Fortinet Document Library

Version:


Table of Contents

1.1.0
Copy Link

About the connector

Mimecast specializes in cloud-based email management for Microsoft Exchange and Microsoft Office 365, and offers security, archiving, and continuity services to protect business mail.

This document provides information about the Mimecast connector, which facilitates automated interactions, with a Mimecast server using FortiSOAR™ playbooks. Add the Mimecast connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a sender to the blocked sender list on Mimecast or retrieving information about a tracked message from Mimecast.

Version information

Connector Version: 1.1.0

FortiSOAR™ version Tested on: 4.11.0-1161

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.1.0

Following enhancements have been made to the Mimecast Connector in version 1.1.0:

  • Added the following new operations and playbooks:

    • Update Blocked Sender Policy

    • Delete Blocked Sender Policy

    • Get Message List

    • Get Message Details
    • Get Tracked Message Info
    • Search Message
    • Track Message
    • Get Aliases 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-mimecast

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

  • You must have the URL of Mimecast server to which you will connect and perform automated operations and credentials to access that server.
  • To access theFortiSOAR™ UI, ensure that port 443 is open through the firewall for theFortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Mimecast connector, and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the Mimecast server to which you will connect and perform automated operations.
Auth Type Type of authentication used to connect to the Mimecast API application. Mimecast API application supports two types of authentication: Basic Cloud that uses a password to connect to the Mimecast Administration Console, and Basic AD that uses a domain password to connect to the Mimecast Administration Console.
Note: This version of the Mimecast connector supports only Basic Cloud.  
Username Username to access the Mimecast Administration Console.
Password Password to access the Mimecast Administration Console.
Application ID Mimecast API application has a unique API Application ID that is used to create an authentication token that you can use to access the API.
Application Key Mimecast API application has a unique API Application Key that is used to create an authentication token that you can use to access the API.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Create Blocked Sender Policy Creates a policy for blocking senders on the Mimecast server. create_policy
Containment
Get Blocked Sender Policy Retrieves a list and details of all blocked sender policies for a Mimecast account from the Mimecast server, or retrieves the details of a specific policy based on the policy ID you have specified. get_policy
Investigation
Update Blocked Sender Policy Updates an existing blocked sender policy from a Mimecast account on the Mimecast server, based on the policy id, action, and other input parameters you have specified. update_policy
Miscellaneous
Delete Blocked Sender Policy Deletes an existing blocked sender policy from a Mimecast account on the Mimecast server, based on the policy id you have specified. delete_policy
Miscellaneous
Create Group Creates a new group on the Mimecast server. create_group
Containment
Delete Group Deletes an existing group from the Mimecast server. delete_group
Miscellaneous
Find Groups Retrieves details of existing Mimecast groups from the Mimecast server, based on the input parameters (filter criteria) you have specified.  
If you do not specify any filter criteria, then details of all existing groups are retrieved from the Mimecast server.
get_groups
Investigation
Update Group Updates a group on the Mimecast server, based on the input parameters you have specified.   update_group
Investigation
Add Group Member Adds members (users) to the specified group on the Mimecast server, based on the csv list of email addresses or domains of the users you have specified. add_group_member
Investigation
Get Group Member Retrieves details of the members of a specific group on the Mimecast server, based on the group ID you have specified. get_group_member
Investigation
Remove Group Member Removes a member from the specified group on the Mimecast server, based on the email address or the domain of the user you have specified. remove_group_member
Remediation
Block Sender Adds a sender to the blocked sender list on the Mimecast server. block_sender  
Containment
Unblock Sender Adds a sender to the permitted sender list on the Mimecast server. unblock_sender
Remediation
Blacklist URL Adds a URL to be blacklisted on the Mimecast server. block_url  
Containment
Whitelist URL Adds a URL to the targeted threat protection whitelist on the Mimecast server.   unblock_url
Remediation
Get Managed URL Retrieves a list and details of managed URLs from the targeted threat protection blacklist or whitelist on the Mimecast server. get_managed_url
Investigation
Get Message List Retrieves a list of messages for a specified user or the logged in user from Mimecast. get_message_list
Investigation
Get Message Details Retrieves metadata for a message from the Mimecast archives, based on the message ID you have specified. get_message_detail
Investigation
Get Tracked Message Info Retrieves information for a tracked message from Mimecast, based on the message ID you have specified. get_tracked_message_info
Investigation
Search Message Retrieves a list of messages from Mimecast that match the search criteria that you have specified. search_message
Investigation
Track Message Tracks messages across the Mimecast platform, based on the input parameters you have specified track_message
Investigation
Get Aliases Retrieves the alias address(es) associated with a user from Mimecast, based on the email address you have specified. get_aliases
Investigation

operation: Create Blocked Sender Policy

Input parameters

Parameter Description
Action The block option or action to be taken. Choose from one of the following: Blocked Sender or No Action.
Description Description of the blocked sender policy that you want to create on the Mimecast server. This description is kept with the email in the Archive for future reference.
Sender Type Type of sender that you are blocking using this blocked sender policy. Choose from one of the following: Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address.
Sender Value (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.  
  • If you have selected Sender Type as Email Domain, then enter a domain name in this field without the @ symbol.  
  • If you have selected Sender Type as Profile Group, then enter the ID of the profile group in this field.  
  • If you have selected Sender Type as Individual Email Address, then enter an email address in this field.
Addresses Based on Addresses based on which you will block the sender using this blocked sender policy. Choose from one of the following: Envelope From, Header From, or Both.
Receiver Type Type of receiver included in this blocked sender policy. Choose from one of the following: Everyone, Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address.
Receiver Value (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.
  • If you have selected Receiver Type as Email Domain, then enter a domain name in this field without the @ symbol.  
  • If you have selected Receiver Type as Profile Group, then enter the ID of the profile group in this field.  
  • If you have selected Receiver Type as Individual Email Address, then enter an email address in this field.
Source IP (Optional) CSV list of IP addresses that use the CIDR notation (X.X.X.X/XX). When you specify the source IP, then this blocked sender policy applies only for connections from matching IP addresses.

