AgentSkillsCN

Email Security

邮件安全

SKILL.md

Email Security

Monitor email security infrastructure and protection status using Trend Micro Vision One. This skill provides visibility into email gateways, servers, and security configurations.

Instructions

  1. When the user asks about email security, mail servers, or email protection status, use this skill to query email infrastructure.

  2. List email servers: Start with list_email_servers to get an overview of all monitored email infrastructure.

  3. Check gateway status: Use list_email_gateways to review email gateway configurations and health.

  4. Get activity data: Use get_email_activity_data to retrieve email security events and metrics.

  5. Correlate with alerts: Cross-reference email security data with Workbench alerts for phishing or email-based threats.

  6. Monitor trends: Look for patterns in email threats to identify targeted campaigns.

Tools

This skill uses the following Vision One MCP tools (all read-only):

ToolPurpose
list_email_serversList monitored email servers and their status
list_email_gatewaysList email gateway configurations
get_email_activity_dataRetrieve email security activity and metrics

Common Workflows

Email Infrastructure Review

  1. List all email servers
  2. Check server health and protection status
  3. List email gateways
  4. Verify gateway configurations
  5. Summarize protection coverage

Email Threat Analysis

  1. Get email activity data for time period
  2. Identify threat patterns (phishing, malware, spam)
  3. Correlate with known campaigns
  4. Identify targeted users or departments
  5. Recommend additional protections

Email Security Health Check

  1. List email servers and gateways
  2. Check connection status for each component
  3. Verify protection features are enabled
  4. Identify any gaps in coverage
  5. Document compliance status

Output Format

Email Infrastructure Summary

code
## Email Security Overview

### Email Servers
| Server | Type | Status | Protection |
|--------|------|--------|------------|
| [Name] | [Exchange/O365/etc] | [Healthy/Unhealthy] | [Enabled/Disabled] |

### Email Gateways
| Gateway | Status | Last Seen |
|---------|--------|-----------|
| [Name] | [Active/Inactive] | [Timestamp] |

### Protection Status
- Anti-malware: [Enabled/Disabled]
- Anti-phishing: [Enabled/Disabled]
- Anti-spam: [Enabled/Disabled]
- URL filtering: [Enabled/Disabled]

Email Activity Report

code
## Email Activity Summary

**Period**: [Start] to [End]

### Threat Statistics
- Phishing attempts blocked: [count]
- Malware attachments blocked: [count]
- Spam filtered: [count]
- Suspicious URLs blocked: [count]

### Top Targeted Users
1. [user@domain] - [threat count]
2. [user@domain] - [threat count]

### Threat Trends
[Description of patterns observed]

Security Considerations

  • This skill provides read-only access to email security data
  • Email server names and configurations are sensitive infrastructure details
  • Use this data to verify protection status, not for external reporting
  • High phishing volumes may indicate targeted campaigns requiring additional response
  • Coordinate with email administrators for configuration changes