Fireeye ETP

Cloud Edition provides RESTful APIs for custom integration. The APIs are provided for Advanced Threats, Email Trace, and Quarantine functionalities

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using the supplied configuration
• on poll: Callback action for the on_poll ingest functionality
• list alerts: Get a list of alerts from the ETP instance
• get alert: Get details about a specific alert from the ETP instance
• list email attributes: Get all the attributes from a list of email messages
• get email attributes: Get the attributes of a particular message with the specified Email Security message ID
• trace email: Search for Email Message by specifying one or more filters
• trace message: Search for Email Message by specifying the Queue/Message-ID of the Downstream MTA or the Original Message-ID. At least one parameter must be filled out. All fields are filtered by the IN clause where applicable
• download email: Download the email header as a text file and add it to the vault
• download pcap: Downloads all the PCAP files of the alert for a specified alert ID and add the files to the vault
• download malware files: Download all malware files of the alert for a specified alert ID and add the files to the vault
• download case files: Download all case files of the alert for a specified alert ID and add the files to the vault
• remediate emails: Enqueues the message IDs provided in the request for remediation from the user's Office365 mailbox
• get quarantined email: Download the email file present in the quarantine for the given Email Security message ID and add it to the vault
• unquarantine email: Release the email file(s) present in the Quarantine within ETP
• delete quarantined email: Delete the email file(s) present in quarantine for the given Email Security message ID
• list quarantined emails: Get a list of quarantined emails from a given query filter