SOCFortress Integrations — Mimecast Email Security (Cloud)

3 min readSep 13, 2023

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of Mimecast Email Security security events using a single pane of glass.

About Mimecast Email Security (Cloud)

Mimecast is a company that specializes in providing email security and management solutions to organizations. Their platform offers a wide range of services aimed at helping businesses protect their email communications from various threats, ensure email continuity, and simplify email management.

Product features:

Email Security: Advanced email security features to protect organizations from various email-borne threats, including phishing attacks, malware, ransomware, and spam. They use a combination of threat intelligence, machine learning, and other security technologies to detect and block malicious email content.
Phishing Protection: Features that help identify and block phishing attempts. They use URL and attachment scanning, threat intelligence, and user awareness training to combat phishing attacks.
Data Loss Prevention (DLP): Capabilities to help organizations prevent sensitive data from leaving their network via email. This includes features such as content inspection, policy enforcement, and encryption.
Archiving and Compliance: Email archiving and compliance solutions to help organizations store, manage, and retrieve email communications for regulatory compliance and e-discovery purposes.
Email Continuity: Send and receive emails even during email server outages or disruptions. This helps maintain business continuity and ensures that critical emails are not lost.
Threat Intelligence: Threat intelligence from various sources to enhance its email security services. This includes real-time threat updates and insights into emerging threats.
User Awareness Training: Educate users about email security best practices. This helps reduce the risk of human error leading to security incidents.
Secure Email Gateway: Core component of their email security offering, responsible for filtering and protecting inbound and outbound email traffic.
Integration: Mimecast integrates with various email platforms and services, making it compatible with a wide range of email systems commonly used by businesses.
Cloud-Based Solution: Mimecast’s services are typically cloud-based, which means organizations don’t need to invest in on-premises hardware or software. This cloud-based approach also ensures scalability and ease of management.

Ingesting Mimecast Email Security Events

Reference: https://integrations.mimecast.com/documentation/tutorials/downloading-siem-logs/

This sample script requires the Access Key and Secret Key from a Mimecast Authentication token for a Mimecast administrator with the Gateway | Tracking | Read permission.

By default an Authentication Token expires after 3 days, this means that your script would stop downloading data after 3 days without manual intervention.

Consequently, for the best experience you must create a new user and Authentication Profile defining a longer lived Authentication Token.

Using the script

Copy the script provided in the link above to a text editor and save the file with a .py file extension.
Variables section.

Mimecast administrator’s email address.
Application ID and Application Key.
Fully qualified path to the folders to be used to write the log files and page tokens.
Log compression is used by default, and will output .siem log files.
Output the data to a syslog server (complete the syslog output, server and port variables).

Save the file.

Visualizations

Mail stats, per email direction:

Mail stats, spam processing:

Mail activity, GeoIP:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/