{"type":"doc","content":[{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"minLevel":{"value":"2"},"maxLevel":{"value":"2"},"type":{"value":"flat"}},"macroMetadata":{"macroId":{"value":"812af86120b7d64463b747ac09afa7ed"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"72c9b4a1-f493-4b84-b268-16358df35c8b"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"Mimecast","type":"text","marks":[{"type":"link","attrs":{"href":"https://www.mimecast.com/"}}]},{"text":" is a cloud-based, anti-spam, and archive filtering service for securing email accounts and communications for businesses.","type":"text"}]},{"type":"paragraph","content":[{"text":"Mimecast protects an enterprise’s email infrastructure from viruses, malware, phishing, and the rise of deep-fake attacks. It does this by deploying a layered cyber resilience solution that prevents email-borne infections and reduces data loss by archiving emails. This cloud-based cybersecurity solution also makes it possible to automate the recovery of archived and affected emails for continuous use.","type":"text"}]},{"type":"paragraph","content":[{"text":"The Mimecast approach to protecting email structures means it can predict or anticipate attacks in order to handle real-time threats. It also deals with data loss from ransomware attacks using data archiving, which eliminates the need to meet ransom demands, as well as struggle with downtime. Mimecast can also be deployed to tackle those annoyingly ‘spammy’ messages that keep cluttering inboxes.","type":"text"}]},{"type":"paragraph","content":[{"text":"For those who already use any of the popular email management brands such as Microsoft Office 365, Outlook, or Google’s Gsuite, Mimecast’s cloud-based nature makes it compatible with them. It can be deployed to tackle spam, ransomware, or other cybersecurity challenges.","type":"text"}]},{"type":"paragraph","content":[{"text":"The Devo Mimecast Collector uses the ","type":"text"},{"text":"Mimecast API","type":"text","marks":[{"type":"link","attrs":{"href":"https://www.mimecast.com/tech-connect/documentation/api-overview/api-concepts/"}}]},{"text":" to extract all the relevant information an send it as events to Devo.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Data sources","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"0a4544cc-a809-494e-b216-589751886371"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Data source","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"API endpoint","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"Devo table","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Attachments","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"Attachment Protection Logs","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/logs-and-statistics/get-ttp-attachment-protection-logs/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/ttp/attachment/get-logs","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.ttp.attachment","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Audit","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"Audit Events","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/logs-and-statistics/get-audit-events/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/audit/get-audit-events","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.audit.events","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Dashboard","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"Dashboard Notifications","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/account/get-dashboard-notifications/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/account/get-dashboard-notifications","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.account.dashboard","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Impersonation","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"TTP Impersonation Protect Logs","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/logs-and-statistics/get-ttp-impersonation-protect-logs/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/ttp/impersonation/get-logs","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.ttp.impersonation","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Messageholdlist","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"Hold Message List","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/message-queues/get-hold-message-list/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/gateway/get-hold-message-list","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.message.list","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Messageholdsummary","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"Message Hold Summary List","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/message-queues/get-hold-summary-list/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/gateway/get-hold-summary-list","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.message.summary","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Search","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"Search Logs","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/logs-and-statistics/get-search-logs/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/archive/get-search-logs","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.archive.search","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Siem","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"SIEM Logs","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/logs-and-statistics/get-siem-logs/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/audit/get-siem-logs","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.siem.av","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.delivery","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.iep","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.impersonation","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.jrnl","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.process","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.receipt","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.spameventthread","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.ttp","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Siem (API v2)","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"SIEM Batch Logs","type":"text","marks":[{"type":"link","attrs":{"href":"https://developer.services.mimecast.com/docs/threatssecurityeventsanddataforcg/1/routes/siem/v1/batch/events/cg/get"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/siem/v1/batch/events/cg","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.siem.attachment","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.av","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.delivery","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.iep","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.impersonation","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.jrnl","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.process","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.receipt","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.spam","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"mail.mimecast.siem.url","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Threatfeed","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"Threat Intel Feed","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/threat-intel/get-feed/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/ttp/threat-intel/get-feed","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.threat.feed","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Url","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"TTP URL