- 26 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Mimecast Email Security
- Updated on 26 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Mimecast provides your organization with security, continuity, and archiving cloud services in a mail management system designed to protect email, ensure access, and simplify the tasks of managing email. For detailed information, please refer to the Mimecast official documentation.
Integration Method: API
Tables: Detection Finding (2004), Email Activity (4009)
This integration supports the following events.
Event | Description |
---|---|
SIEM Logs | Retrieves all the Mail Transfer Agent (MTA) logs |
DLP Logs | Retrieves all the messages that triggered a DLP or Content Examination policy |
Threats | Retrieves all the rejected, blocked and held events with detailed information |
This integration supports the following versions.
Mimecast API version | v2.0 |
Note:
Mimecast doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service. As for this document preparation, the latest release was on February 17, 2025. For more information, refer here.
Prerequisites
The user should have access to the Mimecast portal with an account that has the Administrator privileges.
The user should have access to the DataBee console.
Configuration Overview
Generate the API token with the required scopes.
Add the Mimecast Email Security data feed in the DataBee console with the below parameters.
DataBee Parameter
Mimecast Parameter
Client Key
Client Secret
Mimecast Configuration
Login to the Mimecast portal and click on Administration Console.
In the “Administration Console” page, click on Services and then click on API and Platform Integrations.
In the “API and Platform Integrations” page, under Available Integrations, click on Generate Keys below the Mimecast API 2.0.
Acknowledge the legal terms and click Next.
In the “Details” page, fill in the details for ‘Application Name’ and in the ‘Category’ drop down, click on Other.
In the ‘Products’ drop down, select Threats, Security Events and Data for Cloud Gateway, Threat Management, Security Events, Email Security Cloud Gateway and click APPLY.
In the ‘Application Role’ drop down, select Basic Administrator.
Verify the following information is correctly populated and then click on Next.
Application Name: enter an appropriate name for the integration.
Category: select Other.
Products: select the following list of products from the drop down for seamless data ingestion.
Threats, Security Events and Data for CG
Threat Management
Security Events
Email Security Cloud Gateway
Description: enter an appropriate description of the integration.
In the “Notifications” page, write the required details and click Next.
Technical Point of Contact: name of the POC.
Email: email address of the POC.
In the “Summary” page, review the details and click Add and Generate Keys.
Copy both the Client Id and Client Secret by clicking the respective copy icon and store somewhere safe as it will be required later. Click Close after copying.
Note:
The Client Secret cannot be retrieved after this, so make sure you have copied this to a secure place.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the Mimecast Email Security and click it as shown below.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
Authorization Method: OAuth2
API Base URL: this is the base URL that DataBee will interact with.
Authorization Method: OAuth2
Client Key: paste the Client Id which was copied earlier.
Client Secret: paste the Client Secret which was copied earlier.
Token URL: this is the token URL that DataBee will interact with.
Event Types: preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
Ensure the client key and secret is pasted correctly. Since you cannot view the secrets after the 1st time, re-create the secrets, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.
Ensure the Mimecast scopes/permissions are correct.