Skip to main content

🧩 Product Update: Cisco ESA Export IOC Action Bundle for ThreatQ TDR Orchestrator

Related products:ThreatQ TDR Orchestrator (TQO)
  • November 3, 2025
  • 0 replies
  • 5 views
I
Forum|alt.badge.img+1

 

Cisco ESA Export IOC Action Bundle for ThreatQ TDR Orchestrator

 

Audience: Threat Intelligence Analysts, SOC Teams, MSSPs

Product Module: ThreatQ TDR Orchestrator (TQO)

Last Updated: November 3, 2025

Tags: ThreatQuotient, Cisco ESA, TDR Orchestrator, Email Gateway, Blocklist, Safelist, Integration, IOC Automation, Threat Intelligence

 

📝 Overview

 

A new Cisco Secure Email Gateway (ESA) Export IOC Action Bundle is now available for ThreatQuotient TDR Orchestrator!

 

This Action Bundle automates the export of email addresses, IPs, and FQDNs from your ThreatQ collections to Cisco ESA blocklists and safelists — boosting your email threat defense through seamless orchestration.

 

Using Cisco’s AsyncOS API, the integration enables direct management of Safelist and Blocklist entries, helping teams reduce phishing, spam, and data exfiltration risks through automated updates.

 

 

⚙️ Key Capabilities

The Cisco ESA Export IOC Action Bundle includes the following actions:

  • Cisco ESA Add Recipients To Quarantine List – Adds recipients to Safelist or Blocklist

  • Cisco ESA Add Senders To Quarantine List – Adds senders to Safelist or Blocklist

  • Cisco ESA Delete Recipients From Quarantine List – Removes recipients from Safelist or Blocklist

  • Cisco ESA Delete Senders From Quarantine List – Removes senders from Safelist or Blocklist

 

Supported Indicator Types:

  • 📧 Email Address

  • 🌐 FQDN

  • 💻 IP Address

 

 

🧾 Requirements

To use this Action Bundle, ensure you have:

 

  • An active ThreatQ TDR Orchestrator (TQO) license

  • Access to a Cisco Secure Email Gateway (ESA) with AsyncOS API enabled

 

 

💡 Why It Matters

This bundle bridges Threat Intelligence 🧠 and Email Security Operations 📧 by automating IOC sharing and enforcement:

 

  • ⚡ Auto-export and maintain Safelist/Blocklist entries from ThreatQ data

  • 🛡️ Enhance real-time protection against emerging email threats

  • ⏱️ Reduce manual updates and accelerate response times

 

 

🔗 Learn More

Check out the ThreatQuotient Integration Catalog for setup guidance and full documentation.

 

 

 

💬 Share your feedback!

 

Try the Cisco ESA Export IOC Action Bundle in your ThreatQ environment today and share your feedback in the Community! 💬

    0 replies

    Be the first to reply!


    Terms & ConditionsCookie settingsAccessibility statement