Logs","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/logs-and-statistics/get-ttp-url-logs/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/ttp/url/get-logs","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.ttp.url","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"View","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[152.0]},"content":[{"type":"paragraph","content":[{"text":"Archive Message View Logs","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/logs-and-statistics/get-archive-message-view-logs/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[159.0]},"content":[{"type":"paragraph","content":[{"text":"/api/archive/get-view-logs","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"mail.mimecast.archive.messageview","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"For more information on how the events are parsed, ","type":"text"},{"text":"visit our page","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.devo.com/space/latest/94662225/mail.mimecast"}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Vendor setup","type":"text"}]},{"type":"expand","attrs":{"title":"Version 2 of the API"},"content":[{"type":"heading","attrs":{"level":3},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"Mimecast API 2.0 uses OAuth 2.0 to authenticate with the new Mimecast API Gateway using a dedicated Application (created and configured by the customer). To register and configure an Application:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"For Email Security Cloud Gateway customers:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"From Mimecast Administration Console navigate to: ","type":"text"},{"text":"Administration | Services | API and Platform Integrations | Available Integrations","type":"text","marks":[{"type":"strong"}]},{"text":", locate the ","type":"text"},{"text":"Mimecast API 2.0","type":"text","marks":[{"type":"strong"}]},{"text":" tile and select ","type":"text"},{"text":"Generate Keys","type":"text","marks":[{"type":"strong"}]},{"text":". Please see the following KB article for further information on Managing API 2.0 Applications: ","type":"text"},{"text":"https://community.mimecast.com/s/article/api-integrations-managing-mimecast-api-2-0-applications","type":"text","marks":[{"type":"underline"},{"type":"link","attrs":{"href":"https://community.mimecast.com/s/article/api-integrations-managing-mimecast-api-2-0-applications"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To successfully create and manage ","type":"text"},{"text":"Mimecast API 2.0","type":"text","marks":[{"type":"strong"}]},{"text":" applications, the ","type":"text"},{"text":"Security Permissions","type":"text","marks":[{"type":"strong"}]},{"text":" setting for a logged in administrators' role, must be able to ","type":"text"},{"text":"Manage Application Roles","type":"text","marks":[{"type":"strong"}]},{"text":". Please see the following KB article for further information on managing roles: ","type":"text"},{"text":"Customer Community","type":"text","marks":[{"type":"link","attrs":{"href":"https://community.mimecast.com/s/article/Email-Security-Cloud-Gateway-Managing-Administrator-Roles"}}]}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"For Email Security Cloud Integrated customers","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Navigate to ","type":"text"},{"text":"Configuration | API 2.0 Applications","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Select ","type":"text"},{"text":"New Application","type":"text","marks":[{"type":"strong"}]}]}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Authentication","type":"text"}]},{"type":"paragraph","content":[{"text":"After this process, the two keys that the Mimecast Collector API 2.0 needs are created, the keys are:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Client ID(","type":"text"},{"text":"client_id","type":"text","marks":[{"type":"code"}]},{"text":").","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Client Secret ( ","type":"text"},{"text":"client_secret","type":"text","marks":[{"type":"code"}]},{"text":")","type":"text"}]}]}]}]},{"type":"expand","attrs":{"title":"Version 1 of the API"},"content":[{"type":"heading","attrs":{"level":3},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"Following steps are necessary for setup at the Mimecast side.","type":"text"}]},{"type":"paragraph","content":[{"text":"Log in from ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://www.mimecast.com/tech-connect/documentation/api-overview/api-concepts/"}}]},{"type":"paragraph","content":[{"text":"Accessing your API applications:","type":"text","marks":[{"type":"strong"}]}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Log on to the ","type":"text"},{"text":"Administration Console","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click on the ","type":"text"},{"text":"Administration","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" toolbar button.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Select the ","type":"text"},{"text":"Services | API and Platform Integrations","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" menu item.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"With your API applications displayed you can:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Add an application","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Edit an application","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Delete an application","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Further information may be found here: ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://community.mimecast.com/s/article/Managing-API-Applications-505230018"}}]},{"type":"paragraph","content":[{"text":"Creating user API keys:","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"Scroll to middle of: ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://www.mimecast.com/tech-connect/documentation/api-overview/api-concepts/"}},{"text":" for detailed instructions.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Authentication","type":"text"}]},{"type":"paragraph","content":[{"text":"The Mimecast Collector needs four keys that the API uses, the four keys are:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"API Application ID(","type":"text"},{"text":"app_id","type":"text","marks":[{"type":"code"}]},{"text":").","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"API Key(","type":"text"},{"text":"app_key","type":"text","marks":[{"type":"code"}]},{"text":").","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Access Key(","type":"text"},{"text":"access_key","type":"text","marks":[{"type":"code"}]},{"text":").","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Secret Key(","type":"text"},{"text":"secret_key","type":"text","marks":[{"type":"code"}]},{"text":").","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Credentials","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"API Application ID & API Key","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"table","attrs":{"layout":"default","isNumberColumnEnabled":true,"width":1800.0,"localId":"3ffdb108-b116-4ece-98db-9e9a1af6932f"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Steps","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Add API Application.","type":"text","marks":[{"type":"strong"},{"type":"em"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Fill in the ","type":"text"},{"text":"Details","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" section as outlined below:","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Next","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":".","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Fill in the ","type":"text"},{"text":"Settings","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" section as outlined below:","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Next","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":".","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Review the ","type":"text"},{"text":"Summary","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" page to ensure all details are correct. To fix any errors:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click on the Edit link next to the Details or Settings to return to the relevant page.