- Cloud Collectors Overview
- Administration
- Administrative Access
- Shareable Service Accounts
- Add Accounts for AWS Cloud Collectors
- Add Accounts for Cisco Duo Cloud Collector
- Add Accounts for Google Cloud Collectors
- Add Accounts for Microsoft Cloud Collectors
- Add Accounts for Okta Cloud Collectors
- Add Accounts for Salesforce Cloud Collectors
- Add Accounts for Splunk Cloud Collectors
- Add Accounts for Trend Micro Cloud Collectors
- Add Accounts for Wiz
- Define a Unique Site Name
- Sign Up for the Early Access Program
- Onboard Cloud Collectors
- Abnormal Security Cloud Collector
- AWS CloudTrail Cloud Collectors
- AWS CloudWatch Cloud Collector
- AWS S3 Cloud Collector
- AWS SQS Cloud Collector
- Azure Activity Logs Cloud Collector
- Azure Log Analytics Cloud Collector
- Azure Event Hub Cloud Collector
- Azure Storage Analytics Cloud Collector
- Box Cloud Collector
- Cato Networks Cloud Collector
- Cisco Duo Cloud Collector
- Cisco Meraki Cloud Collector
- Cisco Umbrella Cloud Collector
- Cribl Cloud Collector
- CrowdStrike Cloud Collectors
- GCP Pub/Sub Cloud Collector
- Microsoft Defender XDR (via Azure Event Hub) Cloud Collector
- Microsoft Entra ID Context Cloud Collector
- Microsoft Entra ID Logs Cloud Collector
- Microsoft 365 Exchange Admin Reports Cloud Collector
- Supported Sources from Microsoft 365 Exchange Admin Reports
- Migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector
- Prerequisites to Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Troubleshooting the Microsoft 365 Exchange Admin Reports Cloud Collector
- Microsoft 365 Management Activity Cloud Collector
- Microsoft Security Alerts Cloud Collector
- Microsoft Sentinel (via Event Hub) Cloud Collector
- Mimecast Cloud Collector
- Netskope Alerts Cloud Collector
- Netskope Events Cloud Collector
- Okta Cloud Collector
- Okta Context Cloud Collector
- Palo Alto Networks Cortex Data Lake Cloud Collector
- Proofpoint On-Demand Cloud Collector
- Proofpoint Targeted Attack Protection Cloud Collector
- Recorded Future Cloud Collector
- Rest API Cloud Collector
- Salesforce Cloud Collector
- SentinelOne Alerts Cloud Collector
- SentinelOne Cloud Funnel Cloud Collector
- SentinelOne Threats Cloud Collector
- SentinelOne Cloud Collector
- ServiceNow Cloud Collector
- Sophos Central Cloud Collector
- Splunk Cloud Collector
- Symantec Endpoint Security Cloud Collector
- Trend Vision One Cloud Collector
- Zscaler ZIA Cloud Collector
- Webhook Cloud Collectors
- Wiz Issues Cloud Collector
- Wiz API Cloud Collector
- Troubleshooting Cloud Collectors
Prerequisites to Configure the Mimecast Cloud Collector
Before you configure the Mimecast Email Security connector you must complete the following prerequisites:
For more information about each endpoint see the Mimecast Documentation.
Obtain Mimecast Email Security account information, including region, application ID, application key, access key, and secret key by creating a Mimecast API application
Ensure that you have the Mimecast administrator role
Use user persona enrichment to ensure that Mimecast syncs groups and users that are used for enrichment of the events. To use user persona enrichment, you must have the Mimecast administrator role with Directories, Internal, and Read permission.
Ensure that you have the following permissions for the required endpoints
Endpoint Name
Required Permissions
Archive Search Logs
Archive, Search Logs, Read
Archive Message View Logs
Archive, View Logs, Read
TTP URL Logs
Monitoring, URL Protection, Read
TTP Impersonation Protect Logs
Monitoring, Impersonation Protection, Read
Attachment Protection Logs
Monitoring, Attachment Protection, Read
Audit Events
Account, Logs, Read
Create a Mimecast API App to Obtain Application Keys
To obtain Mimecast Email Security account information, including region, application ID, application key, access key, and secret key:
Log in to the Mimecast administrator console.
Navigate to Administration > Services > API Applications.
Click Add API Application.
Follow the steps to obtain application ID and application key in the Adding an API Application section.
Follow the steps in the Creating User Association Keys section to generate access key and secret key.
Note
Ensure that as the Mimecast administrator, you have the required Accounts, Dashboard, and Read permissions to use the endpoint and generate association keys.
Copy the values for the application ID, application key, access key, and secret key. Use these values, represented by a string of letters and numbers, to configure the Mimecast Email Security cloud connector.