Developed by Mimecast
The Mimecast for Splunk Enterprise app helps you identify threats more quickly and respond faster. It does this by providing an easy way to add Mimecast gateway and audit events into your Splunk Enterprise environment. It includes a number of predefined dashboards to give you valuable, actionable insights into your organization's email security.
Current version: 3.1.1
- Support for new SIEM log format
- Support for TTP Impersonation Protect logs
- Support for TTP Attachment Protect logs
- Support for adding multiple Mimecast tenants, by making Application key and Application ID per input
- Support for better filtering of data by Mimecast tenant has been added. A new field called 'splunkAccountCode' will be added to all logs prior to being ingested into Splunk.
Previous version: 3.0.1
- Supporting of multiple input sources (siem, email, directory, journal, audit and TTP URL)
- Changing source and expanding TTP URL data
- Setting up and adjusting the existing dashboards to align to the new architecture
- Optimizing and enhancing performance of query generation and log download
- Upgrading the app to comply to Common Information Model (CIM) v4.10
- Mapping the data model to CIM properties
Previous version: 2.0.1
- Added support and dashboards for new Targeted Threat Protection URL Protect and Attachment Protect data types.
- Refreshed version 1 dashboards to be more efficient and moved these to the Sample Dashboards menu.
- Added support for proxy settings in the modular input script.
- Added support for Advanced Account Administration customers to access log data from all their accounts using a single installation of the app.
- Changed logging strategy of the modular input script from logging to file to logging to the splunkd log
- Added a new Troubleshooting dashboard to get easy access and display logs.
- Simplified app configuration and programatic extraction of the access key and secret key values required to authorize API requests.
- Added support for rate limiting applied by the Mimecast API.
- Removed requirement on version 1 of the Mimecast API.
- Improved error handling.
Previous version: 1.0.4
- Adds support for secure storage for Mimecast Access and Secret Keys
- Addresses an issue where check point files were not being closed properly
Rapid7 Insight is your home for SecOps, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency.
The Mimecast integration with IBM QRadar offers joint customers improved visibility into potential vulnerabilities, ongoing attacks, prioritized incident response alerts and an overall increased security posture through one single console.
The Mimecast for Splunk Enterprise app helps you identify threats more quickly and respond faster. It does this by providing an easy way to add Mimecast gateway and audit events into your Splunk Enterprise environment.
by Mimecast and LogRhythm
LogRhythm and Mimecast have developed an integration that combines email security with enterprise security and threat management.
Palo Alto Network’s Cortex
Email remains the primary attack vector and the front line of incident detection, response and remediation. That’s why integrated email security controls are vital to completing your Cortex Data Lake solution.