Publisher: Splunk Community
Connector Version: 1.0.1
Product Vendor: Libraesva
Product Name: libraesva
Product Version Supported (regex): ".*"
Minimum Product Version: 6.1.1
This app implements integration with Libraesva Email Security Gateway
Welcome to the open-source repository for Splunk> SOAR's libraesva App.
Please have a look at our Contributing Guide if you are interested in contributing, raising issues, or learning more about open-source Phantom apps.
This Splunk SOAR App is licensed under the Apache 2.0 license. Please see our Contributing Guide for further details.
-
Connector uses Token-based authentication to access the Libraesva service API
-
Additionally X-Switch-User (username for personification) header must be put for every API request
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a libraesva asset in SOAR.
VARIABLE | REQUIRED | TYPE | DESCRIPTION |
---|---|---|---|
base_url | required | string | Libraesva base url address |
username | required | string | Libraesva username |
password | required | password | Libraesva password |
admin_user | required | string | Libraesva admin user for impersonification (X-Switch-User) |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
search email - Search email based on provided query string
blocklist resource - Blocklist specified resource
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
No parameters are required for this action
No Output
Search email based on provided query string
Type: investigate
Read only: True
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
page | optional | Number of first page of expected results | numeric | page |
date_range | optional | Date range of expected results | string | date_range |
optional | Filter by email of sender or recipients | string | email |
|
groups | optional | Advanced messages filters field | string | groups |
groups_value | optional | Advanced messages filters field value | string | groups_value |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.date_range | string | date_range |
|
action_result.parameter.email | string | email |
|
action_result.parameter.groups | string | groups |
|
action_result.parameter.groups_value | string | groups_value |
|
action_result.parameter.page | string | page |
|
action_result.data | string | ||
action_result.data.*.deliveryResult | string | ||
action_result.data.*.hasAttachments | string | ||
action_result.data.*.headerFrom | string | ||
action_result.data.*.hostname | string | ||
action_result.data.*.id | string | ||
action_result.data.*.messageId | string | ||
action_result.data.*.quarantined | boolean | ||
action_result.data.*.receivedOn | string | ||
action_result.data.*.recipients | string | ||
action_result.data.*.result | string | ||
action_result.data.*.sender | string | ||
action_result.data.*.senderIp | string | ||
action_result.data.*.sentOn | string | ||
action_result.data.*.size | numeric | ||
action_result.data.*.subject | string | ||
action_result.summary | string | ||
action_result.summary.num_messages | string | 10 | |
action_result.summary.status | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric | ||
action_result.message | string |
Blocklist specified resource
Type: generic
Read only: False
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
from | required | Source to be blocklisted | string | |
to | required | Target mailbox | string | |
only_envelope | optional | The onlyEnvelope query parameter | boolean |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.from | string | ||
action_result.parameter.only_envelope | string | ||
action_result.parameter.to | string | ||
action_result.data | string | ||
action_result.summary | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric | ||
action_result.message | string |