Mimecast specializes in cloud-based email management for Microsoft Exchange and Microsoft Office 365, and offers security, archiving, and continuity services to protect business mail.
This document provides information about the Mimecast connector, which facilitates automated interactions, with a Mimecast server using FortiSOAR™ playbooks. Add the Mimecast connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a sender to the blocked sender list on Mimecast or retrieving information about a tracked message from Mimecast.
Connector Version: 2.0.0
Authored By: Fortinet
Certified: No
Following enhancements have been made to the Mimecast connector in version 2.0.0:
Secret key
and Access Key
User Name
, Password
and Auth Type
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-mimecast
Following table illustrates permissions required for each action in this connector:
Action | Application Permissions |
---|---|
Create Blocked Sender Policy | Gateway | Policies | Edit |
Get Blocked Sender Policy | Gateway | Policies | Read |
Update Blocked Sender Policy | Gateway | Policies | Edit |
Delete Blocked Sender Policy | Gateway | Policies | Edit |
Create Group | Directories | Groups | Edit |
Find Groups | Directories | Groups | Edit |
Update Group | Directories | Groups | Edit |
Delete Group | Directories | Groups | Edit |
Add Group Member | Directories | Groups | Edit |
Get Group Member | Directories | Groups | Read |
Remove Group Member | Directories | Groups | Edit |
Block Sender | Gateway | Managed Senders | Edit |
Unblock Sender | Gateway | Managed Senders | Edit |
Get Managed URL | Services | Targeted Threat Protection - URL Protect | Edit |
Blacklist URL | Services | Targeted Threat Protection - URL Protect | Edit |
Whitelist URL | Services | Targeted Threat Protection - URL Protect | Edit |
Decode URL | Account | Dashboard | Read |
Get Search URL Logs | Archive | Search Logs | Read |
Get TTP URL Logs | Monitoring | URL Protection | Read |
Get Message List | Archive | Search | Read |
Archive Search | Archive | Search | Read |
Message Search | Gateway | Tracking | Read |
Get Archive Search Message Details | Archive | Search Content View |
Get Message Info | Gateway | Tracking | Read |
Get Aliases | Directories | Internal | Read |
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Mimecast connector card. On the connector popup, click the Configurations tab to enter the required configuration details:
Parameter | Description |
---|---|
Server URL | The URL of the Mimecast server to which you will connect and perform automated operations. |
Application ID | The Mimecast API application has a unique API Application ID that is used to create an authentication token that you can use to access the API. |
Application Key | The Mimecast API application has a unique API Application Key that is used to create an authentication token that you can use to access the API. |
Access Key | Specify an access key to access the API |
Secret Key | Specify a secret key to access the API |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to True . |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Create Blocked Sender Policy | Creates a policy for blocking senders on the Mimecast server. | create_policy Containment |
Get Blocked Sender Policy | Retrieves a list and details of all blocked sender policies for a Mimecast account from the Mimecast server, or retrieves the details of a specific policy based on the policy ID you have specified. | get_policy Investigation |
Update Blocked Sender Policy | Updates an existing blocked sender policy from a Mimecast account on the Mimecast server, based on the policy id, action, and other input parameters you have specified. | update_policy Miscellaneous |
Delete Blocked Sender Policy | Deletes an existing blocked sender policy from a Mimecast account on the Mimecast server, based on the policy id you have specified. | delete_policy Miscellaneous |
Create Group | Creates a new group on the Mimecast server. | create_group Containment |
Delete Group | Deletes an existing group from the Mimecast server. | delete_group Miscellaneous |
Find Groups | Retrieves details of existing Mimecast groups from the Mimecast server, based on the input parameters (filter criteria) you have specified. If you do not specify any filter criteria, then details of all existing groups are retrieved from the Mimecast server. |
get_groups Investigation |
Update Group | Updates a group on the Mimecast server, based on the input parameters you have specified. | update_group Investigation |
Add Group Member | Adds members (users) to the specified group on the Mimecast server, based on the CSV list of email addresses or domains of the users you have specified. | add_group_member Investigation |
Get Group Member | Retrieves details of the members of a specific group on the Mimecast server, based on the group ID you have specified. | get_group_member Investigation |
Remove Group Member | Removes a member from the specified group on the Mimecast server, based on the email address or the domain of the user you have specified. | remove_group_member Remediation |
Block Sender | Adds a sender to the blocked sender list on the Mimecast server. | block_sender Containment |
Unblock Sender | Adds a sender to the permitted sender list on the Mimecast server. | unblock_sender Remediation |
Blacklist URL | Adds a URL to be blacklisted on the Mimecast server. | block_url Containment |
Whitelist URL | Adds a URL to the targeted threat protection whitelist on the Mimecast server. | unblock_url Remediation |
Decode URL | Decodes a Mimecast-encoded URL that you have specified. | decode_url Investigation |
Get Search URL Logs | Retrieves all the search URL Logs or specific search URL logs from Mimecast based on filtration query and other parameters you have specified. | get_search_url_logs Investigation |
Get TTP URL Logs | Retrieves all the TTP URL Logs or specific TTP URL logs from Mimecast based on the input parameters you have specified. | get_ttp_url_logs Investigation |
Get Managed URL | Retrieves a list and details of managed URLs from the targeted threat protection blacklist or whitelist on the Mimecast server. | get_managed_url Investigation |
Get Message List | Retrieves a list of messages for a specified user or the logged-in user from Mimecast. | get_message_list Investigation |
Get Archive Search Message Details | Retrieves metadata for a message from the Mimecast archives, based on the message ID you have specified. | get_archive_search_message_detail Investigation |
Get Message Info | Retrieves information for a tracked message from Mimecast, based on the Mimecast ID you have specified. | get_tracked_message_info Investigation |
Archive Search | Retrieves a list of messages from Mimecast that match the search criteria that you have specified. | archive_search Investigation |
Message Search | Tracks messages across the Mimecast platform, based on the input parameters you have specified | message_search Investigation |
Get Aliases | Retrieves the alias address(es) associated with a user from Mimecast, based on the email address you have specified. | get_aliases Investigation |
Parameter | Description |
---|---|
Action | Specify the action to take. You can choose from the following options:
|
Description | Specify a description of the blocked sender policy that you want to create on the Mimecast server. This description is kept with the email in the Archive for future reference. |
Sender Type | Specify the sender type being blocked using this blocked sender policy. Select from the following options:
|
Sender Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address as Sender Type, then you must specify a value in this field.
|
Addresses Based on | Specify the addresses based on which you will block the sender using this blocked sender policy. Choose one of the following options:
|
Receiver Type | Specify the receiver type included in this blocked sender policy. Select from the following options:
|
Receiver Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address as Receiver Type, then you must specify the value in this field.
|
Source IP | (Optional) Specify a list of IP addresses that use the CIDR notation (X.X.X.X/XX ), as comma-separated values. When you specify the source IP, then this blocked sender policy applies only to connections from matching IP addresses. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"option": "",
"policy": {
"fromType": "",
"fromValue": "",
"fromEternal": "",
"from": {
"emailDomain": "",
"type": "",
"groupId": "",
"emailAddress": ""
},
"fromPart": "",
"conditions": {
"sourceIPs": []
},
"toDate": "",
"fromDate": "",
"toType": "",
"override": "",
"bidirectional": "",
"toEternal": "",
"description": "",
"to": {
"emailDomain": "",
"type": "",
"groupId": "",
"emailAddress": ""
}
},
"id": ""
}
],
"meta": {
"status": ""
}
}
Parameter | Description |
---|---|
Policy ID | (Optional) Specify the ID of the policy whose blocked sender details you want to retrieve from the Mimecast server. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"option": "",
"policy": {
"fromType": "",
"from": {
"type": ""
},
"fromPart": "",
"conditions": {},
"toDate": "",
"fromDate": "",
"toType": "",
"override": "",
"bidirectional": "",
"toEternal": "",
"description": "",
"to": {
"type": ""
}
},
"id": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Policy ID | Specify the ID of the existing blocked sender policy that you want to update on Mimecast. |
Action | Specify the block option or action to update on Mimecast. Choose from one of the following: Blocked Sender or No Action. |
Description | Specify a description of the blocked sender policy that you want to update on the Mimecast server. This description is kept with the email in the Archive for future reference. |
Sender Type | Specify the sender type being blocked using this blocked sender policy. Select from the following options:
|
Sender Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address as Sender Type, then you must specify a value in this field.
|
Addresses Based on | Specify the addresses based on which you will block the sender using this blocked sender policy. Choose one of the following options:
|
Receiver Type | Specify the receiver type included in this blocked sender policy. Select from the following options:
|
Receiver Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address as Receiver Type, then you must specify the value in this field.
|
Source IP | (Optional) Specify a list of IP addresses that use the CIDR notation (X.X.X.X/XX ), as comma-separated values. When you specify the source IP, then this blocked sender policy applies only to connections from matching IP addresses. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"option": "",
"policy": {
"fromType": "",
"fromValue": "",
"fromEternal": "",
"from": {
"type": "",
"emailAddress": ""
},
"description": "",
"conditions": {},
"toDate": "",
"toEternal": "",
"toType": "",
"override": "",
"bidirectional": "",
"fromDate": "",
"fromPart": "",
"to": {
"type": ""
}
},
"id": ""
}
],
"meta": {
"status": ""
}
}
Parameter | Description |
---|---|
Policy ID | Specify the ID of the existing blocked sender policy that you want to delete from Mimecast. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"id": "",
"deleted": ""
}
],
"meta": {
"status": ""
}
}
Parameter | Description |
---|---|
Description | Specify a description of the new group that you want to create on the Mimecast server. |
Parent ID | (Optional) Specify the ID of the parent group under which you want to create the new group on the Mimecast server. If you do not specify a parent ID, then the new group will be created at the root level on the Mimecast server. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"parentId": "",
"source": "",
"userCount": "",
"folderCount": "",
"description": "",
"id": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Query | Specify the query string using which you want to search for groups on the Mimecast server. Note: If you do not provide any query string then details of all existing groups are retrieved from the Mimecast server. |
Source | Specify the source of the group based on which you want to search for groups on the Mimecast server. Choose from one of the following: Cloud or LDAP. |
Page Size | (Optional) Specify the number of results that are requested by this operation. |
Page Token | (Optional) Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"meta": {
"pagination": {
"pageSize": "",
"previous": ""
},
"status": ""
},
"data": [
{
"folders": [
{
"parentId": "",
"source": "",
"userCount": "",
"folderCount": "",
"description": "",
"id": ""
}
],
"query": "",
"source": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Group ID | Specify the Mimecast ID of the group that you want to update on the Mimecast server. Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server. |
Description | (Optional) Specify the description to update the group specified in this operation. |
Parent ID | (Optional) Specify the ID to update as the parent of the group specified in this operation. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"folderCount": "",
"parentId": "",
"source": "",
"userCount": "",
"description": "",
"id": ""
}
],
"meta": {
"status": ""
}
}
Parameter | Description |
---|---|
Group ID | Specify the Mimecast ID of the group that you want to delete from the Mimecast server. Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"status": "",
"id": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Group ID | Specify the Mimecast ID of the group in which you want to add the user. |
Email Address | Specify a comma-separated list of email addresses that you want to add to the specified group.
NOTE: To add members to a group, you can specify a CSV list of email addresses of users or domains of users, or both. However, in one go, you can add a maximum of 100 members to a group. |
Domain | Specify a comma-separated list of domains of users that you want to add to the specified group. |
The output contains the following populated JSON schema if you have specified the CSV list of domains of users:
{
"meta": {
"status": ""
},
"data": [
{
"id": "",
"folderId": "",
"domain": ""
}
],
"fail": [
{
"key": {
"domain": "",
"id": ""
},
"errors": [
{
"code": "",
"message": "",
"retryable": ""
}
]
}
],
"major_fail": [
{
"key": {
"domain": "",
"id": ""
},
"errors": [
{
"message": "",
"code": "",
"field": "",
"retryable": ""
}
]
}
]
}
Parameter | Description |
---|---|
Group ID | Specify the Mimecast ID of the group whose member details you want to retrieve from the Mimecast server. |
Page Size | (Optional) Specify the number of results that are requested by this operation. |
Page Token | (Optional) Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"groupMembers": [
{
"internal": "",
"domain": "",
"type": "",
"name": "",
"emailAddress": ""
}
]
}
],
"meta": {
"pagination": {
"pageSize": ""
},
"status": ""
}
}
Parameter | Description |
---|---|
Group ID | Specify the Mimecast ID of the group from which you want to remove a member (user). |
Email Address | Specify the email address of the user that you want to remove from the specified group.
NOTE: You must specify either the email address or the domain of the user that you want to remove from the specified group. |
Domain | Specify the domain of the user that you want to remove from the specified group. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"domain": "",
"id": "",
"folderId": ""
}
],
"meta": {
"status": ""
}
}
Parameter | Description |
---|---|
Sender Email ID | Specify the email address of the sender that you want to block on the Mimecast server. |
Recipient Email ID | Specify the email address of the recipient that you want to block on the Mimecast server. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"sender": "",
"type": "",
"id": "",
"to": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Sender Email ID | Specify the email address of the sender that you want to unblock on the Mimecast server. |
Recipient Email ID | Specify the email address of the recipient that you want to unblock on the Mimecast server. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"sender": "",
"type": "",
"id": "",
"to": ""
}
],
"fail": []
}
None.
The output contains the following populated JSON schema:
{
"fail": [],
"meta": {
"status": "",
"pagination": {
"pageSize": "",
"recordStart": "",
"next": ""
}
},
"data": [
{
"status": "",
"received": "",
"from": {
"displayableName": "",
"emailAddress": ""
},
"smash": "",
"read": "",
"attachmentCount": "",
"ccm": "",
"to": {
"displayableName": "",
"emailAddress": ""
},
"recalled": "",
"subject": "",
"expired": "",
"id": "",
"size": ""
}
]
}
Parameter | Description |
---|---|
URL | Specify the URL that you want to blacklist on the Mimecast server. Note: Do not include a fragment (#) |
Disable Log Click | (Optional) Select to disable logging of user clicks on the specified URL. By default, this is set to False . |
Match Type | (Optional) Select from the following options to Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL on the same domain. |
Comment | (Optional) Specify a comment about why you want to blacklist the specified URL on the Mimecast server. Comments are used for tracking purposes. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"comment": "",
"disableRewrite": "",
"scheme": "",
"disableUserAwareness": "",
"matchType": "",
"port": "",
"action": "",
"id": "",
"domain": "",
"disableLogClick": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
URL | Specify the URL that you want to include in the targeted threat protection whitelist on the Mimecast server. Note: Do not include a fragment (#) |
Disable Rewrite | (Optional) Select this option to disable rewriting of the specified URL in emails. |
Disable User Awareness | (Optional) Select this option to disable user awareness of the specified URL. |
Disable Log Click | (Optional) Select to disable logging of user clicks on the specified URL. By default, this is set to False. |
Match Type | (Optional) Select Explicit to explicitly whitelist only the specified URL or Domain to whitelist any URL on the same domain. |
Comment | (Optional) Specify a comment about why you want to whitelist the specified URL on the Mimecast server. Comments are used for tracking purposes. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"comment": "",
"disableRewrite": "",
"scheme": "",
"disableUserAwareness": "",
"matchType": "",
"port": "",
"action": "",
"id": "",
"domain": "",
"disableLogClick": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Mailbox | Specify the email address for which you want to retrieve the message list from Mimecast. Note: If you do not specify any email address, then the message list for the logged-in user is retrieved from Mimecast. |
Source | Specify the type of message that you want to retrieve from Mimecast. Choose from the following options: INBOX or SENT. By default, this is set as INBOX. |
Start Time | Specify a start date from when you want to retrieve messages from Mimecast. By default, this is set as the last calendar month. |
End Time | Specify an end date till when you want to retrieve messages from Mimecast. By default, this is set as the current day. |
Include Delegates | Select this checkbox, i.e., set it to True to include messages for addresses for which the mailbox has delegate permissions. By default, this is set as False. |
Include Alias | Select this checkbox, i.e., set it to True to include messages for alias addresses of the mailbox. By default, this is set as True. |
Page Token | (Optional) Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"meta": {
"pagination": {
"pageSize": "",
"next": "",
"recordStart": ""
},
"status": ""
},
"data": [
{
"received": "",
"attachmentCount": "",
"subject": "",
"from": {
"emailAddress": "",
"displayableName": ""
},
"recalled": "",
"status": "",
"id": "",
"read": "",
"ccm": "",
"smash": "",
"expired": "",
"to": {
"emailAddress": "",
"displayableName": ""
},
"size": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Mimecast ID | Specify the Mimecast ID of the message whose metadata information you want to retrieve from the Mimecast archives. Use the Archive Search operation to retrieve the message IDs for existing messages in the Mimecast archives. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"received": "",
"headerDate": "",
"mimeMessageId": "",
"from": {
"emailAddress": "",
"displayableName": ""
},
"id": "",
"status": "",
"hasHtmlBody": "",
"hasTextBody": "",
"isPassthrough": "",
"cc": [
{
"emailAddress": "",
"displayableName": ""
}
],
"messageBodyPreview": "",
"subject": "",
"attachments": [
{
"contentType": "",
"extension": "",
"filename": "",
"contentId": "",
"sha256": "",
"id": "",
"bodyType": "",
"size": ""
}
],
"envelopeFrom": {
"emailAddress": "",
"displayableName": ""
},
"smash": "",
"headers": [
{
"values": [],
"name": ""
}
],
"processed": "",
"to": [
{
"emailAddress": "",
"displayableName": ""
}
],
"size": "",
"replyTo": {
"emailAddress": "",
"displayableName": ""
}
}
],
"fail": []
}
Parameter | Description |
---|---|
Mimecast ID | Specify the Mimecast ID of the message whose information you want to retrieve from Mimecast. Use the Message Search operation to retrieve the message IDs for tracked messages. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"deliveredMessage": {
"user@domain.com": {
"messageInfo": {
"htmlBody": "",
"fromHeader": "",
"subject": "",
"sent": "",
"cc": [],
"fromEnvelope": "",
"attachments": [],
"route": "",
"processed": "",
"transmissionInfo": "",
"to": [],
"textBody": ""
},
"policyInfo": [
{
"policyType": "",
"policyName": "",
"inherited": ""
}
],
"deliveryMetaInfo": {
"components": [
{
"extension": "",
"type": "",
"mimeType": "",
"name": "",
"size": ""
}
],
"transmissionEnd": "",
"transmissionStart": "",
"encryptionInfo": "",
"transmissionSize": "",
"remoteHost": "",
"emailAddress": "",
"remoteServerGreeting": "",
"deliveryEvent": "",
"processingServer": "",
"remoteIp": "",
"messageExpiresIn": "",
"receiptAcknowledgement": ""
}
}
},
"status": "",
"id": "",
"retentionInfo": {
"litigationHoldInfo": [],
"smartTags": [],
"fbrStamps": [],
"purgeBasedOn": "",
"fbrExpireCheck": [],
"currentPurgeDate": "",
"audits": [],
"originalPurgeDate": "",
"retentionAdjustmentDays": ""
},
"recipientInfo": {
"recipientMetaInfo": {
"components": [
{
"extension": "",
"type": "",
"mimeType": "",
"name": "",
"size": ""
}
],
"receiptEvent": "",
"receiptAcknowledgement": "",
"remoteServerGreeting": "",
"encryptionInfo": "",
"transmissionSize": "",
"remoteHost": "",
"spamEvent": "",
"transmissionEnd": "",
"transmissionStart": "",
"processingServer": "",
"messageExpiresIn": "",
"binaryEmailSize": "",
"remoteIp": ""
},
"messageInfo": {
"cc": [],
"htmlBody": "",
"fromEnvelope": "",
"attachments": [],
"subject": "",
"fromHeader": "",
"processed": "",
"transmissionInfo": "",
"to": [],
"textBody": "",
"sent": ""
}
}
}
],
"fail": []
}
Parameter | Description |
---|---|
Email ID | Specify the email address that is configured in Mimecast whose messages you want to search on Mimecast. |
Search Text | Specify the text to filter the search for messages on Mimecast. |
Admin | Select this option, i.e., set it to True if this search is an administrative search. By default, this is set as False, i.e., the search is an end-user search. |
Time Period | (Optional) Specify the time period for which you want to query messages received in the specified email address. You can choose from the following options: Today, Yesterday, Last Week, Last Month, Last Year, or Between. If you choose Between, then in the From field, you should specify the start date and time from when you want to query for messages received in the specified email address, and in the To field, you should specify the end date and time till when you want to query for messages received in the specified email address. |
Document Type | (Optional) Select the type of document (attachment) for which you want to query for messages received in the specified email address. Some of the options you can choose from are Spreadsheets, Documents, Text, Media, etc. |
Page Token | (Optional) Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"meta": {
"pagination": {
"pageSize": "",
"next": "",
"recordStart": ""
},
"status": ""
},
"data": [
{
"subject": "",
"smash": "",
"size": "",
"receiveddate": "",
"attachmentcount": "",
"status": "",
"id": "",
"displayto": "",
"displayfrom": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Sender Email ID | Specify the email address or domain of the sender of the messages that you want to track on Mimecast. |
Recipient Email ID | Specify the email address or domain of the recipient of the messages that you want to track on Mimecast. |
Subject | Specify the subject of the messages that you want to track on Mimecast. |
Message ID | Specify the Internet message ID of the message whose message details you want to track on Mimecast. For example, <CALEwL_b_JJ_OfLw5S9vH34cnvAUowaQ24PhOePtkGUa6WV3QFw@mail.gmail.com> |
Sender IP | Specify the source IP address of the sender of the messages that you want to track on Mimecast. |
Search Reason | Specify the reason for tracking the messages on Mimecast. |
Start Time | Specify the date and time from when you want to search messages on Mimecast. |
End Time | Specify the date and time till when you want to search messages on Mimecast. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"trackedEmails": [
{
"received": "",
"attachments": "",
"fromHdr": {
"emailAddress": "",
"displayableName": ""
},
"fromEnv": {
"emailAddress": "",
"displayableName": ""
},
"route": "",
"id": "",
"status": "",
"senderIP": "",
"to": [
{
"emailAddress": "",
"displayableName": ""
}
],
"sent": "",
"subject": ""
}
]
}
],
"fail": []
}
Parameter | Description |
---|---|
Email ID | Specify the primary email address of the user whose alias email addresses you want to retrieve from Mimecast |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"emailAddress": "",
"aliases": [
{
"domain": "",
"type": "",
"emailAddress": "",
"displayName": "",
"isInternal": ""
}
]
}
],
"fail": []
}
Parameter | Description |
---|---|
Encoded URL | Specify the Mimecast-encoded URL, for example, https://protect-xx.mimecast.com/... you want to decode. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"url": "",
"success": ""
}
],
"meta": {
"status": ""
}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list, i.e., all Search URL Logs are fetched from Mimecast.
Parameter | Description |
---|---|
Query | Specify the query string using which you want to search for URL Logs on the Mimecast server. Note: If you do not provide any query string then details of all existing Search URLs Logs are retrieved from the Mimecast server. |
Start Time | Specify the date and time from when you want to search URL logs on Mimecast. Defaults to the start of the current day. |
End Time | Specify the date and time till when you want to search URL logs on Mimecast. Defaults to the end of the current day. |
Page Size | Specify the number of results that are requested by this operation. |
Page Token | Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"logs": [
{
"searchText": "",
"description": "",
"searchReason": "",
"museQuery": "",
"emailAddr": "",
"source": "",
"isAdmin": "",
"searchPath": "",
"createTime": ""
}
]
}
],
"meta": {
"status": "",
"pagination": {
"pageSize": "",
"next": ""
}
}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list, i.e., all TTP URL Logs are fetched from Mimecast.
Parameter | Description |
---|---|
Oldest First | Select this option to order results with the most recent first. By default, this is set to False. |
Route | Select the route by which you want to filter the TTP URL logs. You can choose from the following options: inbound, outbound, internal, or all. Defaults to 'all'. |
Start Time | Specify the date and time from when you want to search TTP URL logs on Mimecast. Defaults to the start of the current day. |
End Time | Specify the date and time till when you want to search TTP URL logs on Mimecast. Defaults to the time of the request. |
Scan Result | Select the scan result by which you want to filter the TTP URL logs. You can choose from the following options: clean, malicious, or all. Defaults to 'all'. |
Page Size | Specify the number of results that are requested by this operation. |
Page Token | Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"source": "",
"folders": [
{
"folderCount": "",
"parentId": "",
"userCount": "",
"source": "",
"description": "",
"id": ""
}
],
"query": ""
}
],
"meta": {
"status": "",
"pagination": {
"previous": "",
"pageSize": ""
}
}
}
The Sample - Mimecast - 2.0.0
playbook collection comes bundled with the Mimecast connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Mimecast connector.
