Login
    Contents x
    Mimecast Email Security
    • 26 Mar 2025
    • 2 Minutes to read
    • Print
    • Dark
      Light
    Contents

    Mimecast Email Security

    • Updated on 26 Mar 2025
    • 2 Minutes to read
    • Print
    • Dark
      Light
    Article summary

    Mimecast provides your organization with security, continuity, and archiving cloud services in a mail management system designed to protect email, ensure access, and simplify the tasks of managing email. For detailed information, please refer to the Mimecast official documentation

    Integration Method: API

    Tables: Detection Finding (2004), Email Activity (4009)

    This integration supports the following events.

    Event

    Description

    SIEM Logs

    Retrieves all the Mail Transfer Agent (MTA) logs

    DLP Logs

    Retrieves all the messages that triggered a DLP or Content Examination policy

    Threats

    Retrieves all the rejected, blocked and held events with detailed information

    This integration supports the following versions.

    Mimecast API version

    v2.0

    Note:

    Mimecast doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service. As for this document preparation, the latest release was on February 17, 2025. For more information, refer here.

    Prerequisites

    • The user should have access to the Mimecast portal with an account that has the Administrator privileges. 

    • The user should have access to the DataBee console.

    Configuration Overview

    1. Generate the API token with the required scopes.

    2. Add the Mimecast Email Security data feed in the DataBee console with the below parameters.

      DataBee Parameter

      Mimecast Parameter

      Client Key

      Client Id

      Client Secret

      Client Secret

    Mimecast Configuration

    1. Login to the Mimecast portal and click on Administration Console.
       

    2. In the “Administration Console” page, click on Services and then click on API and Platform Integrations.
       

    3. In the “API and Platform Integrations” page, under Available Integrations, click on Generate Keys below the Mimecast API 2.0.
       

    4. Acknowledge the legal terms and click Next.
       

    5. In the “Details” page, fill in the details for ‘Application Name’ and in the ‘Category’ drop down, click on Other.
       

    6. In the ‘Products’ drop down, select Threats, Security Events and Data for Cloud Gateway, Threat Management, Security Events, Email Security Cloud Gateway and click APPLY.
       

    7. In the ‘Application Role’ drop down, select Basic Administrator.
       

    8. Verify the following information is correctly populated and then click on Next.

      • Application Name: enter an appropriate name for the integration.

      • Category: select Other.

      • Products: select the following list of products from the drop down for seamless data ingestion.

        • Threats, Security Events and Data for CG

        • Threat Management

        • Security Events

        • Email Security Cloud Gateway

      • Description: enter an appropriate description of the integration.

       

    9. In the “Notifications” page, write the required details and click Next.

      • Technical Point of Contact: name of the POC.

      • Email: email address of the POC.

       

    10. In the “Summary” page, review the details and click Add and Generate Keys.
       

    11. Copy both the Client Id and Client Secret by clicking the respective copy icon and store somewhere safe as it will be required later. Click Close after copying.
       

      Note:

      The Client Secret cannot be retrieved after this, so make sure you have copied this to a secure place.

    DataBee Configuration

    1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
       

    2. Search for the Mimecast Email Security and click it as shown below.
       

    3. Click on the API Ingest option for collection method.
       

    4. Enter feed contact information and click Next.
       

    5. In the configuration page, confirm the following:

      • Authorization Method: OAuth2

      • API Base URL: this is the base URL that DataBee will interact with.

      • Authorization Method: OAuth2

      • Client Key: paste the Client Id which was copied earlier.

      • Client Secret: paste the Client Secret which was copied earlier.

      • Token URL: this is the token URL that DataBee will interact with.

      • Event Types: preselected for all the event types that integration pulls.

       

    6. Click Submit.

    Troubleshooting Tips

    • Ensure the client key and secret is pasted correctly. Since you cannot view the secrets after the 1st time, re-create the secrets, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

    • Ensure the Mimecast scopes/permissions are correct.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence