Symantec Email Security

Cyderes supports the ingestion of log data from the Symantec Email Security.cloud Data Feed. Symantec Email Security feeds deliver comprehensive and actionable threat intelligence data on all emails for Email Security.cloud, Email Threat Detection and Response, and Email Threat Isolation customers.

The Security.cloud Data Feed supports ingesting a superset of data from all the available services that have been purchased. This also includes metadata for all scanned emails and URLs in clean inbound email and attachments.

Chronicle Data Types

• SYMANTEC_MAIL

Requirements

An API user will need to enable access to the data feed through the Email Security.cloud portal.

1. Navigate to the Email Security.cloud portal and select Services from the Dashboard.
2. Select the Email Threat Detection and Response service.
3. Select Email Data Feed Settings.
4. Enable the Email Data Feed on this page by checking the box and clicking Save.

Note

It is recommended that a portal administrator creates a new user account exclusively to authenticate with the Email Data Feed. The user account must have View Statistics permissions for the Email Threat Detection and Response service.

For more information about setting up an API user, please refer to the Email Security.cloud documentation.

Gather Information

Provide the following information to Cyderes to complete implementation:

• Username
• Password