05-19-2021 06:32 AM
Hi all
How cloud I query the SMA API for mails in quarantine with SecureX orchestration? Do I have to use Threat Response API?
Could anyone assist?
Sample Request
GET /sma/api/v2.0/quarantine/messages?endDate=2018-11-21T23:59:00.000Z& limit=25&offset=0&orderBy=date&orderDir=desc&quarantineType=spam&startDate=2018-07-01T00:00:00.000Z
What kind of endpoint do I need in SecureX orchestration?
Thanks
Solved! Go to Solution.
05-25-2021 12:45 PM
hi Markus, if it is on-prem you will either need to poke an inbound hole in the FW (not recommended) or wait until the SecureX orchestration remote connector is released (should be very soon). When it is released you can create internal targets and reach them the same way as I described above
05-27-2021 10:29 AM
05-19-2021 08:16 AM
Hi Markus, I would recommend to use a HTTP Request action and drag that into your canvas. You also have to create a HTTP target with the domain of your SMA tenant. You can then select that target in the HTTP Request action and use this as relative URL: /sma/api/v2.0/quarantine/messages?endDate=2018-11-21T23:59:00.000Z& limit=25&offset=0&orderBy=date&orderDir=desc&quarantineType=spam&startDate=2018-07-01T00:00:00.000Z. You will probably have to add some headers and make sure your authorization is working. Please let me know if this helps!
05-20-2021 02:23 PM
Could you make a config example of this HTTP target? How can I configure devices which are connected over SSE as a HTTP target?
05-20-2021 02:49 PM
Ah could it be that I only need to use the SecureX Internal Target?
05-24-2021 11:42 PM
Hi Markus, are you using CES? then you don't have to do this via SSE since CES has a public domain. Here would be an incomplete example:
{ "workflow": { "unique_name": "definition_workflow_01OP5RKP52Y1N5lflSPbL09EQJTnrv561Ua", "name": "SMA HTTP request example", "title": "SMA HTTP request example", "type": "generic.workflow", "base_type": "workflow", "variables": null, "properties": { "atomic": { "is_atomic": false }, "delete_workflow_instance": false, "display_name": "SMA HTTP request example", "runtime_user": { "override_target_runtime_user": false, "specify_on_workflow_start": false, "target_default": true }, "target": { "execute_on_target_group": false, "execute_on_workflow_target": false, "no_target": true, "specify_on_workflow_start": false } }, "object_type": "definition_workflow", "actions": [ { "unique_name": "definition_activity_01OP5RNIW40KY5sNWRyjrGrWuw01tVRI34J", "name": "HTTP Request", "title": "SMA HTTP Request", "type": "web-service.http_request", "base_type": "activity", "properties": { "action_timeout": 180, "allow_auto_redirect": true, "continue_on_error_status_code": false, "continue_on_failure": false, "description": "add SMA target and auth headers", "display_name": "SMA HTTP Request", "method": "GET", "relative_url": "/sma/api/v2.0/quarantine/messages?endDate=2018-11-21T23:59:00.000Z& limit=25&offset=0&orderBy=date&orderDir=desc&quarantineType=spam&startDate=2018-07-01T00:00:00.000Z", "runtime_user": { "override_target_runtime_user": false, "target_default": true }, "skip_execution": false, "target": { "override_workflow_target": false, "override_workflow_target_group_criteria": false, "use_workflow_target": true, "use_workflow_target_group": false } }, "object_type": "definition_activity" } ], "categories": [ "category_1BMfMXSnJMyt5Ihqi7rWJr5N8cf" ] } }
05-25-2021 12:16 AM
Hi Chris
Now the customer is using on-prem ESA managed with SMA. That's why I don't get it how to do that....
05-25-2021 12:45 PM
hi Markus, if it is on-prem you will either need to poke an inbound hole in the FW (not recommended) or wait until the SecureX orchestration remote connector is released (should be very soon). When it is released you can create internal targets and reach them the same way as I described above
05-27-2021 05:24 AM
Thanks Chris!
05-27-2021 10:29 AM
06-01-2021 12:13 AM
Awesome, thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide