Skip to main content

CollectorsCloud Collectors Administration Guide

Prerequisites to Configure the Mimecast Cloud Collector

Before you configure the Mimecast Email Security cloud collector you must complete the following prerequisites:

  • Obtain the client ID and client secret by creating a Mimecast API application.

  • Ensure that you have the Mimecast administrator role.

  • Use user persona enrichment to ensure that Mimecast syncs groups and users that are used for enrichment of the events. To use user persona enrichment, you must have the Mimecast administrator role with Directories, Internal, and Read permission.

  • Ensure that you have the following permissions for the required endpoints. For more information about each endpoint see the Mimecast Documentation.

    Endpoint Name

    Required Permissions

    Archive Search Logs

    Archive, Search Logs, Read

    Archive Message View Logs

    Archive, View Logs, Read

    TTP URL Logs

    Monitoring, URL Protection, Read

    TTP Impersonation Protect Logs

    Monitoring, Impersonation Protection, Read

    Attachment Protection Logs

    Monitoring, Attachment Protection, Read

    Audit Events

    Account, Logs, Read

Create a Mimecast API Application to Obtain Client ID and Secret Keys

To create a Mimecast Email Security API application and obtain the client ID and client secret keys:

  1. Log in to the Mimecast administrator console.

  2. Navigate to Integrations > API and Platform Integrations.

  3. Navigate to Mimecast API 2.0 tile and click Generate Keys.

    Mimecast_portal_1_2.jpg
  4. Read and accept the terms and conditions, and proceed to complete the Application Details section.

    Mimecast_portal_1.jpg
    • Application Name – Specify a name for the Mimecast API application.

    • Category – Select SIEM Integration.

    • Products – Select the required products listed below.

      • Audit Events

      • Threats, Security Events and Data for CG

      • Security Events

      Ensure that you search for and select at least these three products. The following screenshot displays an example of entering the key words and searching for the required product in the given search box. You may add more products based on your requirement after you add the three required products.

      Mimecast_portal_permissions2.jpg
    • Application Role – Select Basic Administrator.

    • Description – Enter a description for the Mimecast API application.

  5. In the Notifications section, specify a name and email of the technical point of contact.

  6. Review the summary information for the API application that you are creating and click Add and Generate Keys. For more information see, Creating an API 2.0 Application.

  7. Copy and record the Client ID and Client Secret that a window displays, for later use.

    Mimecast_portal_4.jpg
  8. If you have already created an API application, and want to edit the API application, navigate to Integrations > API and Platform Integrations and click Your API 2.0 Applications. You can locate your API application and click Manage API 2.0 Credentials to generate new keys.

    Mimecast_portal_3_edit.jpg
  9. Follow the steps to obtain client ID and client secret in the Regenerating Keys section.

    Ensure that you generate new keys every time when you edit the Mimecast API application details or add more products.

  10. Copy and record the values for the client ID and client secret to use them while configuring the Mimecast Email Security cloud collector.