FireEye Email Threat Prevention

the fireeye etp connector integrates with fireeye's email security solutions to automate threat detection and response activities fireeye email threat prevention (etp) offers advanced threat protection and email security against phishing, malware, spam, and other sophisticated email threats the fireeye etp connector for swimlane turbine enables users to automate the retrieval of threat alerts, detailed alert information, message trace data, and message search capabilities by integrating with fireeye etp, swimlane turbine users can enhance their security automation workflows, streamline threat investigations, and respond to email based threats more efficiently prerequisites to effectively utilize the fireeye email threat prevention connector with swimlane turbine, ensure you have the following api key authentication url the endpoint url for the fireeye etp api api key a valid api key provided by fireeye to access the etp services capabilities this connector provides the following capabilities get alerts summary get detail of specified alert message trace information request search for messages configurations fireeye etp api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x fireeye api key fireeye api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alerts summary retrieves a summary list of advanced threat alerts from fireeye email threat prevention endpoint url /api/v1/alerts method post input argument name type required description attributes object optional parameter for get alerts summary attributes etp message id string optional email message id attributes email status string optional status value fromlastmodifiedon string optional date time in yyyy mm ddthh\ mm \ ss fff format inreverse chronological order default is 90 days size number optional number of alerts to include in response valid range is 1 100 input example {"json body" {"attributes" {"etp message id" "zwwsdm66ouzhzzwwsdqw9o","email status" "released"},"fromlastmodifiedon" "2018 10 03t00 00 00 000z","size" 3}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data attributes object response data data attributes meta object response data data attributes meta read boolean response data data attributes meta last modified on string response data data attributes meta legacy id number response data data attributes meta acknowledged boolean response data data attributes ati object response data data attributes ati threat type string response data data attributes alert object response data data attributes alert product string response data data attributes alert malware md5 string response data data attributes alert timestamp string response data data attributes email object response data data attributes email status string response data data attributes email smtp object response data data attributes email smtp rcpt to string response data data attributes email smtp mail from string response data data attributes email etp message id string response data data attributes email headers object response data data attributes email headers cc string response data data attributes email headers to string response data data attributes email headers from string response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" \[{}],"meta" {"fromlastmodifiedon" {},"total" 4,"copyright" "copyright 2018 fireeye inc"},"type" "alerts"}} get detail of specified alert retrieves detailed information for a specific advanced threat alert using the provided alert id endpoint url /api/v1/alerts/{{alert id}} method get input argument name type required description path parameters alert id string required parameters for the get detail of specified alert action input example {"path parameters" {"alert id" "av7zzry7kviwwrkcfu0i"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data attributes object response data data attributes meta object response data data attributes meta read boolean response data data attributes meta last modified on string response data data attributes meta legacy id number response data data attributes meta acknowledged boolean response data data attributes ati object response data data attributes alert object response data data attributes alert product string response data data attributes alert alert type array response data data attributes alert severity string response data data attributes alert ack string response data data attributes alert malware md5 string response data data attributes alert explanation object response data data attributes alert explanation analysis string response data data attributes alert explanation anomaly string response data data attributes alert explanation cnc services object response data data attributes alert explanation malware detected object response data data attributes alert explanation os changes array response data data attributes alert explanation protocol string response data data attributes alert explanation timestamp string response data data attributes alert timestamp string response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" \[{}],"meta" {"total" 1,"copyright" "copyright 2018 fireeye inc "},"type" "alerts"}} message trace information request retrieve attributes for a specific message using the fireeye etp message id provided in path parameters endpoint url /api/v1/messages/{{etp message id}} method get input argument name type required description path parameters etp message id string required the id of the etp message input example {"path parameters" {"etp message id" "7g5ieqtt39dvw7g5ie3sdm"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data attributes object response data data attributes accepteddatetime string response data data attributes countrycode string response data data attributes domain string response data data attributes downstreammsgid