Trellix Email Security - Cloud

Details
Content
Dependencies
Version History

Trellix Email Security - Cloud (Formerly FireEye ETP) is a cloud-based platform that protects against advanced email attacks.

The Trellix Email Security - Cloud integration with Cortex XSOAR streamlines the endpoint security investigation process within an organization and facilitates threat hunting efforts.

What does this pack do?

Retrieve specific messages from the Trellix Email Security - Cloud portal.
Conduct and perform threat hunting easily and effectively by utilizing the pack playbook or the fireeye-etp-search-messages command.
Analyze and investigate Trellix Email Security - Cloud alerts.
Receive a summary of Trellix Email Security - Cloud alerts.

Pack Contributors:

Francisco Javier Fernández Jiménez

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

The Trellix Email Security - Cloud integration with Cortex streamlines the endpoint security investigation process within an organization and facilitates threat hunting efforts.

What does this pack do?

Retrieve specific messages from the Trellix Email Security - Cloud portal.
Conduct and perform threat hunting easily and effectively by utilizing the pack playbook or the fireeye-etp-search-messages command.
Analyze and investigate Trellix Email Security - Cloud alerts.
Receive a summary of Trellix Email Security - Cloud alerts.

Pack Contributors:

Francisco Javier Fernández Jiménez

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Integrations

Name	Description
Trellix Email Security - Cloud	Trellix Email Security - Cloud is a cloud-based platform that protects against advanced email attacks.

Playbooks

Name	Description
Trellix Email Security Cloud - Indicators Hunting	This playbook queries Trellix Email Security - Cloud for indicators such as domains, IP addresses, sender and recipient email addresses. Separate searches are conducted for each type of indicator in the playbook. Note that multiple search values should be separated by commas only (without spaces or any special characters).

Integrations

Name	Description
Trellix Email Security - Cloud Event Collector	Use this integration to fetch email security incidents from Trellix Email Security - Cloud as Cortex XSIAM events.
Trellix Email Security - Cloud	Trellix Email Security - Cloud is a cloud-based platform that protects against advanced email attacks.

Modeling Rules

Name	Description
Trellix Email Security Cloud Modeling Rule

Playbooks

Name	Description
Trellix Email Security Cloud - Indicators Hunting	This playbook queries Trellix Email Security - Cloud for indicators such as domains, IP addresses, sender and recipient email addresses. Separate searches are conducted for each type of indicator in the playbook. Note that multiple search values should be separated by commas only (without spaces or any special characters).

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (3)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

2.0.9 - 4874171 (September 14, 2025)

Integrations

Trellix Email Security - Cloud

Updated the FireEye ETP integration name to Trellix Email Security - Cloud.
Updated the Docker image to: demisto/python3:3.12.11.4508456.

Playbooks

Trellix Email Security Cloud - Indicators Hunting

Updated the FireEye ETP - Indicators Hunting playbook name to Trellix Email Security Cloud - Indicators Hunting.

Related pull requests:
- 41218

Download

2.0.8 - R4739218 (September 2, 2025)

Integrations

FireEye ETP

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

2.0.7 - 4126849 (July 10, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 40536

Download

2.0.6 - 4096037 (July 8, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 40498

Download

2.0.5 - R3481649 (May 21, 2025)

Integrations

FireEye ETP

Metadata and documentation improvements.

Related pull requests:
- 39217

Download

2.0.4 - R2988527 (March 26, 2025)

FireEye ETP

Documentation and metadata improvements.

Related pull requests:
- 38999

Download

2.0.3 - 1834150 (December 18, 2024)

Playbooks

FireEye ETP - Indicators Hunting

Documentation and metadata improvements.

Related pull requests:
- 37685

Download

2.0.2 - 1812905 (December 15, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 37630

Download

2.0.1 - R1741355 (December 3, 2024)

Integrations

FireEye ETP

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

2.0.0 - 1502510 (October 13, 2024)

Integrations

FireEye ETP

Added the following new commands:

fireeye-etp-download-alert-artifact
fireeye-etp-list-yara-rulesets
fireeye-etp-download-yara-file
fireeye-etp-upload-yara-file
fireeye-etp-get-events-data
fireeye-etp-quarantine-release

Related pull requests:
- 36704
- 36592

Download

1.4.3 - R1051712 (May 28, 2024)

Integrations

FireEye ETP

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32445

Download

2.0.9 - 4874171 (September 14, 2025)

Integrations

Trellix Email Security - Cloud Event Collector

Updated the FireEye ETP Event Collector integration name to Trellix Email Security - Cloud Event Collector.
Updated the Docker image to: demisto/python3:3.12.11.4508456.

Trellix Email Security - Cloud

Updated the FireEye ETP integration name to Trellix Email Security - Cloud.
Updated the Docker image to: demisto/python3:3.12.11.4508456.

Modeling Rules

Trellix Email Security Cloud Modeling Rule

Updated the FireEye ETP Modeling Rule name to Trellix Email Security Cloud Modeling Rule

Playbooks

Trellix Email Security Cloud - Indicators Hunting

Updated the FireEye ETP - Indicators Hunting playbook name to Trellix Email Security Cloud - Indicators Hunting.

Related pull requests:
- 41218

Download

2.0.8 - R4739218 (September 2, 2025)

Integrations

FireEye ETP

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

2.0.7 - 4126849 (July 10, 2025)

Integrations

FireEye ETP Event Collector

Fixed an issue where the user activity logs failed to fetch due to API changes. As part of the fix, activity logs fetch request will now contain the 'to' argument for each call.

Related pull requests:
- 40536

Download

2.0.6 - 4096037 (July 8, 2025)

Integrations

FireEye ETP Event Collector

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

2.0.5 - R3481649 (May 21, 2025)

Integrations

FireEye ETP Event Collector

Metadata and documentation improvements.

FireEye ETP

Metadata and documentation improvements.

Related pull requests:
- 39217

Download

2.0.4 - R2988527 (March 26, 2025)

FireEye ETP

Documentation and metadata improvements.

Related pull requests:
- 38999

Download

2.0.3 - 1834150 (December 18, 2024)

Playbooks

FireEye ETP - Indicators Hunting

Documentation and metadata improvements.

Related pull requests:
- 37685

Download

2.0.2 - 1812905 (December 15, 2024)

Integrations

FireEye ETP Event Collector

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37630

Download

2.0.1 - R1741355 (December 3, 2024)

Integrations

FireEye ETP

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

2.0.0 - 1502510 (October 13, 2024)

Integrations

FireEye ETP

Added the following new commands:

fireeye-etp-download-alert-artifact
fireeye-etp-list-yara-rulesets
fireeye-etp-download-yara-file
fireeye-etp-upload-yara-file
fireeye-etp-get-events-data
fireeye-etp-quarantine-release

Related pull requests:
- 36704
- 36592

Download

1.4.3 - R1051712 (May 28, 2024)

Integrations

FireEye ETP

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32445

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	September 14, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.