About the connector
Mimecast specializes in cloud-based email management for Microsoft Exchange and Microsoft Office 365, and offers security, archiving, and continuity services to protect business mail.
This document provides information about the Mimecast connector, which facilitates automated interactions, with a Mimecast server using FortiSOAR™ playbooks. Add the Mimecast connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a sender to the blocked sender list on Mimecast or retrieving information about a tracked message from Mimecast.
Version information
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
Installing the connector
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-mimecast
For the detailed procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must know the URL of the Mimecast server to which you will connect and perform automated operations and credentials to access the server.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Connectors page, select the Mimecast connector and click Configure to configure the following parameters:
| Parameter |
Description |
| Server URL |
URL of the Mimecast server to which you will connect and perform automated operations. |
| Username |
Username to access the Mimecast Administration Console. |
| Password |
Password to access the Mimecast Administration Console. |
| Application ID |
Mimecast API application has a unique API Application ID that is used to create an authentication token that you can use to access the API. |
| Application Key |
Mimecast API application has a unique API Application Key that is used to create an authentication token that you can use to access the API. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Create Blocked Sender Policy |
Creates a policy for blocking senders on the Mimecast server. |
create_policy
Containment |
| Get Blocked Sender Policy |
Retrieves a list and details of all blocked sender policies for a Mimecast account from the Mimecast server, or retrieves the details of a specific policy based on the policy ID you have specified. |
get_policy
Investigation |
| Create Group |
Creates a new group on the Mimecast server. |
create_group
Containment |
| Delete Group |
Deletes an existing group from the Mimecast server. |
delete_group
Miscellaneous |
| Find Groups |
Retrieves details of existing Mimecast groups from the Mimecast server, based on the input parameters (filter criteria) you have specified.
If you do not specify any filter criteria, then details of all existing groups are retrieved from the Mimecast server. |
get_groups
Investigation |
| Update Group |
Updates a group on the Mimecast server, based on the input parameters you have specified. |
update_group
Investigation |
| Add Group Member |
Adds a member (user) to the specified group on the Mimecast server, based on the email address or the domain of the user you have specified. |
add_group_member
Investigation |
| Get Group Member |
Retrieves details of the members of a specific group on the Mimecast server, based on the group ID you have specified. |
get_group_member
Investigation |
| Remove Group Member |
Adds a member from the specified group on the Mimecast server, based on the email address or the domain of the user you have specified. |
remove_group_member
Remediation |
| Block Sender |
Adds a sender to the blocked sender list on the Mimecast server. |
block_sender
Containment |
| Unblock Sender |
Adds a sender to the permitted sender list on the Mimecast server. |
unblock_sender
Remediation |
| Blacklist URL |
Adds a URL to be blacklisted on the Mimecast server. |
block_url
Containment |
| Whitelist URL |
Adds a URL to the targeted threat protection whitelist on the Mimecast server. |
unblock_url
Remediation |
| Get Managed URL |
Retrieves a list and details of managed URLs from the targeted threat protection blacklist or whitelist on the Mimecast server. |
get_managed_url
Investigation |
operation: Create Blocked Sender Policy
Input parameters
| Parameter |
Description |
| Action |
The block option or action to be taken. Choose from one of the following: Blocked Sender or No Action. |
| Description |
Description of the blocked sender policy that you want to create on the Mimecast server. This description is kept with the email in the Archive for future reference. |
| Sender Type |
Type of sender that you are blocking using this blocked sender policy. Choose from one of the following: Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address. |
| Sender Value |
(Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.
- If you have selected Sender Type as Email Domain, then enter a domain name in this field without the @ symbol.
- If you have selected Sender Type as Profile Group, then enter the ID of the profile group in this field.
- If you have selected Sender Type as Individual Email Address, then enter an email address in this field.
|
| Addresses Based on |
Addresses based on which you will block the sender using this blocked sender policy. Choose from one of the following: Envelope From, Header From, or Both. |
| Receiver Type |
Type of receiver included in this blocked sender policy. Choose from one of the following: Everyone, Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address. |
| Receiver Value |
(Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.
- If you have selected Receiver Type as Email Domain, then enter a domain name in this field without the @ symbol.
- If you have selected Receiver Type as Profile Group, then enter the ID of the profile group in this field.
- If you have selected Receiver Type as Individual Email Address, then enter an email address in this field.
|
| Source IP |
(Optional) CSV list of IP addresses that use the CIDR notation (X.X.X.X/XX). When you specify the source IP, then this blocked sender policy applies only for connections from matching IP addresses. |
Output
The JSON output contains details of the blocked sender policy that you have created on the Mimecast server.
Following image displays a sample output:
operation: Get Blocked Sender Policy
Input parameters
| Parameter |
Description |
| Policy ID |
(Optional) Policy ID whose blocked sender details you want to retrieve from the Mimecast server. |
Output
The JSON output contains a list and details of all blocked sender policies for a Mimecast account retrieved from the Mimecast server or retrieves details for a specific policy, based on the Policy ID you have specified.
Following image displays a sample output:
operation: Create Group
Input parameters
| Parameter |
Description |
| Description |
Description of the new group that you want to create on the Mimecast server. |
| Parent ID |
(Optional) ID of the parent group under which you want to create the new group on the Mimecast server.
If you do not specify any parent ID, then the new group will be created at the root level on the Mimecast server. |
Output
The JSON output contains details of the new group that you have created on the Mimecast server.
Following image displays a sample output:
operation: Delete Group
Input parameters
| Parameter |
Description |
| Group ID |
Mimecast ID of the group that you want to delete from the Mimecast server.
Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server. |
Output
The JSON output contains details of the group that you have deleted from the Mimecast server.
Following image displays a sample output:
operation: Find Groups
Input parameters
| Parameter |
Description |
| Query |
Query string based on which you want to search for groups on the Mimecast server.
Note: If you do not provide any query string then details of all existing groups are retrieved from the Mimecast server. |
| Source |
Source of the group based on which you want to search for groups on the Mimecast server. Choose from one of the following: Cloud or LDAP. |
| Page Size |
(Optional) Number of results that are requested by this operation. |
| Page Token |
(Optional) Value of the Next or Previous fields from an earlier request. |
Output
The JSON output contains details of all existing groups or details of groups that match your specified filter criteria retrieved from the Mimecast server.
Following image displays a sample output:
operation: Update Group
Input parameters
| Parameter |
Description |
| Group ID |
Mimecast ID of the group that you want to update on the Mimecast server.
Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server. |
| Description |
(Optional) Updates the name of the group. |
| Parent ID |
(Optional) Updates the parent groups of the group specified in this operation. |
Output
The JSON output contains updated details of the specified group retrieved from the Mimecast server.
Following image displays a sample output:
operation: Add Group Member
Input parameters
| Parameter |
Description |
| Group ID |
Mimecast ID of the group in which you want to add a member (user). |
| Email Address |
Email address of the user that you want to add to the specified group.
Note: You must specify either the email address or the domain of the user that you want to add to the specified group. |
| Domain |
Domain of the user that you want to add to the specified group. |
Output
The JSON output contains details of the member that you have added to the specified group on the Mimecast server.
Following image displays a sample output:
operation: Get Group Member
Input parameters
| Parameter |
Description |
| Group ID |
Mimecast ID of the group whose member details you want to retrieve from the Mimecast server. |
| Page Size |
(Optional) Number of results that are requested by this operation. |
| Page Token |
(Optional) Value of the Next or Previous fields from an earlier request. |
Output
The JSON output contains details of the members who are part of the group that you have specified retrieved from the Mimecast server.
Following image displays a sample output:
operation: Remove Group Member
Input parameters
| Parameter |
Description |
| Group ID |
Mimecast ID of the group from which you want to remove a member (user). |
| Email Address |
Email address of the user that you want to remove from the specified group.
Note: You must specify either the email address or the domain of the user that you want to remove from the specified group. |
| Domain |
Domain of the user that you want to remove from the specified group. |
Output
The JSON output contains details of the member that you have removed from the specified group on the Mimecast server.
Following image displays a sample output:
operation: Block Sender
Input parameters
| Parameter |
Description |
| Sender Email ID |
Email address of the sender to be blocked on the Mimecast server. |
| Recipient Email ID |
Email address of the recipient to be blocked on the Mimecast server. |
Output
The JSON output contains details of the sender that you have blocked on the Mimecast server.
Following image displays a sample output:
operation: Unblock Sender
Input parameters
| Parameter |
Description |
| Sender Email ID |
Email address of the sender to be unblocked on the Mimecast server. |
| Recipient Email ID |
Email address of the recipient to be unblocked on the Mimecast server. |
Output
The JSON output contains details of the sender that you have unblocked on the Mimecast server.
Following image displays a sample output:
operation: Blacklist URL
Input parameters
| Parameter |
Description |
| URL |
URL that you want to blacklist on the Mimecast server.
Note: Do not include a fragment (#) |
| Disable Log Click |
(Optional) Disables logging of user clicks on the specified URL.
By default, this is set to False. |
| Match Type |
(Optional) Select Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL with the same domain. |
| Comment |
(Optional) Comment about why you want to blacklist the specified URL on the Mimecast server. Comments are used for tracking purposes. |
Output
The JSON output contains details of the URL or domain that you have blacklisted on the Mimecast server.
Following image displays a sample output:
operation: Whitelist URL
Input parameters
| Parameter |
Description |
| URL |
URL that you want to include in the targeted threat protection whitelist on the Mimecast server.
Note: Do not include a fragment (#) |
| Disable Rewrite |
(Optional) Select this option to disable rewriting of the specified URL in emails. |
| Disable User Awareness |
(Optional) Select this option to disable user awareness of the specified URL. |
| Disable Log Click |
(Optional) Disables logging of user clicks on the specified URL.
By default, this is set to False. |
| Match Type |
(Optional) Select Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL with the same domain. |
| Comment |
(Optional) Comment about why you want to whitelist the specified URL on the Mimecast server. Comments are used for tracking purposes. |
Output
The JSON output contains details of the URL or domain that you have whitelisted on the Mimecast server.
Following image displays a sample output:
operation: Get Managed URL
Input parameters
None.
Output
The JSON output contains a list and details of managed URLs from the targeted threat protection blacklist or whitelist on the Mimecast server.
Following image displays a sample output:
Included playbooks
The Sample - Mimecast - 1.0.0 playbook collection comes bundled with the Mimecast connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Mimecast connector.
- Add Group Member
- Blacklist URL
- Block Sender
- Create Blocked Sender Policy
- Create Group
- Delete Group
- Find Groups
- Get Blocked Sender Policy
- Get Group Member
- Get Managed URL
- Remove Group Member
- Unblock Sender
- Update Group
- Whitelist URL
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
