You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 15
Next »
Overview
Mimecast is a cloud-based, anti-spam, and archive filtering service for securing email accounts and communications for businesses. This collector protects an enterprise’s email infrastructure from viruses, malware, phishing, and the rise of deep-fake attacks. It also makes it possible to automate the recovery of archived and affected emails for continuous use. It can predict and anticipate attacks and deal with losses from ransomware attacks using data archiving. The Devo Mimecast Collector uses the Mimecast API to extract all the relevant information and send it as events to Devo.
Data sources
Data Source | Description | API Endpoint | Devo Table |
---|
Audit | Audit Events | /api/audit/get-audit-events
| mail.mimecast.audit.events
|
Attachments | Attachment Protection Logs | /api/ttp/attachment/get-logs
| mail.mimecast.ttp.attachment
|
Impersonation | TTP Impersonation Protect Logs | /api/ttp/impersonation/get-logs
| mail.mimecast.ttp.impersonation
|
Url | TTP URL Logs | /api/ttp/url/get-logs
| mail.mimecast.ttp.url
|
Search | Search Logs | /api/archive/get-search-logs
| mail.mimecast.archive.search
|
View | Archive Message View Logs | /api/archive/get-view-logs
| mail.mimecast.archive.messageview
|
Threatfeed | Threat Intel Feed | /api/ttp/threat-intel/get-feed
| mail.mimecast.threat.feed
|
Messageholdlist | Hold Message List | /api/gateway/get-hold-message-list
| mail.mimecast.message.list
|
Messageholdsummary | Message Hold Summary List | /api/gateway/get-hold-summary-list
| mail.mimecast.message.summary
|
Dashboard | Dashboard Notifications | /api/account/get-dashboard-notifications
| mail.mimecast.account.dashboard
|
Siem | SIEM Logs | /api/audit/get-siem-logs
| mail.mimecast.siem.receipt
mail.mimecast.siem.process
mail.mimecast.siem.delivery
mail.mimecast.siem.jrnl
mail.mimecast.siem.av
mail.mimecast.siem.iep
mail.mimecast.siem.impersonation
mail.mimecast.siem.spameventthread
mail.mimecast.siem.ttp
|
For more information on how the events are parsed, visit our page.
Vendor setup
There are some requirements to configure the Mimecast collector:
Click here to know how to access your API applications
Log in to the Administration Console.
Click on the Administration toolbar button.
Select the Services/API and Platform Integrations menu item.
Once your API applications display you can:
Add an application.
Edit an application.
Delete an application.
Accepted authentication methods
The Mimecast Collector needs four keys that the API uses, the four keys are:
Credentials
API Application ID & API Key
Click Add API Application.
2. Fill in the Details section below and click Next.
3. Fill in the Settings section as outlined below and click Next.
4. Review the Summary page to ensure all details are correct. To fix any errors:
5. Click on the Add button. The Add API Application panel will display.
6. Copy the Application ID and the Application Key.
7. Wait 30 minutes and click on the application. Click the X button to return to the list of API applications.
Access Key & Secret Key
Click on API Application from the application list.
Click Create Keys. A Create Keys wizard displays with the Account tab selected.
Enter the Email Address of your service account.
Click next.
Complete the Authentication dialog.
Enter the Code within 15 minutes.
Click Next. The keys tab is displayed with the generated keys hidden by default.
Permissions
Follow these steps if you want to create a custom administrative role for the API service account user:
Navigate to Administration → Account → Roles.
Click New Role.
Enter a Role Name and Description.
In the Application Permissions section select the boxes for each required role to be used by the service account. Click Save.
Locate the newly created role and click on the role name.
Click Add User to Role.
Click on the email address of the API service user account.
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).