string response data data attributes emailsize number response data data attributes lastmodifieddatetime string response data data attributes recipientheader array response data data attributes recipientsmtp array response data data attributes senderheader string response data data attributes sendersmtp string response data data attributes senderip string response data data attributes status string response data data attributes subject string response data data attributes verdicts object response data data attributes verdicts as string response data data attributes verdicts av string response data data attributes verdicts at string response data data attributes verdicts pv string response data data included array response data data included type string response data data included id number response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" \[{}],"meta" {"total" 1,"copyright" "copyright 2018 fireeye inc","fromlastmodifiedon" {}}}} search for messages retrieve a list of messages with specified attributes from the fireeye email threat prevention portal endpoint url /api/v1/messages/trace method post input argument name type required description search object optional parameter for search for messages search type string optional specify the type of the query currently, this can have only one value messageattributes search size number optional the number of entries returned by the search query default is 20 and maximum is 100 search attributes object optional parameter for search for messages search attributes fromemail object optional list of from email addresses, 10 entries maximum search attributes fromemail value array optional attributes from email value search attributes fromemail filter string optional attributes from email filter search attributes fromemail includes array optional attributes from email includes search attributes recipients object optional array of to/cc email addresses, 10 entries maximum search attributes recipients value array optional attributes recipients value search attributes recipients filter string optional attributes recipients filter search attributes recipients includes array optional attributes recipients includes search attributes subject object optional text to search for in the subject search attributes subject value string optional attributes subject value search attributes subject filter string optional attributes subject filter search attributes period object optional attributes period search attributes period range object optional parameter for search for messages search attributes period range fromaccepteddatetime string optional attributes period range from accepted date time format compliant with iso8601 search attributes period range toaccepteddatetime string optional attributes period range to accepted date time format compliant with iso8601 search attributes lastmodifieddatetime object optional last modified date time format compliant with iso860 search attributes lastmodifieddatetime value string optional attributes last modified date time value search attributes lastmodifieddatetime filter string optional attributes last modified date time filter filter values are >=, <=, >, < search attributes status object optional array of email status values search attributes status value array optional attributes status value search attributes status filter string optional attributes status filter input example {"json body" {"search" {"type" "messageattibutes","size" 100,"attributes" {"fromemail" {"value" \["test\@etp com"],"filter" "in","includes" \["smtp"]},"recipients" {"value" \["userb\@etp testdomain5 com","usera\@etp testdomain5 com"],"filter" "in","includes" \["smtp","header"]},"subject" {"value" "test message","filter" "in"},"period" {"range" {"fromaccepteddatetime" "2017 07 11t04 52 26 365000+00 00","toaccepteddatetime" "2017 07 10t04 51 26 365000+00 00"}},"lastmodifieddatetime" {"value" "2017 07 11t04 51 26 365000+00 00","filter" ">="},"status" {"value" \["accepted","rejected"],"filter" "in"},"rejectionreason" {"value" \["dhap failed"]},"atverdict" {"value" \["pass"],"filter" "in"},"avverdict" {"value" \["pass","fail"],"filter" "in"},"asverdict" {"value" \["pass"],"filter" "in"},"pvaction" {"value" \["others"],"filter" "not in"},"hasattachment"\ true,"messagesize" {"range" {"min" 0,"max" 1000}},"senderip" {"value" \["10 128 1 1","10 128 1 2"],"filter" "in"},"domains" {"value" \["etp testdomain5 com","etp tesdomain5 com"]}}}}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data attributes object response data data attributes accepteddatetime string response data data attributes countrycode string response data data attributes domain string response data data attributes emailsize number response data data attributes rejectionreason object response data data attributes rejectionreason code string response data data attributes rejectionreason description string response data data attributes ismarkeddeleted boolean response data data attributes isread boolean response data data attributes lastmodifieddatetime string response data data attributes recipientheader array response data data attributes recipientsmtp array response data data attributes senderheader string response data data attributes sendersmtp string response data data attributes senderip string response data data attributes status string response data data attributes subject string response data data attributes verdicts object response data data attributes verdicts as string response data data attributes verdicts av string response data data attributes verdicts at string response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" \[{},{}],"meta" {"total" 151,"copyright" "copyright 2018 fireeye inc","fromlastmodifiedon" {}}}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt