Troubleshooting Mimecast
Installation Issues
Issue: Integration fails to install
Solution: Verify Logpoint version compatibility (v6.9.0 or later required)
Solution: Check available disk space and system resources
Solution: Ensure proper administrative privileges
Issue: Integration not visible after installation
Solution: Refresh the browser and check under Settings >> System Settings >> Plugins
Solution: Restart Logpoint if necessary
Configuration Issues
Issue: Cannot obtain Mimecast Application ID and Key
Solution: Verify you have administrative access to Mimecast console
Solution: Ensure you select "SIEM Integration" as the category when registering the application
Solution: Enable "Extended Session in Service Application" during registration
Solution: Save the Application ID and Key immediately when displayed - they cannot be retrieved later
Issue: Access Key and Secret Key generation fails
Solution: Verify the service user account exists and has proper permissions
Solution: Ensure the service user is added to the Administrator Role
Solution: Check that the authentication profile is set to "Never Expires"
Solution: Verify the service user's password is correct
Issue: Base URL configuration errors
Solution: Verify you're using the correct regional Base URL for your Mimecast account
Solution: Refer to Mimecast Base URL Host Names documentation
Solution: Common regions include: us-api.mimecast.com (US), eu-api.mimecast.com (Europe), etc.
Issue: Processing policy not found
Solution: Ensure normalization policy is created before configuring the fetcher
Solution: Verify MimecastCompiledNormalizer is selected in the normalization policy
Solution: Create a processing policy that references the normalization policy
Data Ingestion Issues
Issue: No logs being ingested
Solution: Verify Enhanced Logging is enabled in Mimecast for all required categories (Inbound, Outbound, Internal)
Solution: Wait at least 30 minutes after enabling Enhanced Logging for data to become available
Solution: Check if MimecastLogFetcher is active in Devices configuration
Solution: Verify API credentials (Application ID, Application Key, Access Key, Secret Key) are correct
Issue: Incomplete log ingestion (missing some email categories)
Solution: Verify all three Enhanced Logging options are enabled in Mimecast:
Inbound emails
Outbound emails
Internal emails
Solution: Check that the service user has proper permissions to access all log types
Issue: Fetcher authentication errors
Solution: Verify Access Key and Secret Key are correctly entered (no extra spaces or characters)
Solution: Ensure the authentication profile is configured with "Never Expires" TTL
Solution: Check that the service user account is active and not locked
Solution: Verify the service user is granted the Administrator Role
Solution: Regenerate Access Key and Secret Key if authentication continues to fail
Issue: API rate limiting errors
Solution: Adjust fetch interval to reduce API request frequency
Solution: Check Mimecast API rate limits for your subscription tier
Solution: Monitor fetcher logs for rate limit messages
Dashboard and Analytics Issues
Issue: Dashboard widgets not displaying data
Solution: Verify repository selection matches where Mimecast logs are stored
Solution: Check time range settings on dashboard
Solution: Confirm normalization is working correctly using search query:
col_type = mimecastSolution: Ensure Enhanced Logging has been enabled for at least 30 minutes
Issue: Threat Protection dashboard showing no threats
Solution: Verify email traffic is flowing through Mimecast
Solution: Check if Mimecast threat detection features are enabled
Solution: Ensure threat-related fields are being parsed correctly
Solution: Confirm malicious content is actually being detected by Mimecast
Issue: Missing email direction data
Solution: Verify all three Enhanced Logging categories are enabled
Solution: Check that the Dir field is being normalized correctly
Solution: Ensure email traffic exists for all directions (Inbound, Outbound, Internal)
Issue: Alert not triggering
Solution: Review alert query:
norm_id=Mimecast label=Detect label=Malicious label=FileSolution: Check alert policy configuration and notification settings
Solution: Verify logs contain the expected labels
Solution: Test the query manually in search to confirm matching events exist
Performance Issues
Issue: Slow query performance
Solution: Optimize queries by adding time range constraints
Solution: Use indexed fields in search queries where possible
Solution: Consider data retention policies to manage repository size
Issue: High resource usage during fetching
Solution: Adjust fetch interval to balance timeliness with resource usage
Solution: Monitor email volume and adjust repository sizing accordingly
Solution: Consider filtering log categories if all three aren't needed
Issue: Delayed log ingestion
Solution: Remember Mimecast has a 30-minute delay after enabling Enhanced Logging
Solution: Check network connectivity between Logpoint and Mimecast API endpoints
Solution: Verify fetch interval is appropriate for your log volume
Solution: Monitor fetcher status for errors or warnings
Email Analysis Issues
Issue: Cannot identify malicious domains
Solution: Verify Mimecast threat detection is properly configured
Solution: Check that domain fields are being extracted correctly
Solution: Ensure malicious domain detection features are enabled in Mimecast
Issue: Missing attachment analysis data
Solution: Verify Mimecast is configured to scan email attachments
Solution: Check that attachment-related fields are being normalized
Solution: Ensure file extension and malware detection fields are populated
Issue: Incomplete impersonation detection
Solution: Verify Mimecast impersonation protection is enabled
Solution: Check configuration for internal user display name detection
Solution: Ensure reply address mismatch detection is active
Solution: Verify similar internal domain detection is configured
Last updated
Was this helpful?