Mimecast specializes in cloud-based email management for Microsoft Exchange and Microsoft Office 365, and offers security, archiving, and continuity services to protect business mail.
This document provides information about the Mimecast connector, which facilitates automated interactions, with a Mimecast server using FortiSOAR™ playbooks. Add the Mimecast connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a sender to the blocked sender list on Mimecast or retrieving information about a tracked message from Mimecast.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-mimecast
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the Mimecast connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the Mimecast server to which you will connect and perform automated operations. |
Username | Username to access the Mimecast Administration Console. |
Password | Password to access the Mimecast Administration Console. |
Application ID | Mimecast API application has a unique API Application ID that is used to create an authentication token that you can use to access the API. |
Application Key | Mimecast API application has a unique API Application Key that is used to create an authentication token that you can use to access the API. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Blocked Sender Policy | Creates a policy for blocking senders on the Mimecast server. | create_policy Containment |
Get Blocked Sender Policy | Retrieves a list and details of all blocked sender policies for a Mimecast account from the Mimecast server, or retrieves the details of a specific policy based on the policy ID you have specified. | get_policy Investigation |
Create Group | Creates a new group on the Mimecast server. | create_group Containment |
Delete Group | Deletes an existing group from the Mimecast server. | delete_group Miscellaneous |
Find Groups | Retrieves details of existing Mimecast groups from the Mimecast server, based on the input parameters (filter criteria) you have specified. If you do not specify any filter criteria, then details of all existing groups are retrieved from the Mimecast server. |
get_groups Investigation |
Update Group | Updates a group on the Mimecast server, based on the input parameters you have specified. | update_group Investigation |
Add Group Member | Adds a member (user) to the specified group on the Mimecast server, based on the email address or the domain of the user you have specified. | add_group_member Investigation |
Get Group Member | Retrieves details of the members of a specific group on the Mimecast server, based on the group ID you have specified. | get_group_member Investigation |
Remove Group Member | Adds a member from the specified group on the Mimecast server, based on the email address or the domain of the user you have specified. | remove_group_member Remediation |
Block Sender | Adds a sender to the blocked sender list on the Mimecast server. | block_sender Containment |
Unblock Sender | Adds a sender to the permitted sender list on the Mimecast server. | unblock_sender Remediation |
Blacklist URL | Adds a URL to be blacklisted on the Mimecast server. | block_url Containment |
Whitelist URL | Adds a URL to the targeted threat protection whitelist on the Mimecast server. | unblock_url Remediation |
Get Managed URL | Retrieves a list and details of managed URLs from the targeted threat protection blacklist or whitelist on the Mimecast server. | get_managed_url Investigation |
Parameter | Description |
---|---|
Action | The block option or action to be taken. Choose from one of the following: Blocked Sender or No Action. |
Description | Description of the blocked sender policy that you want to create on the Mimecast server. This description is kept with the email in the Archive for future reference. |
Sender Type | Type of sender that you are blocking using this blocked sender policy. Choose from one of the following: Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address. |
Sender Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.
|
Addresses Based on | Addresses based on which you will block the sender using this blocked sender policy. Choose from one of the following: Envelope From, Header From, or Both. |
Receiver Type | Type of receiver included in this blocked sender policy. Choose from one of the following: Everyone, Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address. |
Receiver Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.
|
Source IP | (Optional) CSV list of IP addresses that use the CIDR notation (X.X.X.X/XX). When you specify the source IP, then this blocked sender policy applies only for connections from matching IP addresses. |
The JSON output contains details of the blocked sender policy that you have created on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Policy ID | (Optional) Policy ID whose blocked sender details you want to retrieve from the Mimecast server. |
The JSON output contains a list and details of all blocked sender policies for a Mimecast account retrieved from the Mimecast server or retrieves details for a specific policy, based on the Policy ID you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Description | Description of the new group that you want to create on the Mimecast server. |
Parent ID | (Optional) ID of the parent group under which you want to create the new group on the Mimecast server. If you do not specify any parent ID, then the new group will be created at the root level on the Mimecast server. |
The JSON output contains details of the new group that you have created on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group ID | Mimecast ID of the group that you want to delete from the Mimecast server. Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server. |
The JSON output contains details of the group that you have deleted from the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Query | Query string based on which you want to search for groups on the Mimecast server. Note: If you do not provide any query string then details of all existing groups are retrieved from the Mimecast server. |
Source | Source of the group based on which you want to search for groups on the Mimecast server. Choose from one of the following: Cloud or LDAP. |
Page Size | (Optional) Number of results that are requested by this operation. |
Page Token | (Optional) Value of the Next or Previous fields from an earlier request. |
The JSON output contains details of all existing groups or details of groups that match your specified filter criteria retrieved from the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group ID | Mimecast ID of the group that you want to update on the Mimecast server. Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server. |
Description | (Optional) Updates the name of the group. |
Parent ID | (Optional) Updates the parent groups of the group specified in this operation. |
The JSON output contains updated details of the specified group retrieved from the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group ID | Mimecast ID of the group in which you want to add a member (user). |
Email Address | Email address of the user that you want to add to the specified group. Note: You must specify either the email address or the domain of the user that you want to add to the specified group. |
Domain | Domain of the user that you want to add to the specified group. |
The JSON output contains details of the member that you have added to the specified group on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group ID | Mimecast ID of the group whose member details you want to retrieve from the Mimecast server. |
Page Size | (Optional) Number of results that are requested by this operation. |
Page Token | (Optional) Value of the Next or Previous fields from an earlier request. |
The JSON output contains details of the members who are part of the group that you have specified retrieved from the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group ID | Mimecast ID of the group from which you want to remove a member (user). |
Email Address | Email address of the user that you want to remove from the specified group. Note: You must specify either the email address or the domain of the user that you want to remove from the specified group. |
Domain | Domain of the user that you want to remove from the specified group. |
The JSON output contains details of the member that you have removed from the specified group on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Sender Email ID | Email address of the sender to be blocked on the Mimecast server. |
Recipient Email ID | Email address of the recipient to be blocked on the Mimecast server. |
The JSON output contains details of the sender that you have blocked on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Sender Email ID | Email address of the sender to be unblocked on the Mimecast server. |
Recipient Email ID | Email address of the recipient to be unblocked on the Mimecast server. |
The JSON output contains details of the sender that you have unblocked on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
URL | URL that you want to blacklist on the Mimecast server. Note: Do not include a fragment (#) |
Disable Log Click | (Optional) Disables logging of user clicks on the specified URL. By default, this is set to False. |
Match Type | (Optional) Select Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL with the same domain. |
Comment | (Optional) Comment about why you want to blacklist the specified URL on the Mimecast server. Comments are used for tracking purposes. |
The JSON output contains details of the URL or domain that you have blacklisted on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
URL | URL that you want to include in the targeted threat protection whitelist on the Mimecast server. Note: Do not include a fragment (#) |
Disable Rewrite | (Optional) Select this option to disable rewriting of the specified URL in emails. |
Disable User Awareness | (Optional) Select this option to disable user awareness of the specified URL. |
Disable Log Click | (Optional) Disables logging of user clicks on the specified URL. By default, this is set to False. |
Match Type | (Optional) Select Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL with the same domain. |
Comment | (Optional) Comment about why you want to whitelist the specified URL on the Mimecast server. Comments are used for tracking purposes. |
The JSON output contains details of the URL or domain that you have whitelisted on the Mimecast server.
Following image displays a sample output:
None.
The JSON output contains a list and details of managed URLs from the targeted threat protection blacklist or whitelist on the Mimecast server.
Following image displays a sample output:
The Sample - Mimecast - 1.0.0
playbook collection comes bundled with the Mimecast connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Mimecast connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Mimecast specializes in cloud-based email management for Microsoft Exchange and Microsoft Office 365, and offers security, archiving, and continuity services to protect business mail.
This document provides information about the Mimecast connector, which facilitates automated interactions, with a Mimecast server using FortiSOAR™ playbooks. Add the Mimecast connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a sender to the blocked sender list on Mimecast or retrieving information about a tracked message from Mimecast.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-mimecast
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the Mimecast connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the Mimecast server to which you will connect and perform automated operations. |
Username | Username to access the Mimecast Administration Console. |
Password | Password to access the Mimecast Administration Console. |
Application ID | Mimecast API application has a unique API Application ID that is used to create an authentication token that you can use to access the API. |
Application Key | Mimecast API application has a unique API Application Key that is used to create an authentication token that you can use to access the API. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Blocked Sender Policy | Creates a policy for blocking senders on the Mimecast server. | create_policy Containment |
Get Blocked Sender Policy | Retrieves a list and details of all blocked sender policies for a Mimecast account from the Mimecast server, or retrieves the details of a specific policy based on the policy ID you have specified. | get_policy Investigation |
Create Group | Creates a new group on the Mimecast server. | create_group Containment |
Delete Group | Deletes an existing group from the Mimecast server. | delete_group Miscellaneous |
Find Groups | Retrieves details of existing Mimecast groups from the Mimecast server, based on the input parameters (filter criteria) you have specified. If you do not specify any filter criteria, then details of all existing groups are retrieved from the Mimecast server. |
get_groups Investigation |
Update Group | Updates a group on the Mimecast server, based on the input parameters you have specified. | update_group Investigation |
Add Group Member | Adds a member (user) to the specified group on the Mimecast server, based on the email address or the domain of the user you have specified. | add_group_member Investigation |
Get Group Member | Retrieves details of the members of a specific group on the Mimecast server, based on the group ID you have specified. | get_group_member Investigation |
Remove Group Member | Adds a member from the specified group on the Mimecast server, based on the email address or the domain of the user you have specified. | remove_group_member Remediation |
Block Sender | Adds a sender to the blocked sender list on the Mimecast server. | block_sender Containment |
Unblock Sender | Adds a sender to the permitted sender list on the Mimecast server. | unblock_sender Remediation |
Blacklist URL | Adds a URL to be blacklisted on the Mimecast server. | block_url Containment |
Whitelist URL | Adds a URL to the targeted threat protection whitelist on the Mimecast server. | unblock_url Remediation |
Get Managed URL | Retrieves a list and details of managed URLs from the targeted threat protection blacklist or whitelist on the Mimecast server. | get_managed_url Investigation |
Parameter | Description |
---|---|
Action | The block option or action to be taken. Choose from one of the following: Blocked Sender or No Action. |
Description | Description of the blocked sender policy that you want to create on the Mimecast server. This description is kept with the email in the Archive for future reference. |
Sender Type | Type of sender that you are blocking using this blocked sender policy. Choose from one of the following: Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address. |
Sender Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.
|
Addresses Based on | Addresses based on which you will block the sender using this blocked sender policy. Choose from one of the following: Envelope From, Header From, or Both. |
Receiver Type | Type of receiver included in this blocked sender policy. Choose from one of the following: Everyone, Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address. |
Receiver Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.
|
Source IP | (Optional) CSV list of IP addresses that use the CIDR notation (X.X.X.X/XX). When you specify the source IP, then this blocked sender policy applies only for connections from matching IP addresses. |
The JSON output contains details of the blocked sender policy that you have created on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Policy ID | (Optional) Policy ID whose blocked sender details you want to retrieve from the Mimecast server. |
The JSON output contains a list and details of all blocked sender policies for a Mimecast account retrieved from the Mimecast server or retrieves details for a specific policy, based on the Policy ID you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Description | Description of the new group that you want to create on the Mimecast server. |
Parent ID | (Optional) ID of the parent group under which you want to create the new group on the Mimecast server. If you do not specify any parent ID, then the new group will be created at the root level on the Mimecast server. |
The JSON output contains details of the new group that you have created on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group ID | Mimecast ID of the group that you want to delete from the Mimecast server. Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server. |
The JSON output contains details of the group that you have deleted from the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Query | Query string based on which you want to search for groups on the Mimecast server. Note: If you do not provide any query string then details of all existing groups are retrieved from the Mimecast server. |
Source | Source of the group based on which you want to search for groups on the Mimecast server. Choose from one of the following: Cloud or LDAP. |
Page Size | (Optional) Number of results that are requested by this operation. |
Page Token | (Optional) Value of the Next or Previous fields from an earlier request. |
The JSON output contains details of all existing groups or details of groups that match your specified filter criteria retrieved from the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group ID | Mimecast ID of the group that you want to update on the Mimecast server. Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server. |
Description | (Optional) Updates the name of the group. |
Parent ID | (Optional) Updates the parent groups of the group specified in this operation. |
The JSON output contains updated details of the specified group retrieved from the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group ID | Mimecast ID of the group in which you want to add a member (user). |
Email Address | Email address of the user that you want to add to the specified group. Note: You must specify either the email address or the domain of the user that you want to add to the specified group. |
Domain | Domain of the user that you want to add to the specified group. |
The JSON output contains details of the member that you have added to the specified group on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group ID | Mimecast ID of the group whose member details you want to retrieve from the Mimecast server. |
Page Size | (Optional) Number of results that are requested by this operation. |
Page Token | (Optional) Value of the Next or Previous fields from an earlier request. |
The JSON output contains details of the members who are part of the group that you have specified retrieved from the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Group ID | Mimecast ID of the group from which you want to remove a member (user). |
Email Address | Email address of the user that you want to remove from the specified group. Note: You must specify either the email address or the domain of the user that you want to remove from the specified group. |
Domain | Domain of the user that you want to remove from the specified group. |
The JSON output contains details of the member that you have removed from the specified group on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Sender Email ID | Email address of the sender to be blocked on the Mimecast server. |
Recipient Email ID | Email address of the recipient to be blocked on the Mimecast server. |
The JSON output contains details of the sender that you have blocked on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
Sender Email ID | Email address of the sender to be unblocked on the Mimecast server. |
Recipient Email ID | Email address of the recipient to be unblocked on the Mimecast server. |
The JSON output contains details of the sender that you have unblocked on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
URL | URL that you want to blacklist on the Mimecast server. Note: Do not include a fragment (#) |
Disable Log Click | (Optional) Disables logging of user clicks on the specified URL. By default, this is set to False. |
Match Type | (Optional) Select Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL with the same domain. |
Comment | (Optional) Comment about why you want to blacklist the specified URL on the Mimecast server. Comments are used for tracking purposes. |
The JSON output contains details of the URL or domain that you have blacklisted on the Mimecast server.
Following image displays a sample output:
Parameter | Description |
---|---|
URL | URL that you want to include in the targeted threat protection whitelist on the Mimecast server. Note: Do not include a fragment (#) |
Disable Rewrite | (Optional) Select this option to disable rewriting of the specified URL in emails. |
Disable User Awareness | (Optional) Select this option to disable user awareness of the specified URL. |
Disable Log Click | (Optional) Disables logging of user clicks on the specified URL. By default, this is set to False. |
Match Type | (Optional) Select Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL with the same domain. |
Comment | (Optional) Comment about why you want to whitelist the specified URL on the Mimecast server. Comments are used for tracking purposes. |
The JSON output contains details of the URL or domain that you have whitelisted on the Mimecast server.
Following image displays a sample output:
None.
The JSON output contains a list and details of managed URLs from the targeted threat protection blacklist or whitelist on the Mimecast server.
Following image displays a sample output:
The Sample - Mimecast - 1.0.0
playbook collection comes bundled with the Mimecast connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Mimecast connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.