NOTE: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
Mimecast specializes in cloud-based email management for Microsoft Exchange and Microsoft Office 365, and offers security, archiving, and continuity services to protect business mail.
This document provides information about the Mimecast connector, which facilitates automated interactions, with a Mimecast server using FortiSOAR™ playbooks. Add the Mimecast connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a sender to the blocked sender list on Mimecast or retrieving information about a tracked message from Mimecast.
Connector Version: 2.0.0
Authored By: Fortinet
Certified: No
Following enhancements have been made to the Mimecast connector in version 2.0.0:
Secret key
and Access Key
User Name
, Password
and Auth Type
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-mimecast
Following table illustrates permissions required for each action in this connector:
Action | Application Permissions |
---|---|
Create Blocked Sender Policy | Gateway | Policies | Edit |
Get Blocked Sender Policy | Gateway | Policies | Read |
Update Blocked Sender Policy | Gateway | Policies | Edit |
Delete Blocked Sender Policy | Gateway | Policies | Edit |
Create Group | Directories | Groups | Edit |
Find Groups | Directories | Groups | Edit |
Update Group | Directories | Groups | Edit |
Delete Group | Directories | Groups | Edit |
Add Group Member | Directories | Groups | Edit |
Get Group Member | Directories | Groups | Read |
Remove Group Member | Directories | Groups | Edit |
Block Sender | Gateway | Managed Senders | Edit |
Unblock Sender | Gateway | Managed Senders | Edit |
Get Managed URL | Services | Targeted Threat Protection - URL Protect | Edit |
Blacklist URL | Services | Targeted Threat Protection - URL Protect | Edit |
Whitelist URL | Services | Targeted Threat Protection - URL Protect | Edit |
Decode URL | Account | Dashboard | Read |
Get Search URL Logs | Archive | Search Logs | Read |
Get TTP URL Logs | Monitoring | URL Protection | Read |
Get Message List | Archive | Search | Read |
Archive Search | Archive | Search | Read |
Message Search | Gateway | Tracking | Read |
Get Archive Search Message Details | Archive | Search Content View |
Get Message Info | Gateway | Tracking | Read |
Get Aliases | Directories | Internal | Read |
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Mimecast connector card. On the connector popup, click the Configurations tab to enter the required configuration details:
Parameter | Description |
---|---|
Server URL | The URL of the Mimecast server to which you will connect and perform automated operations. |
Application ID | The Mimecast API application has a unique API Application ID that is used to create an authentication token that you can use to access the API. |
Application Key | The Mimecast API application has a unique API Application Key that is used to create an authentication token that you can use to access the API. |
Access Key | Specify an access key to access the API |
Secret Key | Specify a secret key to access the API |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to True . |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Create Blocked Sender Policy | Creates a policy for blocking senders on the Mimecast server. | create_policy Containment |
Get Blocked Sender Policy | Retrieves a list and details of all blocked sender policies for a Mimecast account from the Mimecast server, or retrieves the details of a specific policy based on the policy ID you have specified. | get_policy Investigation |
Update Blocked Sender Policy | Updates an existing blocked sender policy from a Mimecast account on the Mimecast server, based on the policy id, action, and other input parameters you have specified. | update_policy Miscellaneous |
Delete Blocked Sender Policy | Deletes an existing blocked sender policy from a Mimecast account on the Mimecast server, based on the policy id you have specified. | delete_policy Miscellaneous |
Create Group | Creates a new group on the Mimecast server. | create_group Containment |
Delete Group | Deletes an existing group from the Mimecast server. | delete_group Miscellaneous |
Find Groups | Retrieves details of existing Mimecast groups from the Mimecast server, based on the input parameters (filter criteria) you have specified. If you do not specify any filter criteria, then details of all existing groups are retrieved from the Mimecast server. |
get_groups Investigation |
Update Group | Updates a group on the Mimecast server, based on the input parameters you have specified. | update_group Investigation |
Add Group Member | Adds members (users) to the specified group on the Mimecast server, based on the CSV list of email addresses or domains of the users you have specified. | add_group_member Investigation |
Get Group Member | Retrieves details of the members of a specific group on the Mimecast server, based on the group ID you have specified. | get_group_member Investigation |
Remove Group Member | Removes a member from the specified group on the Mimecast server, based on the email address or the domain of the user you have specified. | remove_group_member Remediation |
Block Sender | Adds a sender to the blocked sender list on the Mimecast server. | block_sender Containment |
Unblock Sender | Adds a sender to the permitted sender list on the Mimecast server. | unblock_sender Remediation |
Blacklist URL | Adds a URL to be blacklisted on the Mimecast server. | block_url Containment |
Whitelist URL | Adds a URL to the targeted threat protection whitelist on the Mimecast server. | unblock_url Remediation |
Decode URL | Decodes a Mimecast-encoded URL that you have specified. | decode_url Investigation |
Get Search URL Logs | Retrieves all the search URL Logs or specific search URL logs from Mimecast based on filtration query and other parameters you have specified. | get_search_url_logs Investigation |
Get TTP URL Logs | Retrieves all the TTP URL Logs or specific TTP URL logs from Mimecast based on the input parameters you have specified. | get_ttp_url_logs Investigation |
Get Managed URL | Retrieves a list and details of managed URLs from the targeted threat protection blacklist or whitelist on the Mimecast server. | get_managed_url Investigation |
Get Message List | Retrieves a list of messages for a specified user or the logged-in user from Mimecast. | get_message_list Investigation |
Get Archive Search Message Details | Retrieves metadata for a message from the Mimecast archives, based on the message ID you have specified. | get_archive_search_message_detail Investigation |
Get Message Info | Retrieves information for a tracked message from Mimecast, based on the Mimecast ID you have specified. | get_tracked_message_info Investigation |
Archive Search | Retrieves a list of messages from Mimecast that match the search criteria that you have specified. | archive_search Investigation |
Message Search | Tracks messages across the Mimecast platform, based on the input parameters you have specified | message_search Investigation |
Get Aliases | Retrieves the alias address(es) associated with a user from Mimecast, based on the email address you have specified. | get_aliases Investigation |
Parameter | Description |
---|---|
Action | Specify the action to take. You can choose from the following options:
|
Description | Specify a description of the blocked sender policy that you want to create on the Mimecast server. This description is kept with the email in the Archive for future reference. |
Sender Type | Specify the sender type being blocked using this blocked sender policy. Select from the following options:
|
Sender Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address as Sender Type, then you must specify a value in this field.
|
Addresses Based on | Specify the addresses based on which you will block the sender using this blocked sender policy. Choose one of the following options:
|
Receiver Type | Specify the receiver type included in this blocked sender policy. Select from the following options:
|
Receiver Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address as Receiver Type, then you must specify the value in this field.
|
Source IP | (Optional) Specify a list of IP addresses that use the CIDR notation (X.X.X.X/XX ), as comma-separated values. When you specify the source IP, then this blocked sender policy applies only to connections from matching IP addresses. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"option": "",
"policy": {
"fromType": "",
"fromValue": "",
"fromEternal": "",
"from": {
"emailDomain": "",
"type": "",
"groupId": "",
"emailAddress": ""
},
"fromPart": "",
"conditions": {
"sourceIPs": []
},
"toDate": "",
"fromDate": "",
"toType": "",
"override": "",
"bidirectional": "",
"toEternal": "",
"description": "",
"to": {
"emailDomain": "",
"type": "",
"groupId": "",
"emailAddress": ""
}
},
"id": ""
}
],
"meta": {
"status": ""
}
}
Parameter | Description |
---|---|
Policy ID | (Optional) Specify the ID of the policy whose blocked sender details you want to retrieve from the Mimecast server. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"option": "",
"policy": {
"fromType": "",
"from": {
"type": ""
},
"fromPart": "",
"conditions": {},
"toDate": "",
"fromDate": "",
"toType": "",
"override": "",
"bidirectional": "",
"toEternal": "",
"description": "",
"to": {
"type": ""
}
},
"id": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Policy ID | Specify the ID of the existing blocked sender policy that you want to update on Mimecast. |
Action | Specify the block option or action to update on Mimecast. Choose from one of the following: Blocked Sender or No Action. |
Description | Specify a description of the blocked sender policy that you want to update on the Mimecast server. This description is kept with the email in the Archive for future reference. |
Sender Type | Specify the sender type being blocked using this blocked sender policy. Select from the following options:
|
Sender Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address as Sender Type, then you must specify a value in this field.
|
Addresses Based on | Specify the addresses based on which you will block the sender using this blocked sender policy. Choose one of the following options:
|
Receiver Type | Specify the receiver type included in this blocked sender policy. Select from the following options:
|
Receiver Value | (Optional) If you have selected Email Domain, Profile Group, or Individual Email Address as Receiver Type, then you must specify the value in this field.
|
Source IP | (Optional) Specify a list of IP addresses that use the CIDR notation (X.X.X.X/XX ), as comma-separated values. When you specify the source IP, then this blocked sender policy applies only to connections from matching IP addresses. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"option": "",
"policy": {
"fromType": "",
"fromValue": "",
"fromEternal": "",
"from": {
"type": "",
"emailAddress": ""
},
"description": "",
"conditions": {},
"toDate": "",
"toEternal": "",
"toType": "",
"override": "",
"bidirectional": "",
"fromDate": "",
"fromPart": "",
"to": {
"type": ""
}
},
"id": ""
}
],
"meta": {
"status": ""
}
}
Parameter | Description |
---|---|
Policy ID | Specify the ID of the existing blocked sender policy that you want to delete from Mimecast. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"id": "",
"deleted": ""
}
],
"meta": {
"status": ""
}
}
Parameter | Description |
---|---|
Description | Specify a description of the new group that you want to create on the Mimecast server. |
Parent ID | (Optional) Specify the ID of the parent group under which you want to create the new group on the Mimecast server. If you do not specify a parent ID, then the new group will be created at the root level on the Mimecast server. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"parentId": "",
"source": "",
"userCount": "",
"folderCount": "",
"description": "",
"id": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Query | Specify the query string using which you want to search for groups on the Mimecast server. Note: If you do not provide any query string then details of all existing groups are retrieved from the Mimecast server. |
Source | Specify the source of the group based on which you want to search for groups on the Mimecast server. Choose from one of the following: Cloud or LDAP. |
Page Size | (Optional) Specify the number of results that are requested by this operation. |
Page Token | (Optional) Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"meta": {
"pagination": {
"pageSize": "",
"previous": ""
},
"status": ""
},
"data": [
{
"folders": [
{
"parentId": "",
"source": "",
"userCount": "",
"folderCount": "",
"description": "",
"id": ""
}
],
"query": "",
"source": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Group ID | Specify the Mimecast ID of the group that you want to update on the Mimecast server. Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server. |
Description | (Optional) Specify the description to update the group specified in this operation. |
Parent ID | (Optional) Specify the ID to update as the parent of the group specified in this operation. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"folderCount": "",
"parentId": "",
"source": "",
"userCount": "",
"description": "",
"id": ""
}
],
"meta": {
"status": ""
}
}
Parameter | Description |
---|---|
Group ID | Specify the Mimecast ID of the group that you want to delete from the Mimecast server. Use the Find Groups operation to retrieve the Group IDs for existing groups on the Mimecast server. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"status": "",
"id": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Group ID | Specify the Mimecast ID of the group in which you want to add the user. |
Email Address | Specify a comma-separated list of email addresses that you want to add to the specified group.
NOTE: To add members to a group, you can specify a CSV list of email addresses of users or domains of users, or both. However, in one go, you can add a maximum of 100 members to a group. |
Domain | Specify a comma-separated list of domains of users that you want to add to the specified group. |
The output contains the following populated JSON schema if you have specified the CSV list of domains of users:
{
"meta": {
"status": ""
},
"data": [
{
"id": "",
"folderId": "",
"domain": ""
}
],
"fail": [
{
"key": {
"domain": "",
"id": ""
},
"errors": [
{
"code": "",
"message": "",
"retryable": ""
}
]
}
],
"major_fail": [
{
"key": {
"domain": "",
"id": ""
},
"errors": [
{
"message": "",
"code": "",
"field": "",
"retryable": ""
}
]
}
]
}
Parameter | Description |
---|---|
Group ID | Specify the Mimecast ID of the group whose member details you want to retrieve from the Mimecast server. |
Page Size | (Optional) Specify the number of results that are requested by this operation. |
Page Token | (Optional) Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"groupMembers": [
{
"internal": "",
"domain": "",
"type": "",
"name": "",
"emailAddress": ""
}
]
}
],
"meta": {
"pagination": {
"pageSize": ""
},
"status": ""
}
}
Parameter | Description |
---|---|
Group ID | Specify the Mimecast ID of the group from which you want to remove a member (user). |
Email Address | Specify the email address of the user that you want to remove from the specified group.
