Mimecast Email Security
  • 26 Mar 2025
  • 2 Minutes to read
  • Dark
    Light

Mimecast Email Security

  • Dark
    Light

Article summary

Mimecast provides your organization with security, continuity, and archiving cloud services in a mail management system designed to protect email, ensure access, and simplify the tasks of managing email. For detailed information, please refer to the Mimecast official documentation

Integration Method: API

Tables: Detection Finding (2004), Email Activity (4009)

This integration supports the following events.

Event

Description

SIEM Logs

Retrieves all the Mail Transfer Agent (MTA) logs

DLP Logs

Retrieves all the messages that triggered a DLP or Content Examination policy

Threats

Retrieves all the rejected, blocked and held events with detailed information

This integration supports the following versions.

Mimecast API version

v2.0

Note:

Mimecast doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service. As for this document preparation, the latest release was on February 17, 2025. For more information, refer here.

Prerequisites

  • The user should have access to the Mimecast portal with an account that has the Administrator privileges. 

  • The user should have access to the DataBee console.

Configuration Overview

  1. Generate the API token with the required scopes.

  2. Add the Mimecast Email Security data feed in the DataBee console with the below parameters.

    DataBee Parameter

    Mimecast Parameter

    Client Key

    Client Id

    Client Secret

    Client Secret

Mimecast Configuration

  1. Login to the Mimecast portal and click on Administration Console.
     

  2. In the “Administration Console” page, click on Services and then click on API and Platform Integrations.
     

  3. In the “API and Platform Integrations” page, under Available Integrations, click on Generate Keys below the Mimecast API 2.0.
     

  4. Acknowledge the legal terms and click Next.
     

  5. In the “Details” page, fill in the details for ‘Application Name’ and in the ‘Category’ drop down, click on Other.
     

  6. In the ‘Products’ drop down, select Threats, Security Events and Data for Cloud Gateway, Threat Management, Security Events, Email Security Cloud Gateway and click APPLY.
     

  7. In the ‘Application Role’ drop down, select Basic Administrator.
     

  8. Verify the following information is correctly populated and then click on Next.

    • Application Name: enter an appropriate name for the integration.

    • Category: select Other.

    • Products: select the following list of products from the drop down for seamless data ingestion.

      • Threats, Security Events and Data for CG

      • Threat Management

      • Security Events

      • Email Security Cloud Gateway

    • Description: enter an appropriate description of the integration.

     

  9. In the “Notifications” page, write the required details and click Next.

    • Technical Point of Contact: name of the POC.

    • Email: email address of the POC.

     

  10. In the “Summary” page, review the details and click Add and Generate Keys.
     

  11. Copy both the Client Id and Client Secret by clicking the respective copy icon and store somewhere safe as it will be required later. Click Close after copying.
     

    Note:

    The Client Secret cannot be retrieved after this, so make sure you have copied this to a secure place.

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the Mimecast Email Security and click it as shown below.
     

  3. Click on the API Ingest option for collection method.
     

  4. Enter feed contact information and click Next.
     

  5. In the configuration page, confirm the following:

    • Authorization Method: OAuth2

    • API Base URL: this is the base URL that DataBee will interact with.

    • Authorization Method: OAuth2

    • Client Key: paste the Client Id which was copied earlier.

    • Client Secret: paste the Client Secret which was copied earlier.

    • Token URL: this is the token URL that DataBee will interact with.

    • Event Types: preselected for all the event types that integration pulls.

     

  6. Click Submit.

Troubleshooting Tips

  • Ensure the client key and secret is pasted correctly. Since you cannot view the secrets after the 1st time, re-create the secrets, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

  • Ensure the Mimecast scopes/permissions are correct.


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence