Overview
Mimecast safeguards an organization and its employees against sophisticated email-borne attacks. It helps defend against attackers trying to steal data or credentials, plant ransomware, trick employees into transferring money, and springboard to attack supply chains. These kinds of threats require advanced security measures beyond what is provided by traditional email security systems.
With Blumira, customers can reduce the noise and focus on the highest priority alerts from Mimecast while they tune and manage it for their organization.
Before you begin
First, ensure that logging is enabled for your organization in Mimecast. Logging begins as soon as the settings are enabled; however, collecting the files may take up to 30 minutes after saving the new settings.
Note: The Mimecast integration allows Blumira to receive logs up to 30 minutes into the past from the time of configuration and onward.
To enable Mimecast logging, do the following:
- In the Mimecast Administrator Console, navigate to Administration > Account > Account Settings.
- Expand the Enhanced Logging section.
- Select the check box next to all log types:
- Inbound: Logs for messages from external senders to internal recipients.
- Outbound: Logs for messages from internal senders to external recipients.
- Internal: Logs for messages between internal domains.
- Click Save.
Gathering your Mimecast credentials
Gather the necessary credentials for the Blumira Cloud Connector by completing the procedure below.
- Create a custom role for the API 2.0 application by completing these steps:
- In the Mimecast Administration Console, navigate to Account > Roles.
- Click New Role.
- Under Properties, type a role name and description to help you identify this service account user as intended for use with your Blumira integration.
- Under Security Permissions, select Cannot Manage Roles.
- Under Application Permissions, within each subsection, deselect the check boxes next to "Edit" and "Protected areas" options, leaving only "Read" permissions for the role.
- Click Save and Exit.
- Add a new Mimecast API 2.0 Application in Mimecast and gather the Client ID and Client Secret by doing the following:
- Navigate to Integrations > API and Platform Integrations.
- On the Mimecast API 2.0 tile, click Generate Keys.
Note: Do not click the "Blumira" tile to generate keys. The tile has not been updated to use the latest API version. - In Disclaimer, click the check box next to I accept, and then click Next.
- In Details, enter the following information:
- Type an application name that represents the Blumira log integration.
- In Category, select SIEM Integration.
- In Products, click Select all and then click Apply.
- In Application Role, select the role you created for the Blumira integration above.
- Provide a description for the SIEM logging integration with Blumira.
- Click Next.
- In Notifications, provide the name and email address of the person Mimecast can reach as a technical contact regarding the application.
- Click Next.
- Click Add and Generate Keys.
- Copy and save the Client ID and Client Secret for use in the Blumira Cloud Connector.
Providing your Mimecast credentials to Blumira
To configure the Blumira Cloud Connector and begin logging, do the following:
- In Blumira, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, select the connector you want to add.
- In Cloud Connector Name, type a name that will help you identify the integration.
- In the remaining fields, enter the credentials you gathered in the previous steps.
- Click Connect.
Endpoints included in the integration
The integration with Mimecast delivers the secure email gateway functionality, which includes these endpoints:
- Audit Logs
- Message Release Logs
- Rejection Logs
- Get Attachment Protection Logs
- Get Impersonation Protection Logs
- Get URL Logs