Skip to main content

CiscoSMA

Download With Dependencies

The Security Management Appliance (SMA) is used to centralize services from Email Security Appliances (ESAs) and Web Security Appliances (WSAs).

Integration:

The Cisco Security Management Appliance (SMA) is used to centralize services from Email Security Appliances (ESAs).

What does this pack do?

  • Retrieve spam quarantined messages.
  • Release and delete messages from spam quarantine.
  • Retrieve, add, append, edit, or delete a list entry - blocklist and safelist of spam quarantine.
  • Centralized tracking messages.
  • Retrieve tracking messages enrichment summaries - AMP, DLP, URL.
  • Centralized Reporting - get Cisco SMA's statistics reports.
  • Fetch quarantine messages as incidents.

Syslog Collection

Follow the below step to collect Cisco SMA logs via syslog.

Data normalization capabilities:

  • Rules for parsing and modeling on Cortex XSIAM.
  • The ingested Cisco SMA logs can be queried in XQL Search using the Cisco_SMA_raw dataset.

Configuration on Server Side

Please follow the steps described here

Note: The logs will receive the correct timezone only when the UTC timezone is set.

This pack contains an integration, whose main purpose is to centralize services from Cisco Email Security Appliances (ESAs) in Cisco Security Management Appliance services.

Broker VM

You will need to use the information described here.\
You can configure the specific vendor and product for this instance.

  1. Navigate to Settings -> Configuration -> Data Broker -> Broker VMs.
  2. Right-click, and select Syslog Collector -> Configure.
  3. When configuring the Syslog Collector, set:
    • vendor as -> Cisco
    • product as -> SMA

Integration:

The Cisco Security Management Appliance (SMA) is used to centralize services from Email Security Appliances (ESAs).

What does this pack do?

  • Retrieve spam quarantined messages.
  • Release and delete messages from spam quarantine.
  • Retrieve, add, append, edit, or delete a list entry - blocklist and safelist of spam quarantine.
  • Centralized tracking messages.
  • Retrieve tracking messages enrichment summaries - AMP, DLP, URL.
  • Centralized Reporting - get Cisco SMA's statistics reports.
  • Fetch quarantine messages as incidents.

Syslog Collection

Follow the below step to collect Cisco SMA logs via syslog.

Data normalization capabilities:

  • Rules for parsing and modeling on Cortex XSIAM.
  • The ingested Cisco SMA logs can be queried in XQL Search using the Cisco_SMA_raw dataset.

Configuration on Server Side

Please follow the steps described here

Note: The logs will receive the correct timezone only when the UTC timezone is set.

This pack contains an integration, whose main purpose is to centralize services from Cisco Email Security Appliances (ESAs) in Cisco Security Management Appliance services.

Broker VM

You will need to use the information described here.\
You can configure the specific vendor and product for this instance.

  1. Navigate to Settings -> Configuration -> Data Broker -> Broker VMs.
  2. Right-click, and select Syslog Collector -> Configure.
  3. When configuring the Syslog Collector, set:
    • vendor as -> Cisco
    • product as -> SMA

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedNovember 30, 2022
Last ReleaseMarch 26, 2025
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.