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Make your changes and click on the Next button to proceed to the Summary page again.","type":"text"}]}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click on the ","type":"text"},{"text":"Add","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" button. The application's details display in a slide-in panel.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Copy and paste the ","type":"text"},{"text":"Application ID","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" and ","type":"text"},{"text":"Application Key","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" to a safe place for use later in the process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Wait 30 minutes and click on the application in your list. A panel opens.","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"While waiting for the application to become live, you may go through the Prerequisites section of Creating User Association Keys. ","type":"text"}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click on the ","type":"text"},{"text":"X","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" to return to the list of API applications.","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"More details ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://community.mimecast.com/s/article/Managing-API-Applications-505230018#Creating-an-API-user-Authentication-Profile"}},{"text":" .","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Access Key & Secret Key","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"table","attrs":{"layout":"default","isNumberColumnEnabled":true,"width":1800.0,"localId":"8014eee1-f58b-4993-9e4b-b2e128b6d8c4"},"content":[{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click on ","type":"text"},{"text":"API Application","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" from the application list.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Create Keys","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":". A \"Create Keys\" wizard is displayed with the Account tab selected.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Enter the ","type":"text"},{"text":"Email Address","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" of your service account","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Next","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":". ","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Complete the ","type":"text"},{"text":"Authentication","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" dialog:","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Next","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":". The Verification tab is displayed.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"If you are using a 2-step authentication mechanism, a verification code is sent to you by SMS or email. ","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Enter the ","type":"text"},{"text":"Code","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" within 15 minutes.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Next","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":". The Keys tab is displayed with the generated keys hidden by default.","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click on the icon to display a key.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click on the icon to copy the key to your clipboard.","type":"text"}]}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Click on the ","type":"text"},{"text":"Finish","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" button to exit the wizard and return to the application list.","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"More details ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://community.mimecast.com/s/article/Managing-API-Applications-505230018#Creating-an-API-user-Authentication-Profile"}},{"text":" .","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Permissions (both API 1 and 2)","type":"text"}]},{"type":"paragraph","content":[{"text":"Each API call has a ","type":"text"},{"text":"prerequisite section","type":"text","marks":[{"type":"underline"},{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/endpoint-reference/account/get-account/"}}]},{"text":" that tells you what permissions are needed for the call. Usually, a Basic Administrator role will suffice, which should allow you to use the same API keys generated for multiple API calls under the application. ","type":"text"}]},{"type":"table","attrs":{"layout":"center","width":760.0,"localId":"8e57d6ca-bb86-42af-86dc-a976f63afbc7"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, var(--ds-background-accent-gray-subtlest, #F1F2F4))","rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"Service","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, var(--ds-background-accent-gray-subtlest, #F1F2F4))","rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Permissions","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"SIEM Audit","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Gateway | Tracking | Read","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"Audit","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Account | Logs | Read","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"TTP attachment","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Monitoring | Attachment Protection | Read","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"TTP impersonation","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Monitoring | Impersonation Protection | Read","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"TTP URL","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Monitoring | URL Protection | Read","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"Archive search","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Archive | Search Logs | Read","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"Archive view","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Archive | View Logs | Read","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"TTP Thread intel","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Services | Gateway | Tracking | Read","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"Message Hold List","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Account | Dashboard | Read","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"Message Hold Summary","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Account | Monitoring | Held Summary | Read","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[381.0]},"content":[{"type":"paragraph","content":[{"text":"Dashboard","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[379.0]},"content":[{"type":"paragraph","content":[{"text":"Account | Dashboard | Read","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"If you want to create a custom administrative role for this API service account user: ","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Navigate to ","type":"text"},{"text":"Administration | Account | Roles. ","type":"text","marks":[{"type":"strong"},{"type":"em"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"New Role.","type":"text","marks":[{"type":"strong"},{"type":"em"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Enter a ","type":"text"},{"text":"Role Name ","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":"and ","type":"text"},{"text":"Description.","type":"text","marks":[{"type":"strong"},{"type":"em"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Application Permissions","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":" section, select the boxes for each required role to be used by the service user account. ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Save and Exit","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":". ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Locate the newly created role and click on the role name. ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Add User to Role","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":". ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click on the email address of the API service user account. ","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"If you want to add the service account user to an existing role:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Navigate to ","type":"text"},{"text":"Administration | Account | Roles. ","type":"text","marks":[{"type":"strong"},{"type":"em"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click on the administrator role the user will be added to. ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Add User to Role.","type":"text","marks":[{"type":"strong"},{"type":"em"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click on the email address of the API service user account.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"More details ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://community.mimecast.com/s/article/Managing-API-Applications-505230018#Creating-an-API-user-Authentication-Profile"}},{"text":" .","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Run the collector","type":"text"}]},{"type":"paragraph","content":[{"text":"Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (","type":"text"},{"text":"Cloud collector","type":"text","marks":[{"type":"underline"}]},{"text":"), or deploy and host the collector in your own machine using a Docker image (","type":"text"},{"text":"On-premise collector","type":"text","marks":[{"type":"underline"}]},{"text":").","type":"text"}]},{"type":"bodiedExtension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"rw-ui-tabs-macro","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"6a805bc0-abf6-4d98-987c-6a9164c77642"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://static.dg.refinedtheme.refinedwiki.com/refinedtheme-for-cloud/macro-icons/tab-container.png"}}],"title":"Refined Tab Container"}},"localId":"51a38310-b288-4fb7-a20e-43dcd020e55a"},"content":[{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"rw-tab","parameters":{"macroParams":{"title":{"value":"Cloud collector"}},"macroMetadata":{"macroId":{"value":"2825992cb366f7c43cdf1373692654dc"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://static.dg.refinedtheme.refinedwiki.com/refinedtheme-for-cloud/macro-icons/tab.png"}}],"title":"Refined Tab"}},"localId":"55d633e1-475f-4965-ad25-9814901c4821"}},{"type":"paragraph","content":[{"text":"We use a piece of software called Collector Server to host and manage all our available collectors.","type":"text"}]},{"type":"paragraph","content":[{"text":"To enable the collector for a customer:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Collector Server","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"GUI","type":"text","marks":[{"type":"strong"}]},{"text":", access to the ","type":"text"},{"text":"domain","type":"text","marks":[{"type":"strong"}]},{"text":" in which you want this instance to be created in, click on ","type":"text"},{"text":"Add Collector","type":"text","marks":[{"type":"strong"}]},{"text":" and search for “","type":"text"},{"text":"Mimecast Collector - Integrations Factory","type":"text","marks":[{"type":"strong"}]},{"text":"”, then click on the result.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Version","type":"text","marks":[{"type":"strong"}]},{"text":" field, select the latest value.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Collector Name","type":"text","marks":[{"type":"strong"}]},{"text":" field, set the value you prefer (this name must be unique inside the same Collector Server domain).","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Parameters","type":"text","marks":[{"type":"strong"}]},{"text":" section, establish the ","type":"text"},{"text":"Collector Parameters","type":"text","marks":[{"type":"strong"}]},{"text":" as follows below:","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Editing the JSON configuration","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"global_overrides\": {\n \"debug\": false\n },\n \"inputs\": {\n \"mimecast_input\": {\n \"id\": \"\",\n \"enabled\": true,\n \"base_url\": \"your_base_url\",\n \"auth_url\": \"your_auth_url\",\n \"pageSize\": \"\",\n \"autoconfig\": {\n \"refresh_interval_in_seconds\": \"refresh_interval_value\",\n \"creation_timeout_in_second\": \"creation_timeout_value\"\n },\n \"credentials\": {\n \"client_id\": \"your_client_id\",\n \"client_secret\": \"your_client_secret\",\n \"app_id\": \"your_app_id\",\n \"app_key\": \"your_app_key\",\n \"access_key\": \"your_access_key\",\n \"secret_key\": \"your_secret_key\"\n },\n \"services\": {\n \"service_mimecast_client_api\": {\n \"last_configuration_timestamp\": \"last_configuration_timestamp_value\",\n \"endpoints\": [\n {\n \"endpoints_1\": {\n \"name\": \"audit\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_2\": {\n \"name\": \"attachments\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_3\": {\n \"name\": \"impersonation\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_4\": {\n \"name\": \"url\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_5\": {\n \"name\": \"search\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_6\": {\n \"name\": \"view\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_7\": {\n \"name\": \"threatfeed\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_8\": {\n \"name\": \"messageholdlist\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_9\": {\n \"name\": \"messageholdsummary\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_10\": {\n \"name\": \"dashboard\",\n \"initial_lookback_period\": \"1d\"\n }\n }\n ]\n }\n }\n },\n \"mimecast_siem_input\": {\n \"id\": \"\",\n \"enabled\": true,\n \"requests_per_second\": \"requests_per_second_value\",\n \"base_url\": \"your_base_url\",\n \"auth_url\": \"your_auth_url\",\n \"pageSize\": \"page_size_value\",\n \"autoconfig\": {\n \"refresh_interval_in_seconds\": \"refresh_interval_value\",\n \"creation_timeout_in_second\": \"creation_timeout_value\"\n },\n \"credentials\": {\n \"client_id\": \"your_client_id\",\n \"client_secret\": \"your_client_secret\",\n \"app_id\": \"your_app_id\",\n \"app_key\": \"your_app_key\",\n \"access_key\": \"your_access_key\",\n \"secret_key\": \"your_secret_key\"\n },\n \"services\": {\n \"service_mimecast_siem_client_api\": {\n \"last_configuration_timestamp\": \"last_configuration_timestamp_value\",\n \"endpoints\": {\n \"siem\": {\n \"initial_lookback_period\": \"0d\",\n \"page_token\": \"\"\n }\n }\n }\n }\n }\n }\n}","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the ","type":"text"},{"text":"services","type":"text","marks":[{"type":"code"}]},{"text":" object.