Trellix Email Security - Cloud

Trellix Email Security - Cloud (Formerly FireEye ETP) is a cloud-based platform that protects against advanced email attacks.

The Trellix Email Security - Cloud integration with Cortex XSOAR streamlines the endpoint security investigation process within an organization and facilitates threat hunting efforts.

What does this pack do?

Retrieve specific messages from the Trellix Email Security - Cloud portal.
Conduct and perform threat hunting easily and effectively by utilizing the pack playbook or the fireeye-etp-search-messages command.
Analyze and investigate Trellix Email Security - Cloud alerts.
Receive a summary of Trellix Email Security - Cloud alerts.

Pack Contributors:

Francisco Javier Fernández Jiménez

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

The Trellix Email Security - Cloud integration with Cortex streamlines the endpoint security investigation process within an organization and facilitates threat hunting efforts.

What does this pack do?

Retrieve specific messages from the Trellix Email Security - Cloud portal.
Conduct and perform threat hunting easily and effectively by utilizing the pack playbook or the fireeye-etp-search-messages command.
Analyze and investigate Trellix Email Security - Cloud alerts.
Receive a summary of Trellix Email Security - Cloud alerts.

Pack Contributors:

Francisco Javier Fernández Jiménez

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Classifiers

Name	Description
Trellix Incident Classifier	Trellix Incident Classifier
Trellix Mapper	Trellix Mapper for alerts

Incident Types

Name	Description
Trellix Incident

Integrations

Name	Description
Trellix Email Security - Cloud	Trellix Email Security - Cloud is a cloud-based platform that protects against advanced email attacks.

Playbooks

Name	Description
Trellix Email Security Cloud - Indicators Hunting	This playbook queries Trellix Email Security - Cloud for indicators such as domains, IP addresses, sender and recipient email addresses. Separate searches are conducted for each type of indicator in the playbook. Note that multiple search values should be separated by commas only (without spaces or any special characters).

Classifiers

Name	Description
Trellix Incident Classifier	Trellix Incident Classifier
Trellix Mapper	Trellix Mapper for alerts

Incident Types

Name	Description
Trellix Incident

Integrations

Name	Description
Trellix Email Security - Cloud Event Collector	Use this integration to fetch email security incidents from Trellix Email Security - Cloud as Cortex XSIAM events.
Trellix Email Security - Cloud	Trellix Email Security - Cloud is a cloud-based platform that protects against advanced email attacks.

Modeling Rules

Name	Description
Trellix Email Security Cloud Modeling Rule

Playbooks

Name	Description
Trellix Email Security Cloud - Indicators Hunting	This playbook queries Trellix Email Security - Cloud for indicators such as domains, IP addresses, sender and recipient email addresses. Separate searches are conducted for each type of indicator in the playbook. Note that multiple search values should be separated by commas only (without spaces or any special characters).

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (4)

Pack Name	Pack By
Aggregated Scripts	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

2.1.5 - 8515806 (April 27, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 43940

Download

2.1.4 - 8210013 (April 13, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 43748

Download

2.1.3 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

2.1.2 - 7489104 (March 8, 2026)

Integrations

Trellix Email Security - Cloud

Fixed an issue with the handling of proxy configuration.
Updated the Docker image to: demisto/python3:3.12.12.7090913.

Related pull requests:
- 43256

Download

2.1.1 - 6920594 (January 28, 2026)

Classifiers

New: Trellix Incident Classifier

Added a new classifier for the Trellix Incident incident type.

Incident Types

New: Trellix Incident
New: Added a new incident type - Trellix Incident.

Integrations

Trellix Email Security - Cloud

Added support for First fetch timestamp. parameter.
Added support for Max incidents per fetch parameter that input a value between 1 and 59. Values above 59 will be internally capped to avoid exceeding API rate limits.
Added support for fireeye-etp-download-alert-case-files command that downloads all case files of the alert specified by the alert id, in a zip file. You can obtain the id from the alert summary response, for example "id": "av7zzry7kviwrkcfu0i".
Added support for fireeye-etp-list-alerts command that get summary format information about the alerts.
Deprecated the fireeye-etp-download-alert-artifact command. Use the fireeye-etp-download-alert-case-files instead.
Deprecated the fireeye-etp-get-alert command. Use the fireeye-etp-list-alerts instead.
Deprecated the fireeye-etp-get-alerts command. Use the fireeye-etp-list-alerts instead.

Mappers

New: Trellix Mapper

New: Added a new mapper- Trellix Mapper that maps alerts to XSOAR incidents.

Related pull requests:
- 42762

Download

2.1.0 - 5844120 (November 12, 2025)

Integrations

Trellix Email Security - Cloud

Added OAuth 2.0 authentication support to enable connection with Trellix endpoints.

Related pull requests:
- 41702

Download

2.0.11 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

2.0.10 - 4915660 (September 17, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41291

Download

2.0.9 - 4874171 (September 14, 2025)

Integrations

Trellix Email Security - Cloud

Updated the FireEye ETP integration name to Trellix Email Security - Cloud.
Updated the Docker image to: demisto/python3:3.12.11.4508456.

Playbooks

Trellix Email Security Cloud - Indicators Hunting

Updated the FireEye ETP - Indicators Hunting playbook name to Trellix Email Security Cloud - Indicators Hunting.

Related pull requests:
- 41218

Download

2.0.8 - R4739218 (September 2, 2025)

Integrations

FireEye ETP

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

2.0.7 - 4126849 (July 10, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 40536

Download

2.0.6 - 4096037 (July 8, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 40498

Download

2.0.5 - R3481649 (May 21, 2025)

Integrations

FireEye ETP

Metadata and documentation improvements.