NOTE: You must specify either the email address or the domain of the user that you want to remove from the specified group. |
Domain | Specify the domain of the user that you want to remove from the specified group. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"domain": "",
"id": "",
"folderId": ""
}
],
"meta": {
"status": ""
}
}
Parameter | Description |
---|---|
Sender Email ID | Specify the email address of the sender that you want to block on the Mimecast server. |
Recipient Email ID | Specify the email address of the recipient that you want to block on the Mimecast server. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"sender": "",
"type": "",
"id": "",
"to": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Sender Email ID | Specify the email address of the sender that you want to unblock on the Mimecast server. |
Recipient Email ID | Specify the email address of the recipient that you want to unblock on the Mimecast server. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"sender": "",
"type": "",
"id": "",
"to": ""
}
],
"fail": []
}
None.
The output contains the following populated JSON schema:
{
"fail": [],
"meta": {
"status": "",
"pagination": {
"pageSize": "",
"recordStart": "",
"next": ""
}
},
"data": [
{
"status": "",
"received": "",
"from": {
"displayableName": "",
"emailAddress": ""
},
"smash": "",
"read": "",
"attachmentCount": "",
"ccm": "",
"to": {
"displayableName": "",
"emailAddress": ""
},
"recalled": "",
"subject": "",
"expired": "",
"id": "",
"size": ""
}
]
}
Parameter | Description |
---|---|
URL | Specify the URL that you want to blacklist on the Mimecast server. Note: Do not include a fragment (#) |
Disable Log Click | (Optional) Select to disable logging of user clicks on the specified URL. By default, this is set to False . |
Match Type | (Optional) Select from the following options to Explicit to explicitly blacklist only the specified URL or Domain to blacklist any URL on the same domain. |
Comment | (Optional) Specify a comment about why you want to blacklist the specified URL on the Mimecast server. Comments are used for tracking purposes. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"comment": "",
"disableRewrite": "",
"scheme": "",
"disableUserAwareness": "",
"matchType": "",
"port": "",
"action": "",
"id": "",
"domain": "",
"disableLogClick": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
URL | Specify the URL that you want to include in the targeted threat protection whitelist on the Mimecast server. Note: Do not include a fragment (#) |
Disable Rewrite | (Optional) Select this option to disable rewriting of the specified URL in emails. |
Disable User Awareness | (Optional) Select this option to disable user awareness of the specified URL. |
Disable Log Click | (Optional) Select to disable logging of user clicks on the specified URL. By default, this is set to False. |
Match Type | (Optional) Select Explicit to explicitly whitelist only the specified URL or Domain to whitelist any URL on the same domain. |
Comment | (Optional) Specify a comment about why you want to whitelist the specified URL on the Mimecast server. Comments are used for tracking purposes. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"comment": "",
"disableRewrite": "",
"scheme": "",
"disableUserAwareness": "",
"matchType": "",
"port": "",
"action": "",
"id": "",
"domain": "",
"disableLogClick": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Mailbox | Specify the email address for which you want to retrieve the message list from Mimecast. Note: If you do not specify any email address, then the message list for the logged-in user is retrieved from Mimecast. |
Source | Specify the type of message that you want to retrieve from Mimecast. Choose from the following options: INBOX or SENT. By default, this is set as INBOX. |
Start Time | Specify a start date from when you want to retrieve messages from Mimecast. By default, this is set as the last calendar month. |
End Time | Specify an end date till when you want to retrieve messages from Mimecast. By default, this is set as the current day. |
Include Delegates | Select this checkbox, i.e., set it to True to include messages for addresses for which the mailbox has delegate permissions. By default, this is set as False. |
Include Alias | Select this checkbox, i.e., set it to True to include messages for alias addresses of the mailbox. By default, this is set as True. |
Page Token | (Optional) Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"meta": {
"pagination": {
"pageSize": "",
"next": "",
"recordStart": ""
},
"status": ""
},
"data": [
{
"received": "",
"attachmentCount": "",
"subject": "",
"from": {
"emailAddress": "",
"displayableName": ""
},
"recalled": "",
"status": "",
"id": "",
"read": "",
"ccm": "",
"smash": "",
"expired": "",
"to": {
"emailAddress": "",
"displayableName": ""
},
"size": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Mimecast ID | Specify the Mimecast ID of the message whose metadata information you want to retrieve from the Mimecast archives. Use the Archive Search operation to retrieve the message IDs for existing messages in the Mimecast archives. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"received": "",
"headerDate": "",
"mimeMessageId": "",
"from": {
"emailAddress": "",
"displayableName": ""
},
"id": "",
"status": "",
"hasHtmlBody": "",
"hasTextBody": "",
"isPassthrough": "",
"cc": [
{
"emailAddress": "",
"displayableName": ""
}
],
"messageBodyPreview": "",
"subject": "",
"attachments": [
{
"contentType": "",
"extension": "",
"filename": "",
"contentId": "",
"sha256": "",
"id": "",
"bodyType": "",
"size": ""
}
],
"envelopeFrom": {
"emailAddress": "",
"displayableName": ""
},
"smash": "",
"headers": [
{
"values": [],
"name": ""
}
],
"processed": "",
"to": [
{
"emailAddress": "",
"displayableName": ""
}
],
"size": "",
"replyTo": {
"emailAddress": "",
"displayableName": ""
}
}
],
"fail": []
}
Parameter | Description |
---|---|
Mimecast ID | Specify the Mimecast ID of the message whose information you want to retrieve from Mimecast. Use the Message Search operation to retrieve the message IDs for tracked messages. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"deliveredMessage": {
"user@domain.com": {
"messageInfo": {
"htmlBody": "",
"fromHeader": "",
"subject": "",
"sent": "",
"cc": [],
"fromEnvelope": "",
"attachments": [],
"route": "",
"processed": "",
"transmissionInfo": "",
"to": [],
"textBody": ""
},
"policyInfo": [