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "option": "",
             "policy": {
                 "fromType": "",
                 "fromValue": "",
                 "fromEternal": "",
                 "from": {
                     "emailDomain": "",
                     "type": "",
                     "groupId": "",
                     "emailAddress": ""
                 },
                 "fromPart": "",
                 "conditions": {
                     "sourceIPs": []
                 },
                 "toDate": "",
                 "fromDate": "",
                 "toType": "",
                 "override": "",
                 "bidirectional": "",
                 "toEternal": "",
                 "description": "",
                 "to": {
                     "emailDomain": "",
                     "type": "",
                     "groupId": "",
                     "emailAddress": ""
                 }
             },
             "id": ""
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Get Blocked Sender Policy

Input parameters

Parameter Description
Policy ID (Optional) Policy ID whose blocked sender details you want to retrieve from the Mimecast server.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "option": "",
             "policy": {
                 "fromType": "",
                 "from": {
                     "type": ""
                 },
                 "fromPart": "",
                 "conditions": {},
                 "toDate": "",
                 "fromDate": "",
                 "toType": "",
                 "override": "",
                 "bidirectional": "",
                 "toEternal": "",
                 "description": "",
                 "to": {
                     "type": ""
                 }
             },
             "id": ""
         }
     ],
     "fail": []
}

operation: Update Blocked Sender Policy

Input parameters

Parameter Description
Policy ID ID of the existing blocked sender policy that you want to update on Mimecast.
Action Block option or action to be taken. Choose from one of the following: Blocked Sender or No Action.
Description Description of the blocked sender policy that you want to update on the Mimecast server. This description is kept with the email in the Archive for future reference.
Sender Type Type of sender that you are blocking using this blocked sender policy. Choose from one of the following: Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address.
Sender Value (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.  
  • If you have selected Sender Type as Email Domain, then enter a domain name in this field without the @ symbol.  
  • If you have selected Sender Type as Profile Group, then enter the ID of the profile group in this field.  
  • If you have selected Sender Type as Individual Email Address, then enter an email address in this field.
Addresses Based on Addresses based on which you will block the sender using this blocked sender policy. Choose from one of the following: Envelope From, Header From, or Both.
Receiver Type Type of receiver included in this blocked sender policy. Choose from one of the following: Everyone, Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address.
Receiver Value (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.
  • If you have selected Receiver Type as Email Domain, then enter a domain name in this field without the @ symbol.  
  • If you have selected Receiver Type as Profile Group, then enter the ID of the profile group in this field.  
  • If you have selected Receiver Type as Individual Email Address, then enter an email address in this field.
Source IP (Optional) CSV list of IP addresses that use the CIDR notation (X.X.X.X/XX). When you specify the source IP, then this blocked sender policy applies only for connections from matching IP addresses.

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "option": "",
             "policy": {
                 "fromType": "",
                 "fromValue": "",
                 "fromEternal": "",
                 "from": {
                     "type": "",
                     "emailAddress": ""
                 },
                 "description": "",
                 "conditions": {},
                 "toDate": "",
                 "toEternal": "",
                 "toType": "",
                 "override": "",
                 "bidirectional": "",
                 "fromDate": "",
                 "fromPart": "",
                 "to": {
                     "type": ""
                 }
             },
             "id": ""
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Delete Blocked Sender Policy

Input parameters

Parameter Description
Policy ID ID of the existing blocked sender policy that you want to delete from Mimecast.

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "id": "",
             "deleted": ""
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Create Group

Input parameters

Parameter Description
Description Description of the new group that you want to create on the Mimecast server.
Parent ID (Optional) ID of the parent group under which you want to create the new group on the Mimecast server.  
If you do not specify any parent ID, then the new group will be created at the root level on the Mimecast server.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "parentId": "",
             "source": "",
             "userCount": "",
             "folderCount": "",
             "description": "",
             "id": ""
         }
     ],
     "fail": []
}

operation: Find Groups

Input parameters

Parameter Description
Query Query string based on which you want to search for groups on the Mimecast server.  
Note: If you do not provide any query string then details of all existing groups are retrieved from the Mimecast server.
Source Source of the group based on which you want to search for groups on the Mimecast server. Choose from one of the following: Cloud or LDAP.
Page Size (Optional) Number of results that are requested by this operation.
Page Token (Optional) Value of the Next or Previous fields from an earlier request.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "pagination": {
             "pageSize": "",
             "previous": ""
         },
         "status": ""
     },
     "data": [
         {
             "folders": [
                 {
                     "parentId": "",
                     "source": "",
                     "userCount": "",
                     "folderCount": "",
                     "description": "",
                     "id": ""
                 }
             ],
             "query": "",
             "source": ""
         }
     ],
     "fail": []
}

operation: Update Group

Input parameters

Parameter Description
Group ID Mimecast ID of the group that you want to update on the Mimecast server.  
Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server.
Description (Optional) Updates the name of the group.
Parent ID (Optional) Updates the parent groups of the group specified in this operation.

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "folderCount": "",
             "parentId": "",
             "source": "",
             "userCount": "",
             "description": "",
             "id": ""
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Delete Group

Input parameters

Parameter Description
Group ID Mimecast ID of the group that you want to delete from the Mimecast server.  
Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "status": "",
             "id": ""
         }
     ],
     "fail": []
}

operation: Add Group Member

Input parameters

Parameter Description
Group ID Mimecast ID of the group in which you want to add a member (user).
Email Address CSV list of email addresses of users that you want to add to the specified group.  
Domain CSV list of domains of users that you want to add to the specified group.  

Output

The output contains the following populated JSON schema:
{
     "data": [
         {
             "folderId": "",
             "id": "",
             "internal": "",
             "domain": "",
             "emailAddress": ""
         }
     ],
     "fail": [
         {
             "errors": [
                 {
                     "message": "",
                     "retryable": "",
                     "code": ""
                 }
             ],
             "key": {
                 "emailAddress": "",
                 "id": "",
                 "domain": ""
             }
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Get Group Member

Input parameters

Parameter Description
Group ID Mimecast ID of the group whose member details you want to retrieve from the Mimecast server.
Page Size (Optional) Number of results that are requested by this operation.
Page Token (Optional) Value of the Next or Previous fields from an earlier request.

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "groupMembers": [
                 {
                     "internal": "",
                     "domain": "",
                     "type": "",
                     "name": "",
                     "emailAddress": ""
                 }
             ]
         }
     ],
     "meta": {
         "pagination": {
             "pageSize": ""
         },
         "status": ""
     }
}

operation: Remove Group Member

Input parameters

Parameter Description
Group ID Mimecast ID of the group from which you want to remove a member (user).
Email Address Email address of the user that you want to remove from the specified group.  
Note: You must specify either the email address or the domain of the user that you want to remove from the specified group.
Domain Domain of the user that you want to remove from the specified group.  

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "domain": "",
             "id": "",
             "folderId": ""
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Block Sender

Input parameters

Parameter Description
Sender Email ID Email address of the sender to be blocked on the Mimecast server.
Recipient Email ID Email address of the recipient to be blocked on the Mimecast server.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "sender": "",
             "type": "",
             "id": "",
             "to": ""
         }
     ],
     "fail": []
}

operation: Unblock Sender

Input parameters

Parameter Description
Sender Email ID Email address of the sender to be unblocked on the Mimecast server.
Recipient Email ID Email address of the recipient to be unblocked on the Mimecast server.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "sender": "",
             "type": "",
             "id": "",
             "to": ""
         }
     ],
     "fail": []
}

operation: Get Managed URL

Input parameters

None.

Output

{
        "fail": [],
        "meta": {
          "status": "",
          "pagination": {
            "pageSize": "",
            "recordStart": "",
            "next": ""
          }
        },
        "data": [
          {
            "status": "",
            "received": "",
            "from": {
              "displayableName": "",
              "emailAddress": ""
            },
            "smash": "",
            "read": "",
            "attachmentCount": "",
            "ccm": "",
            "to": {
              "displayableName": "",
              "emailAddress": ""
            },
            "recalled": "",
            "subject": "",
            "expired": "",
            "id": "",
            "size": ""
          }
        ]
      }

operation: Blacklist URL

Input parameters

Parameter Description
URL URL that you want to blacklist on the Mimecast server.  
Note: Do not include a fragment (#)
Disable Log Click (Optional) Disables logging of user clicks on the specified URL.
By default, this is set to False.
Match Type (Optional) Select Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL with the same domain.
Comment (Optional) Comment about why you want to blacklist the specified URL on the Mimecast server. Comments are used for tracking purposes.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "comment": "",
             "disableRewrite": "",
             "scheme": "",
             "disableUserAwareness": "",
             "matchType": "",
             "port": "",
             "action": "",
             "id": "",
             "domain": "",
             "disableLogClick": ""
         }
     ],
     "fail": []
}

operation: Whitelist URL

Input parameters

Parameter Description
URL URL that you want to include in the targeted threat protection whitelist on the Mimecast server.  
Note: Do not include a fragment (#)
Disable Rewrite (Optional) Select this option to disable rewriting of the specified URL in emails.
Disable User Awareness (Optional) Select this option to disable user awareness of the specified URL.
Disable Log Click (Optional) Disables logging of user clicks on the specified URL.
By default, this is set to False.
Match Type (Optional) Select Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL with the same domain.
Comment (Optional) Comment about why you want to whitelist the specified URL on the Mimecast server. Comments are used for tracking purposes.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "comment": "",
             "disableRewrite": "",
             "scheme": "",
             "disableUserAwareness": "",
             "matchType": "",
             "port": "",
             "action": "",
             "id": "",
             "domain": "",
             "disableLogClick": ""
         }
     ],
     "fail": []
}

operation: Get Message List

Input parameters

Parameter Description
Mailbox Email address for which you want to retrieve the message list from Mimecast. If you do not specify any email address, then the message list for the logged in user are retrieved from Mimecast.
Source Type of message that you want to retrieve from Mimecast. Choose from the following options: INBOX or SENT.
By default, this is set as INBOX.
Start Time Start date of messages from when you want to retrieve messages from Mimecast.
By default, this is set as last calendar month.
End Time End date of messages till when you want to retrieve messages from Mimecast.
By default, this is set as current day.
Include Delegates Select this checkbox, i.e., set it to True to include messages for addresses for which the mailbox has delegate permissions.
By default, this is set as False.
Include Alias Select this checkbox, i.e., set it to True to include messages for alias addresses of the mailbox.
By default, this is set as True.
Page Token (Optional) Value of the Next or Previous fields from an earlier request.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "pagination": {
             "pageSize": "",
             "next": "",
             "recordStart": ""
         },
         "status": ""
     },
     "data": [
         {
             "received": "",
             "attachmentCount": "",
             "subject": "",
             "from": {
                 "emailAddress": "",
                 "displayableName": ""
             },
             "recalled": "",
             "status": "",
             "id": "",
             "read": "",
             "ccm": "",
             "smash": "",
             "expired": "",
             "to": {
                 "emailAddress": "",
                 "displayableName": ""
             },
             "size": ""
         }
     ],
     "fail": []
}

operation: Get Message Details

Input parameters

Parameter Description
Message ID Mimecast ID of the message whose metadata information you want to retrieve from the Mimecast archives.
Use the Get Message List operation to retrieve the message IDs for existing messages in the Mimecast archives.
Extract Attachment Data Select this option to extract attachments from emails and store those attachments in the FortiSOAR™ Attachments module.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "received": "",
             "headerDate": "",
             "mimeMessageId": "",
             "from": {
                 "emailAddress": "",
                 "displayableName": ""
             },
             "id": "",
             "status": "",
             "hasHtmlBody": "",
             "hasTextBody": "",
             "isPassthrough": "",
             "cc": [
                 {
                     "emailAddress": "",
                     "displayableName": ""
                 }
             ],
             "messageBodyPreview": "",
             "subject": "",
             "attachments": [
                 {
                     "contentType": "",
                     "extension": "",
                     "filename": "",
                     "contentId": "",
                     "sha256": "",
                     "id": "",
                     "bodyType": "",
                     "size": ""
                 }
             ],
             "envelopeFrom": {
                 "emailAddress": "",
                 "displayableName": ""
             },
             "smash": "",
             "headers": [
                 {
                     "values": [],
                     "name": ""
                 }
             ],
             "processed": "",
             "to": [
                 {
                     "emailAddress": "",
                     "displayableName": ""
                 }
             ],
             "size": "",
             "replyTo": {
                 "emailAddress": "",
                 "displayableName": ""
             }
         }
     ],
     "fail": []
}

operation: Get Tracked Message Info

Input parameters

Parameter Description
Message ID Mimecast ID of the message whose information you want to retrieve from Mimecast.
Use the Track Message operation to retrieve the message IDs for tracked messages.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "deliveredMessage": {
                 "user@domain.com": {
                     "messageInfo": {
                         "htmlBody": "",
                         "fromHeader": "",
                         "subject": "",
                         "sent": "",
                         "cc": [],
                         "fromEnvelope": "",
                         "attachments": [],
                         "route": "",
                         "processed": "",
                         "transmissionInfo": "",
                         "to": [],
                         "textBody": ""
                     },
                     "policyInfo": [
                         {
                             "policyType": "",
                             "policyName": "",
                             "inherited": ""
                         }
                     ],
                     "deliveryMetaInfo": {
                         "components": [
                             {
                                 "extension": "",
                                 "type": "",
                                 "mimeType": "",
                                 "name": "",
                                 "size": ""
                             }
                         ],
                         "transmissionEnd": "",
                         "transmissionStart": "",
                         "encryptionInfo": "",
                         "transmissionSize": "",
                         "remoteHost": "",
                         "emailAddress": "",
                         "remoteServerGreeting": "",
                         "deliveryEvent": "",
                         "processingServer": "",
                         "remoteIp": "",
                         "messageExpiresIn": "",
                         "receiptAcknowledgement": ""
                     }
                 }
             },
             "status": "",
             "id": "",
             "retentionInfo": {
                 "litigationHoldInfo": [],
                 "smartTags": [],
                 "fbrStamps": [],
                 "purgeBasedOn": "",
                 "fbrExpireCheck": [],
                 "currentPurgeDate": "",
                 "audits": [],
                 "originalPurgeDate": "",
                 "retentionAdjustmentDays": ""
             },
             "recipientInfo": {
                 "recipientMetaInfo": {
                     "components": [
                         {
                             "extension": "",
                             "type": "",
                             "mimeType": "",
                             "name": "",
                             "size": ""
                         }
                     ],
                     "receiptEvent": "",
                     "receiptAcknowledgement": "",
                     "remoteServerGreeting": "",
                     "encryptionInfo": "",
                     "transmissionSize": "",
                     "remoteHost": "",
                     "spamEvent": "",
                     "transmissionEnd": "",
                     "transmissionStart": "",
                     "processingServer": "",
                     "messageExpiresIn": "",
                     "binaryEmailSize": "",
                     "remoteIp": ""
                 },
                 "messageInfo": {
                     "cc": [],
                     "htmlBody": "",
                     "fromEnvelope": "",
                     "attachments": [],
                     "subject": "",
                     "fromHeader": "",
                     "processed": "",
                     "transmissionInfo": "",
                     "to": [],
                     "textBody": "",
                     "sent": ""
                 }
             }
         }
     ],
     "fail": []
}

operation: Search Message

Input parameters

Parameter Description
Email ID Email address that is configured in Mimecast whose messages you want to search on Mimecast.
Search Text Filter text based on which you want to search for messages on Mimecast.
Admin Select this option, i.e., set it to True if this search is an administrative search.  
By default, this is set as False, i.e., the search is an end user search.
Show (Optional) Define the time period for which you want to query for messages received in the specified email address.
Page Token (Optional) Value of the Next or Previous fields from an earlier request.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "pagination": {
             "pageSize": "",
             "next": "",
             "recordStart": ""
         },
         "status": ""
     },
     "data": [
         {
             "subject": "",
             "smash": "",
             "size": "",
             "receiveddate": "",
             "attachmentcount": "",
             "status": "",
             "id": "",
             "displayto": "",
             "displayfrom": ""
         }
     ],
     "fail": []
}

operation: Track Message

Input parameters

Parameter Description
Sender Email ID Email address or domain of the sender of the messages that you want to track on Mimecast.
Recipient Email ID Email address or domain of the recipient of the messages that you want to track on Mimecast.
Subject Subject of the messages that you want to track on Mimecast.
Search Reason Reason for tracking the messages on Mimecast.
Sender IP Source IP address of the messages that you want to track on Mimecast.
Start Time Date and time from when you want to track messages on Mimecast.
End Time Date and time till when you want to track messages on Mimecast.
Message ID Internet message ID of the message that you want to track on Mimecast.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "trackedEmails": [
                 {
                     "received": "",
                     "attachments": "",
                     "fromHdr": {
                         "emailAddress": "",
                         "displayableName": ""
                     },
                     "fromEnv": {
                         "emailAddress": "",
                         "displayableName": ""
                     },
                     "route": "",
                     "id": "",
                     "status": "",
                     "senderIP": "",
                     "to": [
                         {
                             "emailAddress": "",
                             "displayableName": ""
                         }
                     ],
                     "sent": "",
                     "subject": ""
                 }
             ]
         }
     ],
     "fail": []
}

operation: Get Aliases

Input parameters

Parameter Description
Email ID Primary email address of the user whose alias email addresses you want to retrieve from Mimecast

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "emailAddress": "",
             "aliases": [
                 {
                     "domain": "",
                     "type": "",
                     "emailAddress": "",
                     "displayName": "",
                     "isInternal": ""
                 }
             ]
         }
     ],
     "fail": []
}

Included playbooks

The Sample - Mimecast - 1.1.0 playbook collection comes bundled with the Mimecast connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Mimecast connector.

  • Add Group Member
  • Blacklist URL
  • Block Sender
  • Create Blocked Sender Policy
  • Create Group
  • Delete Blocked Sender Policy
  • Delete Group
  • Find Groups
  • Get Aliases
  • Get Blocked Sender Policy
  • Get Group Member
  • Get Managed URL
  • Get Message Details
  • Get Message List
  • Get Tracked Message Info
  • Remove Group Member
  • Search Message
  • Track Message
  • Unblock Sender
  • Update Blocked Sender Policy
  • Update Group
  • Whitelist URL

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Mimecast specializes in cloud-based email management for Microsoft Exchange and Microsoft Office 365, and offers security, archiving, and continuity services to protect business mail.

This document provides information about the Mimecast connector, which facilitates automated interactions, with a Mimecast server using FortiSOAR™ playbooks. Add the Mimecast connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a sender to the blocked sender list on Mimecast or retrieving information about a tracked message from Mimecast.

Version information

Connector Version: 1.1.0

FortiSOAR™ version Tested on: 4.11.0-1161

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.1.0

Following enhancements have been made to the Mimecast Connector in version 1.1.0:

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-mimecast

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Mimecast connector, and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the Mimecast server to which you will connect and perform automated operations.
Auth Type Type of authentication used to connect to the Mimecast API application. Mimecast API application supports two types of authentication: Basic Cloud that uses a password to connect to the Mimecast Administration Console, and Basic AD that uses a domain password to connect to the Mimecast Administration Console.
Note: This version of the Mimecast connector supports only Basic Cloud.  
Username Username to access the Mimecast Administration Console.
Password Password to access the Mimecast Administration Console.
Application ID Mimecast API application has a unique API Application ID that is used to create an authentication token that you can use to access the API.
Application Key Mimecast API application has a unique API Application Key that is used to create an authentication token that you can use to access the API.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Create Blocked Sender Policy Creates a policy for blocking senders on the Mimecast server. create_policy
Containment
Get Blocked Sender Policy Retrieves a list and details of all blocked sender policies for a Mimecast account from the Mimecast server, or retrieves the details of a specific policy based on the policy ID you have specified. get_policy
Investigation
Update Blocked Sender Policy Updates an existing blocked sender policy from a Mimecast account on the Mimecast server, based on the policy id, action, and other input parameters you have specified. update_policy
Miscellaneous
Delete Blocked Sender Policy Deletes an existing blocked sender policy from a Mimecast account on the Mimecast server, based on the policy id you have specified. delete_policy
Miscellaneous
Create Group Creates a new group on the Mimecast server. create_group
Containment
Delete Group Deletes an existing group from the Mimecast server. delete_group
Miscellaneous
Find Groups Retrieves details of existing Mimecast groups from the Mimecast server, based on the input parameters (filter criteria) you have specified.  
If you do not specify any filter criteria, then details of all existing groups are retrieved from the Mimecast server.
get_groups
Investigation
Update Group Updates a group on the Mimecast server, based on the input parameters you have specified.   update_group
Investigation
Add Group Member Adds members (users) to the specified group on the Mimecast server, based on the csv list of email addresses or domains of the users you have specified. add_group_member
Investigation
Get Group Member Retrieves details of the members of a specific group on the Mimecast server, based on the group ID you have specified. get_group_member
Investigation
Remove Group Member Removes a member from the specified group on the Mimecast server, based on the email address or the domain of the user you have specified. remove_group_member
Remediation
Block Sender Adds a sender to the blocked sender list on the Mimecast server. block_sender  
Containment
Unblock Sender Adds a sender to the permitted sender list on the Mimecast server. unblock_sender
Remediation
Blacklist URL Adds a URL to be blacklisted on the Mimecast server. block_url  
Containment
Whitelist URL Adds a URL to the targeted threat protection whitelist on the Mimecast server.   unblock_url
Remediation
Get Managed URL Retrieves a list and details of managed URLs from the targeted threat protection blacklist or whitelist on the Mimecast server. get_managed_url
Investigation
Get Message List Retrieves a list of messages for a specified user or the logged in user from Mimecast. get_message_list
Investigation
Get Message Details Retrieves metadata for a message from the Mimecast archives, based on the message ID you have specified. get_message_detail
Investigation
Get Tracked Message Info Retrieves information for a tracked message from Mimecast, based on the message ID you have specified. get_tracked_message_info
Investigation
Search Message Retrieves a list of messages from Mimecast that match the search criteria that you have specified. search_message
Investigation
Track Message Tracks messages across the Mimecast platform, based on the input parameters you have specified track_message
Investigation
Get Aliases Retrieves the alias address(es) associated with a user from Mimecast, based on the email address you have specified. get_aliases
Investigation

operation: Create Blocked Sender Policy

Input parameters

Parameter Description
Action The block option or action to be taken. Choose from one of the following: Blocked Sender or No Action.
Description Description of the blocked sender policy that you want to create on the Mimecast server. This description is kept with the email in the Archive for future reference.
Sender Type Type of sender that you are blocking using this blocked sender policy. Choose from one of the following: Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address.
Sender Value (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.  
  • If you have selected Sender Type as Email Domain, then enter a domain name in this field without the @ symbol.  
  • If you have selected Sender Type as Profile Group, then enter the ID of the profile group in this field.  
  • If you have selected Sender Type as Individual Email Address, then enter an email address in this field.
Addresses Based on Addresses based on which you will block the sender using this blocked sender policy. Choose from one of the following: Envelope From, Header From, or Both.
Receiver Type Type of receiver included in this blocked sender policy. Choose from one of the following: Everyone, Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address.
Receiver Value (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.
  • If you have selected Receiver Type as Email Domain, then enter a domain name in this field without the @ symbol.  
  • If you have selected Receiver Type as Profile Group, then enter the ID of the profile group in this field.  
  • If you have selected Receiver Type as Individual Email Address, then enter an email address in this field.
Source IP (Optional) CSV list of IP addresses that use the CIDR notation (X.X.X.X/XX). When you specify the source IP, then this blocked sender policy applies only for connections from matching IP addresses.

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "option": "",
             "policy": {
                 "fromType": "",
                 "fromValue": "",
                 "fromEternal": "",
                 "from": {
                     "emailDomain": "",
                     "type": "",
                     "groupId": "",
                     "emailAddress": ""
                 },
                 "fromPart": "",
                 "conditions": {
                     "sourceIPs": []
                 },
                 "toDate": "",
                 "fromDate": "",
                 "toType": "",
                 "override": "",
                 "bidirectional": "",
                 "toEternal": "",
                 "description": "",
                 "to": {
                     "emailDomain": "",
                     "type": "",
                     "groupId": "",
                     "emailAddress": ""
                 }
             },
             "id": ""
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Get Blocked Sender Policy

Input parameters

Parameter Description
Policy ID (Optional) Policy ID whose blocked sender details you want to retrieve from the Mimecast server.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "option": "",
             "policy": {
                 "fromType": "",
                 "from": {
                     "type": ""
                 },
                 "fromPart": "",
                 "conditions": {},
                 "toDate": "",
                 "fromDate": "",
                 "toType": "",
                 "override": "",
                 "bidirectional": "",
                 "toEternal": "",
                 "description": "",
                 "to": {
                     "type": ""
                 }
             },
             "id": ""
         }
     ],
     "fail": []
}

operation: Update Blocked Sender Policy

Input parameters

Parameter Description
Policy ID ID of the existing blocked sender policy that you want to update on Mimecast.
Action Block option or action to be taken. Choose from one of the following: Blocked Sender or No Action.
Description Description of the blocked sender policy that you want to update on the Mimecast server. This description is kept with the email in the Archive for future reference.
Sender Type Type of sender that you are blocking using this blocked sender policy. Choose from one of the following: Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address.
Sender Value (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.  
  • If you have selected Sender Type as Email Domain, then enter a domain name in this field without the @ symbol.  
  • If you have selected Sender Type as Profile Group, then enter the ID of the profile group in this field.  
  • If you have selected Sender Type as Individual Email Address, then enter an email address in this field.
Addresses Based on Addresses based on which you will block the sender using this blocked sender policy. Choose from one of the following: Envelope From, Header From, or Both.
Receiver Type Type of receiver included in this blocked sender policy. Choose from one of the following: Everyone, Internal Addresses, External Addresses, Email Domain, Profile Group, or Individual Email Address.
Receiver Value (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address, then you must specify the value in this field.
  • If you have selected Receiver Type as Email Domain, then enter a domain name in this field without the @ symbol.  
  • If you have selected Receiver Type as Profile Group, then enter the ID of the profile group in this field.  
  • If you have selected Receiver Type as Individual Email Address, then enter an email address in this field.
Source IP (Optional) CSV list of IP addresses that use the CIDR notation (X.X.X.X/XX). When you specify the source IP, then this blocked sender policy applies only for connections from matching IP addresses.

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "option": "",
             "policy": {
                 "fromType": "",
                 "fromValue": "",
                 "fromEternal": "",
                 "from": {
                     "type": "",
                     "emailAddress": ""
                 },
                 "description": "",
                 "conditions": {},
                 "toDate": "",
                 "toEternal": "",
                 "toType": "",
                 "override": "",
                 "bidirectional": "",
                 "fromDate": "",
                 "fromPart": "",
                 "to": {
                     "type": ""
                 }
             },
             "id": ""
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Delete Blocked Sender Policy

Input parameters

Parameter Description
Policy ID ID of the existing blocked sender policy that you want to delete from Mimecast.

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "id": "",
             "deleted": ""
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Create Group

Input parameters

Parameter Description
Description Description of the new group that you want to create on the Mimecast server.
Parent ID (Optional) ID of the parent group under which you want to create the new group on the Mimecast server.  
If you do not specify any parent ID, then the new group will be created at the root level on the Mimecast server.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "parentId": "",
             "source": "",
             "userCount": "",
             "folderCount": "",
             "description": "",
             "id": ""
         }
     ],
     "fail": []
}

operation: Find Groups

Input parameters

Parameter Description
Query Query string based on which you want to search for groups on the Mimecast server.  
Note: If you do not provide any query string then details of all existing groups are retrieved from the Mimecast server.
Source Source of the group based on which you want to search for groups on the Mimecast server. Choose from one of the following: Cloud or LDAP.
Page Size (Optional) Number of results that are requested by this operation.
Page Token (Optional) Value of the Next or Previous fields from an earlier request.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "pagination": {
             "pageSize": "",
             "previous": ""
         },
         "status": ""
     },
     "data": [
         {
             "folders": [
                 {
                     "parentId": "",
                     "source": "",
                     "userCount": "",
                     "folderCount": "",
                     "description": "",
                     "id": ""
                 }
             ],
             "query": "",
             "source": ""
         }
     ],
     "fail": []
}

operation: Update Group

Input parameters

Parameter Description
Group ID Mimecast ID of the group that you want to update on the Mimecast server.  
Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server.
Description (Optional) Updates the name of the group.
Parent ID (Optional) Updates the parent groups of the group specified in this operation.

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "folderCount": "",
             "parentId": "",
             "source": "",
             "userCount": "",
             "description": "",
             "id": ""
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Delete Group

Input parameters

Parameter Description
Group ID Mimecast ID of the group that you want to delete from the Mimecast server.  
Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "status": "",
             "id": ""
         }
     ],
     "fail": []
}

operation: Add Group Member

Input parameters

Parameter Description
Group ID Mimecast ID of the group in which you want to add a member (user).
Email Address CSV list of email addresses of users that you want to add to the specified group.  
Domain CSV list of domains of users that you want to add to the specified group.  

Output

The output contains the following populated JSON schema:
{
     "data": [
         {
             "folderId": "",
             "id": "",
             "internal": "",
             "domain": "",
             "emailAddress": ""
         }
     ],
     "fail": [
         {
             "errors": [
                 {
                     "message": "",
                     "retryable": "",
                     "code": ""
                 }
             ],
             "key": {
                 "emailAddress": "",
                 "id": "",
                 "domain": ""
             }
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Get Group Member

Input parameters

Parameter Description
Group ID Mimecast ID of the group whose member details you want to retrieve from the Mimecast server.
Page Size (Optional) Number of results that are requested by this operation.
Page Token (Optional) Value of the Next or Previous fields from an earlier request.

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "groupMembers": [
                 {
                     "internal": "",
                     "domain": "",
                     "type": "",
                     "name": "",
                     "emailAddress": ""
                 }
             ]
         }
     ],
     "meta": {
         "pagination": {
             "pageSize": ""
         },
         "status": ""
     }
}

operation: Remove Group Member

Input parameters

Parameter Description
Group ID Mimecast ID of the group from which you want to remove a member (user).
Email Address Email address of the user that you want to remove from the specified group.  
Note: You must specify either the email address or the domain of the user that you want to remove from the specified group.
Domain Domain of the user that you want to remove from the specified group.  

Output

The output contains the following populated JSON schema:
{
     "fail": [],
     "data": [
         {
             "domain": "",
             "id": "",
             "folderId": ""
         }
     ],
     "meta": {
         "status": ""
     }
}

operation: Block Sender

Input parameters

Parameter Description
Sender Email ID Email address of the sender to be blocked on the Mimecast server.
Recipient Email ID Email address of the recipient to be blocked on the Mimecast server.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "sender": "",
             "type": "",
             "id": "",
             "to": ""
         }
     ],
     "fail": []
}

operation: Unblock Sender

Input parameters

Parameter Description
Sender Email ID Email address of the sender to be unblocked on the Mimecast server.
Recipient Email ID Email address of the recipient to be unblocked on the Mimecast server.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "sender": "",
             "type": "",
             "id": "",
             "to": ""
         }
     ],
     "fail": []
}

operation: Get Managed URL

Input parameters

None.

Output

{
        "fail": [],
        "meta": {
          "status": "",
          "pagination": {
            "pageSize": "",
            "recordStart": "",
            "next": ""
          }
        },
        "data": [
          {
            "status": "",
            "received": "",
            "from": {
              "displayableName": "",
              "emailAddress": ""
            },
            "smash": "",
            "read": "",
            "attachmentCount": "",
            "ccm": "",
            "to": {
              "displayableName": "",
              "emailAddress": ""
            },
            "recalled": "",
            "subject": "",
            "expired": "",
            "id": "",
            "size": ""
          }
        ]
      }

operation: Blacklist URL

Input parameters

Parameter Description
URL URL that you want to blacklist on the Mimecast server.  
Note: Do not include a fragment (#)
Disable Log Click (Optional) Disables logging of user clicks on the specified URL.
By default, this is set to False.
Match Type (Optional) Select Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL with the same domain.
Comment (Optional) Comment about why you want to blacklist the specified URL on the Mimecast server. Comments are used for tracking purposes.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "comment": "",
             "disableRewrite": "",
             "scheme": "",
             "disableUserAwareness": "",
             "matchType": "",
             "port": "",
             "action": "",
             "id": "",
             "domain": "",
             "disableLogClick": ""
         }
     ],
     "fail": []
}

operation: Whitelist URL

Input parameters

Parameter Description
URL URL that you want to include in the targeted threat protection whitelist on the Mimecast server.  
Note: Do not include a fragment (#)
Disable Rewrite (Optional) Select this option to disable rewriting of the specified URL in emails.
Disable User Awareness (Optional) Select this option to disable user awareness of the specified URL.
Disable Log Click (Optional) Disables logging of user clicks on the specified URL.
By default, this is set to False.
Match Type (Optional) Select Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL with the same domain.
Comment (Optional) Comment about why you want to whitelist the specified URL on the Mimecast server. Comments are used for tracking purposes.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "comment": "",
             "disableRewrite": "",
             "scheme": "",
             "disableUserAwareness": "",
             "matchType": "",
             "port": "",
             "action": "",
             "id": "",
             "domain": "",
             "disableLogClick": ""
         }
     ],
     "fail": []
}

operation: Get Message List

Input parameters

Parameter Description
Mailbox Email address for which you want to retrieve the message list from Mimecast. If you do not specify any email address, then the message list for the logged in user are retrieved from Mimecast.
Source Type of message that you want to retrieve from Mimecast. Choose from the following options: INBOX or SENT.
By default, this is set as INBOX.
Start Time Start date of messages from when you want to retrieve messages from Mimecast.
By default, this is set as last calendar month.
End Time End date of messages till when you want to retrieve messages from Mimecast.
By default, this is set as current day.
Include Delegates Select this checkbox, i.e., set it to True to include messages for addresses for which the mailbox has delegate permissions.
By default, this is set as False.
Include Alias Select this checkbox, i.e., set it to True to include messages for alias addresses of the mailbox.
By default, this is set as True.
Page Token (Optional) Value of the Next or Previous fields from an earlier request.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "pagination": {
             "pageSize": "",
             "next": "",
             "recordStart": ""
         },
         "status": ""
     },
     "data": [
         {
             "received": "",
             "attachmentCount": "",
             "subject": "",
             "from": {
                 "emailAddress": "",
                 "displayableName": ""
             },
             "recalled": "",
             "status": "",
             "id": "",
             "read": "",
             "ccm": "",
             "smash": "",
             "expired": "",
             "to": {
                 "emailAddress": "",
                 "displayableName": ""
             },
             "size": ""
         }
     ],
     "fail": []
}

operation: Get Message Details

Input parameters

Parameter Description
Message ID Mimecast ID of the message whose metadata information you want to retrieve from the Mimecast archives.
Use the Get Message List operation to retrieve the message IDs for existing messages in the Mimecast archives.
Extract Attachment Data Select this option to extract attachments from emails and store those attachments in the FortiSOAR™ Attachments module.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "received": "",
             "headerDate": "",
             "mimeMessageId": "",
             "from": {
                 "emailAddress": "",
                 "displayableName": ""
             },
             "id": "",
             "status": "",
             "hasHtmlBody": "",
             "hasTextBody": "",
             "isPassthrough": "",
             "cc": [
                 {
                     "emailAddress": "",
                     "displayableName": ""
                 }
             ],
             "messageBodyPreview": "",
             "subject": "",
             "attachments": [
                 {
                     "contentType": "",
                     "extension": "",
                     "filename": "",
                     "contentId": "",
                     "sha256": "",
                     "id": "",
                     "bodyType": "",
                     "size": ""
                 }
             ],
             "envelopeFrom": {
                 "emailAddress": "",
                 "displayableName": ""
             },
             "smash": "",
             "headers": [
                 {
                     "values": [],
                     "name": ""
                 }
             ],
             "processed": "",
             "to": [
                 {
                     "emailAddress": "",
                     "displayableName": ""
                 }
             ],
             "size": "",
             "replyTo": {
                 "emailAddress": "",
                 "displayableName": ""
             }
         }
     ],
     "fail": []
}

