circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Mimecast

hashtag
Overview

Mimecast ingests and normalizes logs from Mimecast's email security platform in Logpoint. Once ingested, you can explore and analyze the data using Logpoint's search capabilities and available analytics for this integration, including dashboards and alerts. This gives you clear visibility into email threats, malicious domains, malware detection, phishing attempts, spam filtering, and email traffic patterns, enabling faster detection, compliance, and response.

The integration includes:

  • MimecastLogFetcher to retrieve raw logs from Mimecast API and ingest them into Logpoint for processing.

  • MimecastCompiledNormalizer to convert the fetched logs into a standardized format for consistent analysis across Logpoint.

  • Dashboard packages (LP_Mimecast, LP_Mimecast Threat Protection), which provide a graphical and interactive overview of Mimecast activities, highlighting patterns including malicious domains, malware attachments, targeted threat dictionary detections, newly observed domains, email traffic flows, and rejection reasons. It allows you to quickly spot unusual behavior, monitor compliance, and track operational changes over time.

  • Alert package (LP_Mimecast Phishing Email Attachments Detection) that notifies you about critical security events, including phishing email attachments with malicious content. They enable faster incident response and help you maintain compliance with internal or regulatory security requirements.

Mimecast collects the following email events:

  1. Inbound - Emails from external senders to internal recipients

  2. Outbound - Emails from internal senders to external recipients

  3. Internal - Emails between internal domains

hashtag
Supported Events

  • Mimecast versions:

    • Mimecast v3.x

    • Mimecast API v1.0

  • Mimecast log types:

    • Threat Protection Events: Malicious domain detection, malware scanning, phishing detection, spear-phishing attempts, data leak prevention

    • Email Traffic Events: Inbound messages, outbound messages, internal messages, message acceptance, message rejection, message holds

    • Impersonation Detection: Internal user name spoofing, reply address mismatches, similar internal domain detection

    • Domain Intelligence: Newly observed domains, targeted threat dictionary matches, suspicious domain patterns

    • Attachment Security: Malicious file extensions, weaponized attachments, virus signatures

    • Delivery Events: Failed delivery reasons, email routing, destination tracking, source country analysis

Last updated

Was this helpful?