Network / Email Security Connectors¶
Network and email security connectors enable AI agents to manage email threat detection, network access control, firewall policies, web filtering, and operational technology (OT) security monitoring. These connectors support investigation workflows that span from phishing triage through network containment and DNS-based blocking.
Email query and log retrieval operations are LOW risk. Operations that modify firewall rules, block domains, or alter email filtering policies are classified as HIGH risk due to their potential to disrupt network connectivity or email delivery.
| Connector | Operations | Risk Levels | Description |
|---|---|---|---|
| Proofpoint | 19 | LOW, MEDIUM, HIGH | Proofpoint Targeted Attack Protection operations for message tracing, threat forensics, campaign queries, and URL decode analysis |
| Mimecast | 21 | LOW, MEDIUM, HIGH | Mimecast operations for message tracking, held message management, blocked sender policies, URL protection logs, and archive search |
| Abnormal Security | 17 | LOW, MEDIUM | Abnormal Security operations for threat detection, case management, abuse mailbox processing, and account takeover analysis |
| Fortinet | 23 | LOW, MEDIUM, HIGH | Fortinet FortiGate operations for firewall policy management, address object administration, threat log queries, and VPN session monitoring |
| Zscaler | 25 | LOW, MEDIUM, HIGH | Zscaler Internet Access operations for URL filtering policies, firewall rules, DLP dictionary management, and traffic log queries |
| Cloudflare | 25 | LOW, MEDIUM, HIGH | Cloudflare operations for DNS record management, WAF rule configuration, firewall rule administration, and security analytics queries |
| Netskope | 21 | LOW, MEDIUM, HIGH | Netskope operations for alert management, cloud application visibility, DLP incident queries, and URL list administration |
| Cisco Umbrella | 21 | LOW, MEDIUM, HIGH | Cisco Umbrella operations for DNS policy management, destination list administration, security activity queries, and domain blocking |
| Cisco Secure Endpoint | 21 | LOW, MEDIUM, HIGH | Cisco Secure Endpoint (AMP) operations for event queries, endpoint isolation, file analysis, outbreak control lists, and group management |
| Claroty | 19 | LOW, MEDIUM, HIGH | Claroty operations for OT/IoT asset discovery, vulnerability management, network zone monitoring, and industrial protocol alert analysis |
| Nozomi Networks | 18 | LOW, MEDIUM, HIGH | Nozomi Networks operations for OT/IoT network monitoring, asset inventory queries, alert management, and vulnerability assessment |
| Snort | 17 | LOW, MEDIUM, HIGH | Snort IDS/IPS operations for rule management, alert queries, packet capture retrieval, and signature deployment |
| Tanium | 22 | LOW, MEDIUM, HIGH | Tanium operations for endpoint visibility queries, patch management, threat response actions, and real-time question deployment |