"isReadOnly": true,
"name": "Archive In",
"numFiles": 3,
"parentId": 1,
"path": "AA55C8DA-7BE2-4EA4-AD99-BAB37FC598DC",
"retention": 0,
"securityDescription": ""
}
]
}
}

Human Readable Output#

Quarantine Folders with Day Info#

Folder IdNameDescriptionNum FilesIs DeletedIs Read OnlyRetention
1007Archive OutAn archive folder for all outbound messages. By default, messages are kept for 3 months.2falsetrue93

trustwave-seg-list-day-info-by-quarantine-folder#


Get the current day information for a folder.

Base Command#

trustwave-seg-list-day-info-by-quarantine-folder

Input#

Argument NameDescriptionRequired
folder_idThe ID of the folder with quarantine day information.Required

Context Output#

PathTypeDescription
TrustwaveSEG.DayInfo.endTimeNumberThe end time of the day information.
TrustwaveSEG.DayInfo.numFilesNumberThe number of files of the day information.
TrustwaveSEG.DayInfo.startTimeNumberThe start time of the day information.

Command Example#

!trustwave-seg-list-day-info-by-quarantine-folder folder_id=1006

Human Readable Output#

Quarantine Folder with Day Info. ID: 1006#

No entries.

trustwave-seg-find-quarantine-message#


Find message by specified parameters.

Base Command#

trustwave-seg-find-quarantine-message

Input#

Argument NameDescriptionRequired
time_rangeAn optional time range of the search, i.e., 3 months, 1 week, 1 day ago, etc.Optional
start_timeStart time of the search in the format: YYYY-mm-ddTHH:MM:SSZ or i.e., 3 months, 1 week, 1 day ago, etc. Given only the start_time, end_time will be set to the current time.Optional
end_timeEnd time of the search in the format: YYYY-mm-ddTHH:MM:SSZ or i.e., 3 months, 1 week, 1 day ago, etc.Optional
max_rowsThe number of rows to return from the API. Default to 10. Default is 10.Optional
folder_idThe ID of the folder in which to search for information (e.g., 1006).Optional
message_nameThe name of the message to search for.Optional
classificationThe classification ID. Can be found by using the classification command (e.g., 37).Optional
from_userThe email address from which the message was sent.Optional
to_userThe email address to which the message was sent.Optional
to_domainThe domain to which the message was sent.Optional
min_sizeThe minimum size in bytes of the message (e.g., 0).Optional
max_sizeThe maximum size in bytes of the message (e.g., 1024).Optional
subjectThe subject of the message. (e.g., "some subject").Optional
search_historyWhether the search should include the history. Possible values are: true, false.Optional
forwardsWhether the search should include forwarded messages. Possible values are: true, false.Optional
block_numberThe block number of the message (e.g., 106098471075840).Optional
search_blank_subjectWhether the search should include messages with a blank subject. Possible values are: true, false.Optional

Context Output#

PathTypeDescription
TrustwaveSEG.Message.actionTypeNumberThe action type of the message.
TrustwaveSEG.Message.blockNumberNumberThe block number of the message.
TrustwaveSEG.Message.blockRecipientIndexNumberThe block recipient index of the message.
TrustwaveSEG.Message.classificationNumberThe classification of the message.
TrustwaveSEG.Message.deletedNumberThe number of the deleted message.
TrustwaveSEG.Message.descriptionStringThe description of the message.
TrustwaveSEG.Message.editionStringThe edition of the message.
TrustwaveSEG.Message.folderIdNumberThe folder ID of the message.
TrustwaveSEG.Message.hasAttachmentsBooleanWhether the message has attachments.
TrustwaveSEG.Message.messageBodyStringThe body of the message.
TrustwaveSEG.Message.messageNameStringThe name of the message.
TrustwaveSEG.Message.recipientStringThe recipient of the message.
TrustwaveSEG.Message.senderStringThe sender of the message.
TrustwaveSEG.Message.serverIdNumberThe server ID of the message.
TrustwaveSEG.Message.sessionNumberNumberThe session number of the message.
TrustwaveSEG.Message.sizeNumberThe size of the message.
TrustwaveSEG.Message.subjectStringThe subject of the message.
TrustwaveSEG.Message.timeArrivedNumberThe time the message arrived.
TrustwaveSEG.Message.timeLoggedNumberThe time the message was logged.
TrustwaveSEG.Message.unicodeSubjectStringThe unicode subject of the message.

Command Example#

!trustwave-seg-find-quarantine-message max_rows=10 time_range="3 month"