operation: Get Tracked Message Info

Input parameters

Parameter Description
Message ID Mimecast ID of the message whose information you want to retrieve from Mimecast.
Use the Track Message operation to retrieve the message IDs for tracked messages.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "deliveredMessage": {
                 "user@domain.com": {
                     "messageInfo": {
                         "htmlBody": "",
                         "fromHeader": "",
                         "subject": "",
                         "sent": "",
                         "cc": [],
                         "fromEnvelope": "",
                         "attachments": [],
                         "route": "",
                         "processed": "",
                         "transmissionInfo": "",
                         "to": [],
                         "textBody": ""
                     },
                     "policyInfo": [
                         {
                             "policyType": "",
                             "policyName": "",
                             "inherited": ""
                         }
                     ],
                     "deliveryMetaInfo": {
                         "components": [
                             {
                                 "extension": "",
                                 "type": "",
                                 "mimeType": "",
                                 "name": "",
                                 "size": ""
                             }
                         ],
                         "transmissionEnd": "",
                         "transmissionStart": "",
                         "encryptionInfo": "",
                         "transmissionSize": "",
                         "remoteHost": "",
                         "emailAddress": "",
                         "remoteServerGreeting": "",
                         "deliveryEvent": "",
                         "processingServer": "",
                         "remoteIp": "",
                         "messageExpiresIn": "",
                         "receiptAcknowledgement": ""
                     }
                 }
             },
             "status": "",
             "id": "",
             "retentionInfo": {
                 "litigationHoldInfo": [],
                 "smartTags": [],
                 "fbrStamps": [],
                 "purgeBasedOn": "",
                 "fbrExpireCheck": [],
                 "currentPurgeDate": "",
                 "audits": [],
                 "originalPurgeDate": "",
                 "retentionAdjustmentDays": ""
             },
             "recipientInfo": {
                 "recipientMetaInfo": {
                     "components": [
                         {
                             "extension": "",
                             "type": "",
                             "mimeType": "",
                             "name": "",
                             "size": ""
                         }
                     ],
                     "receiptEvent": "",
                     "receiptAcknowledgement": "",
                     "remoteServerGreeting": "",
                     "encryptionInfo": "",
                     "transmissionSize": "",
                     "remoteHost": "",
                     "spamEvent": "",
                     "transmissionEnd": "",
                     "transmissionStart": "",
                     "processingServer": "",
                     "messageExpiresIn": "",
                     "binaryEmailSize": "",
                     "remoteIp": ""
                 },
                 "messageInfo": {
                     "cc": [],
                     "htmlBody": "",
                     "fromEnvelope": "",
                     "attachments": [],
                     "subject": "",
                     "fromHeader": "",
                     "processed": "",
                     "transmissionInfo": "",
                     "to": [],
                     "textBody": "",
                     "sent": ""
                 }
             }
         }
     ],
     "fail": []
}

operation: Search Message

Input parameters

Parameter Description
Email ID Email address that is configured in Mimecast whose messages you want to search on Mimecast.
Search Text Filter text based on which you want to search for messages on Mimecast.
Admin Select this option, i.e., set it to True if this search is an administrative search.  
By default, this is set as False, i.e., the search is an end user search.
Show (Optional) Define the time period for which you want to query for messages received in the specified email address.
Page Token (Optional) Value of the Next or Previous fields from an earlier request.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "pagination": {
             "pageSize": "",
             "next": "",
             "recordStart": ""
         },
         "status": ""
     },
     "data": [
         {
             "subject": "",
             "smash": "",
             "size": "",
             "receiveddate": "",
             "attachmentcount": "",
             "status": "",
             "id": "",
             "displayto": "",
             "displayfrom": ""
         }
     ],
     "fail": []
}

operation: Track Message

Input parameters

Parameter Description
Sender Email ID Email address or domain of the sender of the messages that you want to track on Mimecast.
Recipient Email ID Email address or domain of the recipient of the messages that you want to track on Mimecast.
Subject Subject of the messages that you want to track on Mimecast.
Search Reason Reason for tracking the messages on Mimecast.
Sender IP Source IP address of the messages that you want to track on Mimecast.
Start Time Date and time from when you want to track messages on Mimecast.
End Time Date and time till when you want to track messages on Mimecast.
Message ID Internet message ID of the message that you want to track on Mimecast.

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "trackedEmails": [
                 {
                     "received": "",
                     "attachments": "",
                     "fromHdr": {
                         "emailAddress": "",
                         "displayableName": ""
                     },
                     "fromEnv": {
                         "emailAddress": "",
                         "displayableName": ""
                     },
                     "route": "",
                     "id": "",
                     "status": "",
                     "senderIP": "",
                     "to": [
                         {
                             "emailAddress": "",
                             "displayableName": ""
                         }
                     ],
                     "sent": "",
                     "subject": ""
                 }
             ]
         }
     ],
     "fail": []
}

operation: Get Aliases

Input parameters

Parameter Description
Email ID Primary email address of the user whose alias email addresses you want to retrieve from Mimecast

Output

The output contains the following populated JSON schema:
{
     "meta": {
         "status": ""
     },
     "data": [
         {
             "emailAddress": "",
             "aliases": [
                 {
                     "domain": "",
                     "type": "",
                     "emailAddress": "",
                     "displayName": "",
                     "isInternal": ""
                 }
             ]
         }
     ],
     "fail": []
}

Included playbooks

The Sample - Mimecast - 1.1.0 playbook collection comes bundled with the Mimecast connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Mimecast connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.