The Cisco ESA Export IOC Action Bundle uses AsyncOS API for Cisco Secure Email Gateway to enable users to add or delete Safelist and Blocklist entries. Cisco Secure Email Gateway is an email security solution that blocks spam and security threats from the internet and prevents the accidental or intentional leakage of customer data.

The integration provides the following actions:

• Cisco ESA Add Recipients To Quarantine List - adds recipients to Safelist/Blocklist
• Cisco ESA Add Senders To Quarantine List - adds senders to Safelist/Blocklist
• Cisco ESA Delete Recipients From Quarantine List - deletes recipients from Safelist/Blocklist
• Cisco ESA Delete Senders From Quarantine List - deletes senders from Safelist/Blocklist

The actions are compatible with following indicator types:

• Email Address
• FQDN
• IP Address

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.