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"Please replace the placeholders with real world values following the description table below:","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":1800.0,"localId":"4fc8d4e7-efdd-48ce-8915-75695a81e6e2"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, var(--ds-background-accent-gray-subtlest, #F1F2F4))","rowspan":1,"colwidth":[100.0]},"content":[{"type":"paragraph","content":[{"text":"Parameter","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, var(--ds-background-accent-gray-subtlest, #F1F2F4))","rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Data Type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, var(--ds-background-accent-gray-subtlest, #F1F2F4))","rowspan":1,"colwidth":[107.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, var(--ds-background-accent-gray-subtlest, #F1F2F4))","rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Value Range/ Format","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, var(--ds-background-accent-gray-subtlest, #F1F2F4))","rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[100.0]},"content":[{"type":"paragraph","content":[{"text":"id","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[107.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum length: 1","type":"text"},{"type":"hardBreak"},{"text":"Maximum length: 5","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"Alphanumeric identifier.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[100.0]},"content":[{"type":"paragraph","content":[{"text":"enabled","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"bool","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[107.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"true","type":"text","marks":[{"type":"code"}]},{"text":"/","type":"text"},{"text":"false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"Enables or disables the input.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[100.0]},"content":[{"type":"paragraph","content":[{"text":"base_url","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[107.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"For v2 API","type":"text"},{"type":"hardBreak"},{"text":"https://api.services.mimecast.com","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":"For v1 API, see: ","type":"text"},{"type":"hardBreak"},{"text":"Global Base URLs","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/api-overview/global-base-urls/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"Base url for all the APIs","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[100.0]},"content":[{"type":"paragraph","content":[{"text":"auth_url","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[107.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"For v2 API:","type":"text"},{"type":"hardBreak"},{"text":"\"https://api.services.mimecast.com/oauth/token\"","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"For v1:","type":"text"}]},{"type":"paragraph","content":[{"text":"Delete this parameter","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"Auth url to generated auth token.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[100.0]},"content":[{"type":"paragraph","content":[{"text":"credentials","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"dictionary","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[107.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"For v2 API:","type":"text"}]},{"type":"codeBlock","content":[{"text":"\"credentials\": {\n \"client_id\": \"your_client_id\",\n \"client_secret\": \"your_client_secret\"\n},","type":"text"}]},{"type":"paragraph","content":[{"text":"For v1:","type":"text"}]},{"type":"codeBlock","content":[{"text":"\"credentials\": {\n \"app_id\": \"your_app_id\",\n \"app_key\": \"your_app_key\",\n \"access_key\": \"your_access_key\",\n \"secret_key\": \"your_secret_key\"\n}","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"Credentials to use the API.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[100.0]},"content":[{"type":"paragraph","content":[{"text":"endpoints","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"list","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[107.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum length: 1","type":"text"}]},{"type":"paragraph","content":[{"text":"Posible values:","type":"text"}]},{"type":"codeBlock","content":[{"text":"[\n {\n \"endpoints_1\": {\n \"name\": \"audit\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_2\": {\n \"name\": \"attachments\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_3\": {\n \"name\": \"impersonation\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_4\": {\n \"name\": \"url\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_5\": {\n \"name\": \"search\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_6\": {\n \"name\": \"view\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_7\": {\n \"name\": \"threatfeed\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_8\": {\n \"name\": \"messageholdlist\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_9\": {\n \"name\": \"messageholdsummary\",\n \"initial_lookback_period\": \"1d\"\n }\n },\n {\n \"endpoints_10\": {\n \"name\": \"dashboard\",\n \"initial_lookback_period\": \"1d\"\n }\n }\n ]","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"An array with at least one endpoint, the collector will pull from the selected endpoints.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[100.0]},"content":[{"type":"paragraph","content":[{"text":"last_configuration_timestamp","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[107.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Date following the next format:","type":"text"}]},{"type":"paragraph","content":[{"text":"yyyy-mm-ddThh:mm:ss.000Z","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"Change this value to a date after the initial configuration to reset the state of the collector.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[100.0]},"content":[{"type":"paragraph","content":[{"text":"initial_lookback_period","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[107.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Number of days, Example:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"1d","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"This value will be subtracted from the current date to execute all queries in that range if no state is detected (Initial execution for example).","type":"text"}]},{"type":"paragraph","content":[{"text":" This value only has an effect for ","type":"text"},{"text":"mimecast_input","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"mimecast_siem_input","type":"text","marks":[{"type":"code"}]},{"text":" always pull from the last 7 days.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[100.0]},"content":[{"type":"paragraph","content":[{"text":"page_token","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[107.