Context Example#

{
"TrustwaveSEG": {
"Message": [
{
"actionType": 1,
"blockNumber": 106115282632704,
"blockRecipientIndex": 0,
"classification": 37,
"deleted": 0,
"description": "- Message Archiving : Archive All Inbound Messages",
"edition": "6082e3b60013",
"folderId": 1006,
"hasAttachments": false,
"messageBody": "This is the body of the email\r",
"messageName": "B6082e3b60000",
"recipient": "test@example.com",
"sender": "root@localhost.localdomain",
"serverId": 1,
"sessionNumber": -474611712,
"size": 870,
"subject": "This is the subject line",
"timeArrived": 1619190710,
"timeLogged": 1619190710,
"unicodeSubject": "This is the subject line"
},
{
"actionType": 1,
"blockNumber": 106112687144960,
"blockRecipientIndex": 0,
"classification": 37,
"deleted": 0,
"description": "- Message Archiving : Archive All Inbound Messages",
"edition": "608249030012",
"folderId": 1006,
"hasAttachments": false,
"messageBody": "This is the body of the email\r",
"messageName": "B608249020000",
"recipient": "test@example.com",
"sender": "root@localhost.localdomain",
"serverId": 1,
"sessionNumber": 1224933376,
"size": 870,
"subject": "This is the subject line",
"timeArrived": 1619151106,
"timeLogged": 1619151106,
"unicodeSubject": "This is the subject line"
},
{
"actionType": 1,
"blockNumber": 106109128212480,
"blockRecipientIndex": 0,
"classification": 38,
"deleted": 0,
"description": "- Message Archiving : Archive All Outbound Messages",
"edition": "608174e50003",
"folderId": 1007,
"hasAttachments": false,
"messageBody": "This is the bodydhgdghdfghgfd54645645645fddfgdgdf\r",
"messageName": "B608174e50000",
"recipient": "test@example.com",
"sender": "root@localhost.localdomain",
"serverId": 1,
"sessionNumber": 1961164800,
"size": 1279,
"subject": "This isafdsafasgfaiysgfsaidghfuisf sdgsgsd the subject line",
"timeArrived": 1619096805,
"timeLogged": 1619096805,
"unicodeSubject": "This isafdsafasgfaiysgfsaidghfuisf sdgsgsd the subject line"
},
{
"actionType": 1,
"blockNumber": 106106651148288,
"blockRecipientIndex": 0,
"classification": 38,
"deleted": 0,
"description": "- Message Archiving : Archive All Outbound Messages",
"edition": "6080e13e0000",
"folderId": 1007,
"hasAttachments": false,
"messageBody": "This is the bodydhgdghdfghgfd54645645645fddfgdgdf\r",
"messageName": "B6080e1390000",
"recipient": "test@example.com",
"sender": "root@localhost.localdomain",
"serverId": 1,
"sessionNumber": -516030464,
"size": 1279,
"subject": "This isafdsafasgfaiysgfsaidghfuisf sdgsgsd the subject line",
"timeArrived": 1619059003,
"timeLogged": 1619059003,
"unicodeSubject": "This isafdsafasgfaiysgfsaidghfuisf sdgsgsd the subject line"
},
{
"actionType": 1,
"blockNumber": 106098471075840,
"blockRecipientIndex": 0,
"classification": 37,
"deleted": 0,
"description": "- Message Archiving : Archive All Inbound Messages",
"edition": "607ef9ae0000",
"folderId": 1006,
"hasAttachments": false,
"messageBody": "This is the body of the email\r",
"messageName": "B607ef9ac0000",
"recipient": "test@example.com",
"sender": "root@localhost.localdomain",
"serverId": 1,
"sessionNumber": -106037248,
"size": 870,
"subject": "This is the subject line",
"timeArrived": 1618934189,
"timeLogged": 1618934189,
"unicodeSubject": "This is the subject line"
}
]
}
}

Human Readable Output#

Find Quarantine Messages Results#

SubjectDescriptionBlock NumberEditionFolder IdMessage NameRecipientServer IdTime Logged
This is the subject line- Message Archiving : Archive All Inbound Messages1061152826327046082e3b600131006B6082e3b60000test@example.com11619190710
This is the subject line- Message Archiving : Archive All Inbound Messages1061126871449606082490300121006B608249020000test@example.com11619151106
This isafdsafasgfaiysgfsaidghfuisf sdgsgsd the subject line- Message Archiving : Archive All Outbound Messages106109128212480608174e500031007B608174e50000test@example.com11619096805
This isafdsafasgfaiysgfsaidghfuisf sdgsgsd the subject line- Message Archiving : Archive All Outbound Messages1061066511482886080e13e00001007B6080e1390000test@example.com11619059003
This is the subject line- Message Archiving : Archive All Inbound Messages106098471075840607ef9ae00001006B607ef9ac0000test@example.com11618934189

trustwave-seg-spiderlabs-forward-quarantine-message-as-spam#


Forwards a message to Spiderlabs as spam.

Base Command#

trustwave-seg-spiderlabs-forward-quarantine-message-as-spam

Input#

Argument NameDescriptionRequired
block_numberThe block number of the message to search for (e.g., 106098471075840). Can be retrieved from the find message endpoint.Required
editionEdition of the message (e.g., "607ef9ae0000"). Can be retrieved from the find message endpoint.Required
folder_idFolder ID of the message (e.g., 1006). Can be retrieved from the find message endpoint.Required
message_nameThe name of the message (e.g., "B607ef9ac0000"). Can be retrieved from the find message endpoint.Required
recipientThe recipient of the message (e.g., email@example.com). Can be retrieved from the find message endpoint.Required
server_idThe server ID of the message (e.g., 1). Can be retrieved from the find message endpoint. .Required
time_loggedThe time the message was logged (e.g., 1618934189). Can be retrieved from the find message endpoint. .Required
spam_report_messageThe message that should be shown with the message on Spiderlabs. (e.g., "This message is spam...").Required
is_spamWhether the message is spam. Possible values are true, false.Required

Context Output#

There is no context output for this command.

Command Example#

!trustwave-seg-spiderlabs-forward-quarantine-message-as-spam block_number=106098471075840 edition=607ef9ae0000 folder_id=1006 is_spam="true" message_name=B607ef9ac0000 recipient=test@example.com server_id=1 spam_report_notification_from_address="This is a spam" time_logged=1618934189 spam_report_message="This is a spam"

Human Readable Output#

The message was forwarded to Spiderlabs.