Document toolboxDocument toolbox

mail.mimecast

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Last updated: Jan 10, 2022Version comment
1 min read

Introduction

The tags beginning with mail.mimecast identify events generated by Mimecast.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as mail.mimecast. The third level identifies the type of events sent, and the fourth level indicates the event subtype

Technology

Brand

Type

Subtype

mail

mimecast

  • archive
  • audit
  • siem
  • ttp
  • message
  • threat
  • account
  • messageview
  • search
  • events
  • delivery
  • jrnl
  • process
  • receipt
  • attachment
  • impersonation
  • url
  • liost
  • summary
  • feed
  • dashboard

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

mail.mimecast.archive.messageviewmail.mimecast.archive.messageview
mail.mimecast.archive.searchmail.mimecast.archive.search
mail.mimecast.audit.eventsmail.mimecast.audit.events
mail.mimecast.siem.deliverymail.mimecast.siem.delivery
mail.mimecast.siem.jrnlmail.mimecast.siem.jrnl
mail.mimecast.siem.processmail.mimecast.siem.process
mail.mimecast.siem.receiptmail.mimecast.siem.receipt
mail.mimecast.ttp.attachmentmail.mimecast.ttp.attachment
mail.mimecast.ttp.impersonationmail.mimecast.ttp.impersonation
mail.mimecast.ttp.urlmail.mimecast.ttp.url
mail.mimecast.message.listmail.mimecast.message.list
mail.mimecast.message.summarymail.mimecast.message.summary
mail.mimecast.threat.feedmail.mimecast.threat.feed
mail.mimecast.account.dashboardmail.mimecast.account.dashboard

How is the data sent to Devo?

Events may be sent directly to Devo using the Mimecast API or using our Devo relay.