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Token from app log","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"Advanced theme: it is possible to put a pagination token from the collector to start fetching data from a given page.","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"We recommend to leave parameters not in the list with their default values.","type":"text"}]},{"type":"paragraph","content":[{"text":"Keep in mind that the Mimecast collector has two different inputs:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"mimecast_input","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"mimecast_siem_input","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"paragraph","content":[{"text":"The collector can use both inputs or just one. Each input uses different endpoints and feeds different tables in Devo. Make sure to check the credentials given to determine the inputs and endpoints to use.","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"rw-tab","parameters":{"macroParams":{"title":{"value":"On-premise collector"}},"macroMetadata":{"macroId":{"value":"0e08d10a084320745cfcad174c481cfb"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://static.dg.refinedtheme.refinedwiki.com/refinedtheme-for-cloud/macro-icons/tab.png"}}],"title":"Refined Tab"}},"localId":"3392ad6b-e017-4587-96ac-e5e9d4459cb2"}},{"type":"paragraph","content":[{"text":"This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Structure","type":"text"}]},{"type":"paragraph","content":[{"text":"The following directory structure should be created for being used when running the collector:","type":"text"}]},{"type":"codeBlock","content":[{"text":"\n└── devo-collectors/\n └── /\n ├── certs/\n │ ├── chain.crt\n │ ├── .key\n │ └── .crt\n ├── state/\n └── config/ \n └── config.yaml ","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper value.","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Devo credentials","type":"text"}]},{"type":"paragraph","content":[{"text":"In Devo, go to ","type":"text"},{"text":"Administration → Credentials → X.509 Certificates","type":"text","marks":[{"type":"strong"}]},{"text":", download the ","type":"text"},{"text":"Certificate","type":"text","marks":[{"type":"strong"}]},{"text":", ","type":"text"},{"text":"Private key","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"Chain CA","type":"text","marks":[{"type":"strong"}]},{"text":" and save them in ","type":"text"},{"text":"/certs/","type":"text","marks":[{"type":"code"}]},{"text":". Learn more about security credentials in Devo ","type":"text"},{"text":"here","type":"text","marks":[{"type":"link","attrs":{"href":"#"}}]},{"text":".","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":950,"id":"f24d6bb4-72a9-4e0d-9c94-b880af4ec215","collection":"contentId-184975456","type":"file","height":448}}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper value.","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Editing the config.yaml file","type":"text"}]},{"type":"codeBlock","content":[{"text":"globals:\n debug: false\n id: not_used\n name: mimecast_collector\n persistence:\n type: filesystem\n config:\n directory_name: state\n queue_max_size_in_messages: 1000\n queue_wrap_max_size_in_messages: 100\noutputs:\n# devo_1:\n# type: devo_platform\n# config:\n# address: collector-us.devo.io\n# port: 443\n# type: SSL\n# chain: chain.crt\n# cert: .crt\n# key: .key\ninputs:\n mimecast_input:\n id: 1\n enabled: true\n requests_per_second: 5\n base_url: your_base_url\n auth_url: your_auth_url\n pageSize: 1000\n autoconfig:\n refresh_interval_in_seconds: 60 # Runs the setup every x seconds (default 600)\n creation_timeout_in_second: 60 # Set up the setup timeout (default 60)\n credentials:\n client_id: \n client_secret: \n app_id: \n app_key: \n access_key: \n secret_key: \n services:\n service_mimecast_client_api:\n last_configuration_timestamp: 2021-12-02T13:10:00Z # change this if you want to get your state changed!\n endpoints:\n - endpoints_1:\n name: audit\n initial_lookback_period: 1d\n - endpoints_2:\n name: attachments\n initial_lookback_period: 1d\n - endpoints_3:\n name: impersonation\n initial_lookback_period: 1d\n - endpoints_4:\n name: url\n initial_lookback_period: 1d\n - endpoints_5:\n name: search\n initial_lookback_period: 1d\n - endpoints_6:\n name: view\n initial_lookback_period: 1d\n - endpoints_7:\n name: threatfeed\n initial_lookback_period: 1d\n - endpoints_8:\n name: messageholdlist\n initial_lookback_period: 1d\n - endpoints_9:\n name: messageholdsummary\n initial_lookback_period: 1d\n - endpoints_10:\n name: dashboard\n initial_lookback_period: 1d\n mimecast_siem_input:\n id: 2\n enabled: false\n requests_per_second: 5\n base_url: your_base_url\n auth_url: your_auth_url\n pageSize: 10\n autoconfig:\n refresh_interval_in_seconds: 60 # Runs the setup every x seconds (default 600)\n creation_timeout_in_second: 60 # Set up the setup timeout (default 60)\n credentials:\n client_id: \n client_secret: \n app_id: \n app_key: \n access_key: \n secret_key: \n services:\n service_mimecast_siem_client_api:\n last_configuration_timestamp: 2021-12-02T13:10:00Z # change this if you want to get your state changed!\n endpoints:\n siem:\n initial_lookback_period: 0d\n page_token: ","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the ","type":"text"},{"text":"services","type":"text","marks":[{"type":"code"}]},{"text":" object.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"Replace the placeholders with your required values following the description table below:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"828a780d-20d3-4e8b-96f0-ea5fc1dcbc96"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[105.0]},"content":[{"type":"paragraph","content":[{"text":"Parameter","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Data type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Value range/ Format","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[105.0]},"content":[{"type":"paragraph","content":[{"text":"id","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum length: 1","type":"text"},{"type":"hardBreak"},{"text":"Maximum length: 5","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Alphanumeric identifier.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[105.0]},"content":[{"type":"paragraph","content":[{"text":"enabled","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"bool","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"true","type":"text","marks":[{"type":"code"}]},{"text":"/","type":"text"},{"text":"false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Enables or disables the input.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[105.0]},"content":[{"type":"paragraph","content":[{"text":"base_url","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"For v2 API","type":"text"},{"type":"hardBreak"},{"text":"https://api.services.mimecast.com","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":"For v1 API, see: ","type":"text"},{"type":"hardBreak"},{"text":"Global Base URLs","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/api-overview/global-base-urls/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Base url for all the APIs","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[105.0]},"content":[{"type":"paragraph","content":[{"text":"auth_url","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"For v2 API:","type":"text"},{"type":"hardBreak"},{"text":"\"https://api.services.mimecast.com/oauth/token\"","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"For v1:","type":"text"}]},{"type":"paragraph","content":[{"text":"Delete this parameter","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Auth url to generated auth token.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[105.0]},"content":[{"type":"paragraph","content":[{"text":"credentials","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"dictionary","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"codeBlock","content":[{"text":" client_id: \n client_secret: ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Credentials to use the API.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[105.0]},"content":[{"type":"paragraph","content":[{"text":"endpoints","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"list","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum length: 1","type":"text"}]},{"type":"paragraph","content":[{"text":"Posible values:","type":"text"}]},{"type":"codeBlock","content":[{"text":"- endpoints_1:\n name: audit\n initial_lookback_period: 1d\n- endpoints_2:\n name: attachments\n initial_lookback_period: 1d\n- endpoints_3:\n name: impersonation\n initial_lookback_period: 1d\n- endpoints_4:\n name: url\n initial_lookback_period: 1d\n- endpoints_5:\n name: search\n initial_lookback_period: 1d\n- endpoints_6:\n name: view\n initial_lookback_period: 1d\n- endpoints_7:\n name: threatfeed\n initial_lookback_period: 1d\n- endpoints_8:\n name: messageholdlist\n initial_lookback_period: 1d\n- endpoints_9:\n name: messageholdsummary\n initial_lookback_period: 1d\n- endpoints_10:\n name: dashboard\n initial_lookback_period: 1d\n","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"An array with at least one endpoint, the collector will pull from the selected endpoints.