FireEye Email Security (EX)

Details
Content
Dependencies
Version History
Download With Dependencies

FireEye Email Security series protects against breaches caused by advanced email attacks.

PUBLISHER

Cortex XSOAR

INFO

Certification	Certified	Read more
Supported By	Cortex XSOAR
Created	June 11, 2021
Last Release	June 19, 2022

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Classifiers

Name	Description
FireEye Email Security - Classifier	Classifies FireEye Email Security Alerts.
FireEye Email Security - Phishing Alerts - Classifier	Classifies FireEye Email Security Alerts as Phishing Alerts incident type.

Playbooks

Name	Description
Get Email From Email Gateway - FireEye	This playbook retrieves a specified EML/MSG file directly from FireEye Email Security or Central Management.
Block Domain - FireEye Email Security	This playbook blocks domains using FireEye Email Security. The playbook checks whether the FireEye Email Security integration is enabled, whether the Domain input has been provided and if so, blocks the domain.

Incident Types

Name	Description
FireEye EX Alert

Integrations

Name	Description
FireEye Email Security	FireEye Email Security (EX) series protects against breaches caused by advanced email attacks.

Required Content Packs (12)

Pack Name	Pack By
Base	By: Cortex XSOAR
FireEyeCommonFields	By: Cortex XSOAR
CommonScripts	By: Cortex XSOAR
FireEyeCM	By: Cortex XSOAR
Phishing	By: Cortex XSOAR
CommonTypes	By: Cortex XSOAR
CommonPlaybooks	By: Cortex XSOAR
FireEyeNX	By: Cortex XSOAR
PaloAltoNetworks_IoT	By: Cortex XSOAR
GoogleChronicleBackstory	By: Partner
BruteForce	By: Cortex XSOAR
SANS	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
PhishingAlerts	By: Cortex XSOAR

2.0.8 - 3118515 (June 19, 2022)

Integrations

FireEye Email Security

Removed excessive error traceback printing.
Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19511

Download

2.0.7 - 2674843 (March 30, 2022)

Integrations

FireEye Email Security

Added type validations and other internal code improvements.

Download

2.0.6 - 2387690 (February 9, 2022)

Integrations

FireEye Email Security

Fixed an issue in the fetch incidents process where alerts were not fetched if they were created 48 hours or later than the last alert that was fetched
Updated the Docker image to: demisto/python3:3.10.1.25933.
Improved Error handling.

Download

2.0.5 - 2369391 (February 6, 2022)

Integrations

FireEye Email Security

Fixed an issue where the authorization token was not cached properly.

Download

2.0.4 - R2146019 (December 21, 2021)

Classifiers

New: FireEye Email Security - Phishing Alerts - Classifier

Classifies FireEye Email Security Alerts as Phishing Alerts incident type. (Available from Cortex XSOAR 6.0.0).

Playbooks

New: Get Email From Email Gateway - FireEye

This playbook retrieves a specified EML/MSG file directly from FireEye Email Security or Central Management. (Available from Cortex XSOAR 6.0.0).

Download

2.0.3 - 2042391 (December 2, 2021)

Integrations

FireEye Email Security

Fixed an issue where HTTP status code 206 was considered as an error.
Improved implementation of the test module command to get alerts from the last day only.
Updated the Docker image to demisto/python3:3.9.8.24399.

Download

2.0.2 - R2009340 (November 25, 2021)

Playbooks

New: Block Domain - FireEye Email Security

This playbook blocks domains using FireEye Email Security.
The playbook checks whether the FireEye Email Security integration is enabled, whether the Domain input has been provided and if so, blocks the domain. (Available from Cortex XSOAR 6.0.0).

Download

2.0.1 - 7561139 (September 12, 2021)