SOCFortress Integrations — Mimecast Email Security (Cloud)

SOCFortress
3 min readSep 13, 2023

--

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of Mimecast Email Security security events using a single pane of glass.

About Mimecast Email Security (Cloud)

Mimecast is a company that specializes in providing email security and management solutions to organizations. Their platform offers a wide range of services aimed at helping businesses protect their email communications from various threats, ensure email continuity, and simplify email management.

Product features:

  • Email Security: Advanced email security features to protect organizations from various email-borne threats, including phishing attacks, malware, ransomware, and spam. They use a combination of threat intelligence, machine learning, and other security technologies to detect and block malicious email content.
  • Phishing Protection: Features that help identify and block phishing attempts. They use URL and attachment scanning, threat intelligence, and user awareness training to combat phishing attacks.
  • Data Loss Prevention (DLP): Capabilities to help organizations prevent sensitive data from leaving their network via email. This includes features such as content inspection, policy enforcement, and encryption.
  • Archiving and Compliance: Email archiving and compliance solutions to help organizations store, manage, and retrieve email communications for regulatory compliance and e-discovery purposes.
  • Email Continuity: Send and receive emails even during email server outages or disruptions. This helps maintain business continuity and ensures that critical emails are not lost.
  • Threat Intelligence: Threat intelligence from various sources to enhance its email security services. This includes real-time threat updates and insights into emerging threats.
  • User Awareness Training: Educate users about email security best practices. This helps reduce the risk of human error leading to security incidents.
  • Secure Email Gateway: Core component of their email security offering, responsible for filtering and protecting inbound and outbound email traffic.
  • Integration: Mimecast integrates with various email platforms and services, making it compatible with a wide range of email systems commonly used by businesses.
  • Cloud-Based Solution: Mimecast’s services are typically cloud-based, which means organizations don’t need to invest in on-premises hardware or software. This cloud-based approach also ensures scalability and ease of management.

Ingesting Mimecast Email Security Events

Reference: https://integrations.mimecast.com/documentation/tutorials/downloading-siem-logs/

This sample script requires the Access Key and Secret Key from a Mimecast Authentication token for a Mimecast administrator with the Gateway | Tracking | Read permission.

By default an Authentication Token expires after 3 days, this means that your script would stop downloading data after 3 days without manual intervention.

Consequently, for the best experience you must create a new user and Authentication Profile defining a longer lived Authentication Token.

Using the script

Copy the script provided in the link above to a text editor and save the file with a .py file extension.
Variables section.

  • Mimecast administrator’s email address.
  • Application ID and Application Key.
  • Fully qualified path to the folders to be used to write the log files and page tokens.
  • Log compression is used by default, and will output .siem log files.
  • Output the data to a syslog server (complete the syslog output, server and port variables).

Save the file.

Visualizations

Mail stats, per email direction:

Mail stats, spam processing:

Mail activity, GeoIP:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

--

--

SOCFortress
SOCFortress

Written by SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).