Related pull requests:
- 39217

Download

2.1.5 - 8542515 (April 28, 2026)

Modeling Rules

Trellix Email Security Cloud Modeling Rule

Documentation and metadata improvements.

Related pull requests:
- 43940

Download

2.1.4 - 8210013 (April 13, 2026)

Integrations

Trellix Email Security - Cloud Event Collector

Documentation and metadata improvements.

Related pull requests:
- 43748

Download

2.1.3 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

2.1.2 - 7489104 (March 8, 2026)

Integrations

Trellix Email Security - Cloud

Fixed an issue with the handling of proxy configuration.
Updated the Docker image to: demisto/python3:3.12.12.7090913.

Related pull requests:
- 43256

Download

2.1.1 - 6920581 (January 28, 2026)

Classifiers

New: Trellix Incident Classifier

Added a new classifier for the Trellix Incident incident type.

Incident Types

New: Trellix Incident
New: Added a new incident type - Trellix Incident.

Integrations

Trellix Email Security - Cloud

Added support for First fetch timestamp. parameter.
Added support for Max incidents per fetch parameter that input a value between 1 and 59. Values above 59 will be internally capped to avoid exceeding API rate limits.
Added support for fireeye-etp-download-alert-case-files command that downloads all case files of the alert specified by the alert id, in a zip file. You can obtain the id from the alert summary response, for example "id": "av7zzry7kviwrkcfu0i".
Added support for fireeye-etp-list-alerts command that get summary format information about the alerts.
Deprecated the fireeye-etp-download-alert-artifact command. Use the fireeye-etp-download-alert-case-files instead.
Deprecated the fireeye-etp-get-alert command. Use the fireeye-etp-list-alerts instead.
Deprecated the fireeye-etp-get-alerts command. Use the fireeye-etp-list-alerts instead.

Mappers

New: Trellix Mapper

New: Added a new mapper- Trellix Mapper that maps alerts to XSOAR incidents.

Related pull requests:
- 42762

Download

2.1.0 - 5844120 (November 12, 2025)

Integrations

Trellix Email Security - Cloud

Added OAuth 2.0 authentication support to enable connection with Trellix endpoints.

Trellix Email Security - Cloud Event Collector

Added OAuth 2.0 authentication support to enable connection with Trellix endpoints.

Related pull requests:
- 41702

Download

2.0.11 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

2.0.10 - R5469292 (October 20, 2025)

Integrations

Trellix Email Security - Cloud Event Collector

Added the "direction_source" field to the following event types: email_trace, email_trace_outbound, alerts, and alerts_outbound.

Related pull requests:
- 41291

Download

2.0.9 - 4874171 (September 14, 2025)

Integrations

Trellix Email Security - Cloud Event Collector

Updated the FireEye ETP Event Collector integration name to Trellix Email Security - Cloud Event Collector.
Updated the Docker image to: demisto/python3:3.12.11.4508456.

Trellix Email Security - Cloud

Updated the FireEye ETP integration name to Trellix Email Security - Cloud.
Updated the Docker image to: demisto/python3:3.12.11.4508456.

Modeling Rules

Trellix Email Security Cloud Modeling Rule

Updated the FireEye ETP Modeling Rule name to Trellix Email Security Cloud Modeling Rule

Playbooks

Trellix Email Security Cloud - Indicators Hunting

Updated the FireEye ETP - Indicators Hunting playbook name to Trellix Email Security Cloud - Indicators Hunting.

Related pull requests:
- 41218

Download

2.0.8 - R4739218 (September 2, 2025)

Integrations

FireEye ETP

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

2.0.7 - 4126849 (July 10, 2025)

Integrations

FireEye ETP Event Collector

Fixed an issue where the user activity logs failed to fetch due to API changes. As part of the fix, activity logs fetch request will now contain the 'to' argument for each call.

Related pull requests:
- 40536

Download

2.0.6 - 4096037 (July 8, 2025)

Integrations

FireEye ETP Event Collector

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

2.0.5 - R3481649 (May 21, 2025)

Integrations

FireEye ETP Event Collector

Metadata and documentation improvements.

FireEye ETP

Metadata and documentation improvements.

Related pull requests:
- 39217

Download

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	April 27, 2026

Trellix Email Security - Cloud

Pack Contributors:

Pack Contributors:

Integrations

Trellix Email Security - Cloud

Classifiers

New: Trellix Incident Classifier

Incident Types

Integrations

Trellix Email Security - Cloud

Mappers

New: Trellix Mapper

Integrations

Trellix Email Security - Cloud

Integrations

Trellix Email Security - Cloud

Playbooks

Trellix Email Security Cloud - Indicators Hunting

Integrations

FireEye ETP

Integrations

FireEye ETP

Modeling Rules

Trellix Email Security Cloud Modeling Rule

Integrations

Trellix Email Security - Cloud Event Collector

Integrations

Trellix Email Security - Cloud

Classifiers

New: Trellix Incident Classifier

Incident Types

Integrations

Trellix Email Security - Cloud

Mappers

New: Trellix Mapper

Integrations

Trellix Email Security - Cloud

Trellix Email Security - Cloud Event Collector

Integrations

Trellix Email Security - Cloud Event Collector

Integrations

Trellix Email Security - Cloud Event Collector

Trellix Email Security - Cloud

Modeling Rules

Trellix Email Security Cloud Modeling Rule

Playbooks

Trellix Email Security Cloud - Indicators Hunting

Integrations

FireEye ETP

Integrations

FireEye ETP Event Collector

Integrations

FireEye ETP Event Collector

Integrations

FireEye ETP Event Collector

FireEye ETP

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER