Symantec Messaging Gateway

Use Symantec Messaging Gateway (SMG) to block and unblock domains, email addresses, and IP addresses.

This integration was integrated and tested with Symantec Messaging Gateway v10.6.4.

Use Cases

  • Block and unblock domains, email addresses and IP addresses.
  • Get blocked domains and blocked IP addresses.

Known limitations

  • SMG does not have a REST API, therefore the integration parses HTML response using the Beautiful Soup package. It also sends and gets data through it.
  • The integration adds and removes IoCs to the relevant default Bad Sender lists, and not custom ones.

Configure Symantec Messaging Gateway on Demisto

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for Symantec Messaging Gateway.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance
    • Server URL (for example, https://192.168.0.1:20013)
    • Username
    • Do not validate server certificate (not secure)
    • Use system proxy settings
  4. Click Test to validate URLs and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Block an email address: smg-block-email
  2. Block a domain: smg-block-domain
  3. Block an IP address: smg-block-ip
  4. Unblock an email address: smg-unblock-email
  5. Unblock a domain: smg-unblock-domain
  6. Unblock an IP address: smg-unblock-ip
  7. Get blocked Domains: smg-get-blocked-domains
  8. Get blocked IP addresses: smg-get-blocked-ips

1. Block an email address


Blocks an email address.

Base Command

smg-block-email

Input
Parameter Description
email Email address to block

Context Output
Path Description
Email.Address Email address that was blocked
Email.Blocked True if blocked, False if unblocked

Raw Output
Email address admin@company.com was blocked successfully.

2. Block a domain


Block a domain.

Base Command

smg-block-domain

Input
Parameter Description
domain Domain to block

Context Output
Path Description
Domain.Name Name of the domain that was blocked
Domain.Blocked True if blocked, False if unblocked

Raw Output
Domain google.com was blocked successfully.

3. Block an IP address


Blocks an IP address.

Base Command

smg-block-ip

Input
Parameter Description
ip IP address to block

Context Output
Path Description
IP.Address IP address that was blocked
IP.Blocked True if blocked, False if unblocked

Raw Output
IP address 8.8.8.8 was blocked successfully.

4. Unblock an email address


Unblock an email address.

Base Command

smg-unblock-email

Input
Parameter Description
email Email address to unblock

Context Output
Path Description
Email.Address Email address that was unblocked
Email.Blocked True if blocked, False if unblocked

Raw Output
Email address admin@company.com was unblocked successfully.

5. Unblock a domain


Unblock a domain.

Base Command

smg-unblock-domain

Input
Parameter Description
domain Domain to unblock

Context Output
Path Description
Domain.Name Name of the domain that was blocked
Domain.Blocked True if blocked, False if unblocked

Raw Output
Domain google.com was unblocked successfully.

6. Unblock an IP address


Unblock an IP address.

Base Command

smg-unblock-ip

Input
Parameter Description
ip IP address to unblock

Context Output
Path Description
IP.Address IP address that was unblocked
IP.Blocked True if blocked, False if unblocked

Raw Output

IP address 8.8.8.8 was unblocked successfully.


7. Get a list of blocked domains

Returns a list of blocked domains.

Base Command

smg-get-blocked-domains

Input

There is no input.

Context Output

There is no context output for this command.

Raw Output
### SMG Blocked domains:
- abc.net
- abc.org


8. Get blocked IP addresses

Get blocked IP addresses.

Base Command

smg-get-blocked-ips

Input

There is no input.

Context Output

There is no context output for this command..

Raw Output
### SMG Blocked IP addresses:
- 1.2.3.4
- 8.8.8.8