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[105.0]},"content":[{"type":"paragraph","content":[{"text":"last_configuration_timestamp","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Date following the next format:","type":"text"}]},{"type":"paragraph","content":[{"text":"yyyy-mm-ddThh:mm:ss.000Z","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Change this value to a date after the initial configuration to reset the state of the collector.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[105.0]},"content":[{"type":"paragraph","content":[{"text":"initial_lookback_period","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Number of days, Example:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"1d","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"This value will be subtracted from the current date to execute all queries in that range if no state is detected (Initial execution for example).","type":"text"}]},{"type":"paragraph","content":[{"text":" This value only has an effect for ","type":"text"},{"text":"mimecast_input","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"mimecast_siem_input","type":"text","marks":[{"type":"code"}]},{"text":" always pull from the last 7 days.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[105.0]},"content":[{"type":"paragraph","content":[{"text":"page_token","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Token from app log","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[160.0]},"content":[{"type":"paragraph","content":[{"text":"Advanced theme: it is possible to put a pagination token from the collector to start fetching data from a given page.","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Download the Docker image","type":"text"}]},{"type":"paragraph","content":[{"text":"The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"169081f0-1cba-4823-8566-04f20f72ae31"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Collector Docker image","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"SHA-256 hash","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"collector-mimecast_collector-docker-image-2.2.1","type":"text","marks":[{"type":"link","attrs":{"href":"https://drive.google.com/file/d/1EK17KhJUdgTQC9UH67MjcS0wnL12TIvJ/view?usp=drive_link"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"f0745ea0e361d635f672a7d261fc9356826d097f85d03820f5c1915760fc7b44","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"Use the following command to add the Docker image to the system:","type":"text"}]},{"type":"codeBlock","content":[{"text":"gunzip -c -.tgz | docker load","type":"text"}]},{"type":"paragraph","content":[{"text":"Once the Docker image is imported, it will show the real name of the Docker image (including version info). Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with a proper value.","type":"text"}]},{"type":"paragraph","content":[{"text":"The Docker image can be deployed on the following services:","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Docker","type":"text"}]},{"type":"paragraph","content":[{"text":"Execute the following command on the root directory ","type":"text"},{"text":"/devo-collectors//","type":"text","marks":[{"type":"code"}]}]},{"type":"codeBlock","content":[{"text":"docker run \\\n--name \\\n--volume $PWD/certs:/devo-collector/certs \\\n--volume $PWD/config:/devo-collector/config \\\n--volume $PWD/state:/devo-collector/state \\\n--env CONFIG_FILE=.yaml \\\n--rm -it :","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper values.","type":"text"}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Docker Compose","type":"text"}]},{"type":"paragraph","content":[{"text":"The following Docker Compose file can be used to execute the Docker container. It must be created in the ","type":"text"},{"text":"/devo-collectors//","type":"text","marks":[{"type":"code"}]},{"text":" directory.","type":"text"}]},{"type":"codeBlock","content":[{"text":"version: '3'\nservices:\n :\n image: :${IMAGE_VERSION:-latest}\n volumes:\n - ./certs:/devo-collector/certs\n - ./config:/devo-collector/config\n - ./state:/devo-collector/state\n environment:\n - CONFIG_FILE=${CONFIG_FILE:-.yaml}","type":"text"}]},{"type":"paragraph","content":[{"text":"To run the container using docker-compose, execute the following command from the ","type":"text"},{"text":"/devo-collectors//","type":"text","marks":[{"type":"code"}]},{"text":" directory:","type":"text"}]},{"type":"codeBlock","content":[{"text":"IMAGE_VERSION= docker-compose up -d","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper values.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"API limits and duplicates","type":"text"}]},{"type":"paragraph","content":[{"text":"The Mimecast API has some call rate limits. When a limit is reached, the collector shows a 429 error. More details about MImecast limits can be found ","type":"text"},{"text":"here","type":"text","marks":[{"type":"link","attrs":{"href":"https://integrations.mimecast.com/documentation/api-overview/rate-limiting/"}}]},{"text":" and ","type":"text"},{"text":"here","type":"text","marks":[{"type":"link","attrs":{"href":"https://developer.services.mimecast.com/docs/threatssecurityeventsanddataforcg/1/routes/siem/v1/batch/events/cg/get"}}]}]},{"type":"paragraph","content":[{"text":"The Mimecast API sometimes sends duplicate events (it is not common). The collector tries to filter out the duplicates, but it is not possible to guarantee that all duplicates are deleted.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Change log","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"fe4532a2-a4b5-4f51-a937-036b9bc739a5"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Release","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Released on","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Release type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Recommendations","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2},"content":[{"type":"paragraph","content":[{"text":"v2.2.1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1730246400000"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"yellow","style":"bold","text":"bug fixing","localId":"e37b978e-3530-496d-b31d-6defb0543f48"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Recommended version","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":3,"rowspan":1},"content":[{"type":"nestedExpand","attrs":{"title":"Details"},"content":[{"type":"paragraph","content":[{"text":"Bug fixes","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Solved “Collector stops every 7 days” (INT-2957).","type":"text"}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2},"content":[{"type":"paragraph","content":[{"text":"v2.2.0","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1729641600000"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"blue","style":"bold","text":"IMPROVEMENTS","localId":"0739989e-ae5f-4239-bc18-3ea4450f58ad"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"-","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":3,"rowspan":1},"content":[{"type":"nestedExpand","attrs":{"title":"Details"},"content":[{"type":"paragraph","content":[{"text":"Improvements","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The