- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
Mimecast Email Security Cloud Connector
Mimecast Email Security is a cloud-based email security service that protects organizations’ mailboxes from email viruses, spam, phishing, malware, targeted email attacks, and ransomware. Additionally, Mimecast Email Security offers data leak prevention, targeted threat protection, data loss prevention, spam filtering, email continuity and archiving, and enforced email security controls. For more information see the Mimecast Email Security Documentation.
Prerequisites to Configure the Mimecast Email Security Connector
Before you configure the Mimecast Email Security connector you must complete the following prerequisites:
Obtain Mimecast Email Security account information, including region, application ID, application key, access key, and secret key by creating a Mimecast API application
Ensure that you have the Mimecast administrator role
Enable the SIEM Logs Mail Transfer Agent (MTA) endpoint
Use user persona enrichment to ensure that Mimecast syncs groups and users that are used for enrichment of the events. To use user persona enrichment, you must have the Mimecast administrator role with Directories, Internal, and Read permission.
Ensure that you have the following permissions for the required endpoints
Endpoint Name
Required Permissions
Archive Search Logs
Archive, Search Logs, Read
Archive Message View Logs
Archive, View Logs, Read
TTP URL Logs
Monitoring, URL Protection, Read
TTP Impersonation Protect Logs
Monitoring, Impersonation Protection, Read
Attachment Protection Logs
Monitoring, Attachment Protection, Read
Audit Events
Account, Logs, Read
For more information about each endpoint see the Mimecast Documentation.
Create a Mimecast API App to Obtain Application Keys
To obtain Mimecast Email Security account information, including region, application ID, application key, access key, and secret key:
Log in to the Mimecast administrator console.
Navigate to Administration > Services > API Applications.
Click Add API Application.
Follow the steps to obtain application ID and application key in the Adding an API Application section.
Follow the steps in the Creating User Association Keys section to generate access key and secret key.
Note
Ensure that as the Mimecast administrator, you have the required Accounts, Dashboard, and Read permissions to use the endpoint and generate association keys.
Copy the values for the application ID, application key, access key, and secret key. Use these values, represented by a string of letters and numbers, to configure the Mimecast Email Security cloud connector.
Enable the SIEM Logs (MTA) Endpoint
To enable the SIEM Logs (MTA) endpoint:
Ensure that you have the Mimecast administrator role with Gateway, Tracking, and Read permission.
Log in to the Mimecast administrator console.
Navigate to Administrator > Account > Account Settings > Enhanced Logging.
Select the log types that you want to use for the endpoint.
Click Save.
Configure the Mimecast Email Security Connector
Mimecast Email Security is a cloud-based email security service that protects organizations’ mailboxes from email viruses, spam, phishing, malware, targeted email attacks, and ransomware. Additionally, Mimecast Email Security offers data leak prevention, targeted threat protection, data loss prevention, spam filtering, email continuity and archiving, and enforced email security controls. For more information see the Mimecast Email Security Documentation.
The following table displays audit source API and security events supported by the connector.
Audit Source: API | Service of Module Covered | Event Included |
|---|---|---|
Email data feed | Data for all clean email messages that are delivered and the messages that are suspected to be malicious and information flagged by the impersonation protection configuration. |
To configure the Mimecast Email Security connector to import data into the Exabeam Cloud Connector platform:
complete the Prerequisites to Configure the Mimecast Email Security Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Mimecast Email Security from the list.
In the Accounts section, enter the required information. Required fields are indicated with a red bar.
Tenant – Select a tenant to attach to the connector if you are using a multi-tenant edition of Exabeam. Otherwise, select default.
Account Name – Specify a name for the Mimecast Email Security connector. For example, Corporate_Email_Security.
(Optional) Description – Describe the Mimecast Email Security connector. For example, Email security to protect mailboxes and prevent data loss.
Region – Select a region. For example: EU, DE, Offshore, AU, ZA, US, CA, and Sandbox.
Application-Id – Enter the application ID, that you obtained while completing prerequisites.
Application-Key – Enter the value for the application key, that you obtained while completing prerequisites.
Access-Key – Enter the value for the access key, that you obtained while completing prerequisites.
Secret-Key – Enter the value for the secret key, that you obtained while completing prerequisites.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.