Mimecast

Overview

Configuring a cloud source in Scope is a two-step process.

  • Generating Mimecast API credentials in the Mimecast Administration Console. Please refer to Section 1 – Mimecast Setup

  • Setting up the Mimecast cloud source in the Scope application. Please refer to Section 2 – Scope Setup

Mimecast Setup

To get started, you’ll need to generate the following credentials in the Mimecast Administration Console –

  1. Client ID
  2. Client Secret
  3. Base URL

Step 1: Create an API 2.0 Application in Mimecast

  • Log in to the Mimecast Administration Console.

  • Navigate to Integrations -> API and Platform Integrations.

  • Locate the Mimecast API 2.0 tile and click Generate Keys.

  • After reading the Terms & Conditions, complete the I accept check box to enable the Next button.

  • Complete the Application Details section:

    • Provide the application name

    • In the Category field, select the required category, for example SIEM Integration

    • In the Products field, select the minimum set of products the application needs to access

    • In the Application Role field, select Basic Administrator

      Note: Mimecast recommend creating a dedicated custom role with only the permissions required for the application to function. Please refer to this [link] for more information on creating a custom role.

    • In the Description field, provide a description for the created application.

  • Provide details for a Technical Point of Contact.

  • Review the summary information for the API application and click Add application.

  • When the wizard completes, copy and save the Client ID and Client Secret from the pop-up window.

    Note: Please make sure to save the API credentials in a secure location, as the credentials won’t be displayed after the pop-up window is closed.

The Client ID and Client Secret are to be configured in Scope Setup: Step 1 for initiating the Mimecast log ingestion.

Scope Setup

Step 1: Mimecast Cloud Source Registration in the Scope Application

Once the credentials are generated, they must be configured in the Scope application to establish the connection and enable data ingestion from the Mimecast environment.

In the Scope application, to register a Mimecast cloud source, navigate to the cloud source registration page –

  • Log into the Scope application

  • Select the required organization

  • Navigate to the Side menu -> Administration

  • Navigate to the Cloud sources tab

  • Click on the +Add Source button

  • In the Add Source pop-up, provide the parameters below.

    • Site: The user defined name for the Mimecast cloud source.

    • Version: Select Version 2 for registering a Mimecast API 2.0 application. By default, Version 2 is selected.

    • Client ID: The Client ID generated in Step 1.

    • Client Secret: The Client Secret generated in Step 1.

    • Polling Interval: The polling interval for making periodic API calls to the Mimecast API. The user can select the time interval from the dropdown.

    • Contact Email: The email address of the person who registers the Mimecast cloud source in Scope.

Once the required connection parameters are entered, the Mimecast cloud source registration is complete in Scope and is ready for ingestion of Mimecast logs.