tags used for SIEM v2 have been changed, so they can use the new parsers that store data in the old tables","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Migrated to DCSDK version 1.13.1","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Change internal queue management for protecting against OOMK","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Extracted ModuleThread structure from PullerAbstract","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Improve Controlled stop when both processes fails to instantiate","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Improve Controlled stop when InputProcess is killed","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fixed error related a ValueError exception not well controlled","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fixed error related with loss of some values in internal messages","type":"text"}]}]}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2},"content":[{"type":"paragraph","content":[{"text":"v2.1.1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1727136000000"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":" ","type":"text"},{"type":"status","attrs":{"color":"yellow","style":"bold","text":"bug fixing","localId":"4bdba24b-086a-4744-8b51-d6dd27efd2e7"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"-","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":3,"rowspan":1},"content":[{"type":"nestedExpand","attrs":{"title":"Details"},"content":[{"type":"paragraph","content":[{"text":"Bug fixes","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Solved CVE-2024-45490, CVE-2024-45491, CVE-2024-45492 updating base image.","type":"text"}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2},"content":[{"type":"paragraph","content":[{"text":"v2.1.0","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1726790400000"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"purple","style":"bold","text":"New features","localId":"3db22697-8c97-49b7-ab0d-6b9ad9b8f7e9"}},{"text":" ","type":"text"},{"type":"hardBreak"},{"type":"status","attrs":{"color":"blue","style":"bold","text":"IMPROVEMENTS","localId":"863a693b-8f60-4a9d-824d-b6d659ad85cd"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":" ","type":"text"},{"text":"-","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":3,"rowspan":1},"content":[{"type":"nestedExpand","attrs":{"title":"Details"},"content":[{"type":"paragraph","content":[{"text":"New features","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Integrated Mimecast API v2 for SIEM events, using Batch download","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"New tables for new event formats","type":"text"},{"type":"hardBreak"},{"text":"mail.mimecast.siem.av_v2","type":"text"},{"type":"hardBreak"},{"text":"mail.mimecast.siem.delivery_v2","type":"text"},{"type":"hardBreak"},{"text":"mail.mimecast.siem.ieo_v2","type":"text"},{"type":"hardBreak"},{"text":"mail.mimecast.siem.impersonation_v2","type":"text"},{"type":"hardBreak"},{"text":"mail.mimecast.siem.jrnl_v2","type":"text"},{"type":"hardBreak"},{"text":"mail.mimecast.siem.process_v2","type":"text"},{"type":"hardBreak"},{"text":"mail.mimecast.siem.receipt_v2","type":"text"},{"type":"hardBreak"},{"text":"mail.mimecast.siem.attachment_v2","type":"text"},{"type":"hardBreak"},{"text":"mail.mimecast.siem.spam_v2","type":"text"},{"type":"hardBreak"},{"text":"mail.mimecast.siem.url_v2","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Improvements","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Changed default cycle value to 300 seconds for SIEM service, to avoid 429 from the API","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Migrated to DCSDK version 1.12.4","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fixed error related a ValueError exception not well controlled.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fixed error related with loss of some values in internal messages (collector_name, collector_id and job_id)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Improve Controlled stop when InputProcess is killed","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Change internal queue management for protecting against OOMK","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Extracted ModuleThread structure from PullerAbstract","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Improve Controlled stop when both processes fails to instatiate","type":"text"}]}]}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2},"content":[{"type":"paragraph","content":[{"text":" ","type":"text"},{"text":"v2.0.1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1722816000000"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"purple","style":"bold","text":"New features","localId":"2f3d7016-3eda-488f-8c11-46478bbfd0fd"}}]},{"type":"paragraph","content":[{"type":"status","attrs":{"color":"blue","style":"bold","text":"IMPROVEMENTS","localId":"f984eaee-4868-4802-805d-71d0b9cf4a7b"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"-","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":3,"rowspan":1},"content":[{"type":"nestedExpand","attrs":{"title":"Details"},"content":[{"type":"paragraph","content":[{"text":"New features","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Integrated both Mimecast API v2 and API v1","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Deleted duplited SIEM events","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"New parameter for SIEM service inicialization","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Improvements","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Some small fixes and changes for robustness","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Migrated to DCSDK version 1.12.2","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Added new sender for relay in house + TLS","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Added persistence functionality for gzip sending buffer","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Added Automatic activation of gzip sending","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Improved behaviour when persistence fails","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded DevoSDK dependency to v5.4.0","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fixed console log encoding","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Restructured python classes","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Improved behaviour with non-utf8 characters","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Decreased defaut size value for internal queues (Redis limitation, from 1GiB to 256MiB)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"New persistence format/structure (compression in some cases)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Removed dmesg execution (It was invalid for docker execution)","type":"text"}]}]}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2},"content":[{"type":"paragraph","content":[{"text":" ","type":"text"},{"text":"v1.2.0","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1715299200000"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"blue","style":"bold","text":"IMPROVEMENTS","localId":"0e8fff48-8a4b-4220-97e3-80a0d33aa0a2"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"-","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":3,"rowspan":1},"content":[{"type":"nestedExpand","attrs":{"title":"Details"},"content":[{"type":"paragraph","content":[{"text":"Improvements","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded the mimecast api from v1 to v2.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Updated DCSDK from 1.10.2 to 1.11.1","type":"text"}]}]}]}]}]}]}]}],"version":1}

Browser not supported