{
"policyType": "",
"policyName": "",
"inherited": ""
}
],
"deliveryMetaInfo": {
"components": [
{
"extension": "",
"type": "",
"mimeType": "",
"name": "",
"size": ""
}
],
"transmissionEnd": "",
"transmissionStart": "",
"encryptionInfo": "",
"transmissionSize": "",
"remoteHost": "",
"emailAddress": "",
"remoteServerGreeting": "",
"deliveryEvent": "",
"processingServer": "",
"remoteIp": "",
"messageExpiresIn": "",
"receiptAcknowledgement": ""
}
}
},
"status": "",
"id": "",
"retentionInfo": {
"litigationHoldInfo": [],
"smartTags": [],
"fbrStamps": [],
"purgeBasedOn": "",
"fbrExpireCheck": [],
"currentPurgeDate": "",
"audits": [],
"originalPurgeDate": "",
"retentionAdjustmentDays": ""
},
"recipientInfo": {
"recipientMetaInfo": {
"components": [
{
"extension": "",
"type": "",
"mimeType": "",
"name": "",
"size": ""
}
],
"receiptEvent": "",
"receiptAcknowledgement": "",
"remoteServerGreeting": "",
"encryptionInfo": "",
"transmissionSize": "",
"remoteHost": "",
"spamEvent": "",
"transmissionEnd": "",
"transmissionStart": "",
"processingServer": "",
"messageExpiresIn": "",
"binaryEmailSize": "",
"remoteIp": ""
},
"messageInfo": {
"cc": [],
"htmlBody": "",
"fromEnvelope": "",
"attachments": [],
"subject": "",
"fromHeader": "",
"processed": "",
"transmissionInfo": "",
"to": [],
"textBody": "",
"sent": ""
}
}
}
],
"fail": []
}
Parameter | Description |
---|---|
Email ID | Specify the email address that is configured in Mimecast whose messages you want to search on Mimecast. |
Search Text | Specify the text to filter the search for messages on Mimecast. |
Admin | Select this option, i.e., set it to True if this search is an administrative search. By default, this is set as False, i.e., the search is an end-user search. |
Time Period | (Optional) Specify the time period for which you want to query messages received in the specified email address. You can choose from the following options: Today, Yesterday, Last Week, Last Month, Last Year, or Between. If you choose Between, then in the From field, you should specify the start date and time from when you want to query for messages received in the specified email address, and in the To field, you should specify the end date and time till when you want to query for messages received in the specified email address. |
Document Type | (Optional) Select the type of document (attachment) for which you want to query for messages received in the specified email address. Some of the options you can choose from are Spreadsheets, Documents, Text, Media, etc. |
Page Token | (Optional) Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"meta": {
"pagination": {
"pageSize": "",
"next": "",
"recordStart": ""
},
"status": ""
},
"data": [
{
"subject": "",
"smash": "",
"size": "",
"receiveddate": "",
"attachmentcount": "",
"status": "",
"id": "",
"displayto": "",
"displayfrom": ""
}
],
"fail": []
}
Parameter | Description |
---|---|
Sender Email ID | Specify the email address or domain of the sender of the messages that you want to track on Mimecast. |
Recipient Email ID | Specify the email address or domain of the recipient of the messages that you want to track on Mimecast. |
Subject | Specify the subject of the messages that you want to track on Mimecast. |
Message ID | Specify the Internet message ID of the message whose message details you want to track on Mimecast. For example, <CALEwL_b_JJ_OfLw5S9vH34cnvAUowaQ24PhOePtkGUa6WV3QFw@mail.gmail.com> |
Sender IP | Specify the source IP address of the sender of the messages that you want to track on Mimecast. |
Search Reason | Specify the reason for tracking the messages on Mimecast. |
Start Time | Specify the date and time from when you want to search messages on Mimecast. |
End Time | Specify the date and time till when you want to search messages on Mimecast. |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"trackedEmails": [
{
"received": "",
"attachments": "",
"fromHdr": {
"emailAddress": "",
"displayableName": ""
},
"fromEnv": {
"emailAddress": "",
"displayableName": ""
},
"route": "",
"id": "",
"status": "",
"senderIP": "",
"to": [
{
"emailAddress": "",
"displayableName": ""
}
],
"sent": "",
"subject": ""
}
]
}
],
"fail": []
}
Parameter | Description |
---|---|
Email ID | Specify the primary email address of the user whose alias email addresses you want to retrieve from Mimecast |
The output contains the following populated JSON schema:
{
"meta": {
"status": ""
},
"data": [
{
"emailAddress": "",
"aliases": [
{
"domain": "",
"type": "",
"emailAddress": "",
"displayName": "",
"isInternal": ""
}
]
}
],
"fail": []
}
Parameter | Description |
---|---|
Encoded URL | Specify the Mimecast-encoded URL, for example, https://protect-xx.mimecast.com/... you want to decode. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"url": "",
"success": ""
}
],
"meta": {
"status": ""
}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list, i.e., all Search URL Logs are fetched from Mimecast.
Parameter | Description |
---|---|
Query | Specify the query string using which you want to search for URL Logs on the Mimecast server. Note: If you do not provide any query string then details of all existing Search URLs Logs are retrieved from the Mimecast server. |
Start Time | Specify the date and time from when you want to search URL logs on Mimecast. Defaults to the start of the current day. |
End Time | Specify the date and time till when you want to search URL logs on Mimecast. Defaults to the end of the current day. |
Page Size | Specify the number of results that are requested by this operation. |
Page Token | Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"logs": [
{
"searchText": "",
"description": "",
"searchReason": "",
"museQuery": "",
"emailAddr": "",
"source": "",
"isAdmin": "",
"searchPath": "",
"createTime": ""
}
]
}
],
"meta": {
"status": "",
"pagination": {
"pageSize": "",
"next": ""
}
}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list, i.e., all TTP URL Logs are fetched from Mimecast.
Parameter | Description |
---|---|
Oldest First | Select this option to order results with the most recent first. By default, this is set to False. |
Route | Select the route by which you want to filter the TTP URL logs. You can choose from the following options: inbound, outbound, internal, or all. Defaults to 'all'. |
Start Time | Specify the date and time from when you want to search TTP URL logs on Mimecast. Defaults to the start of the current day. |
End Time | Specify the date and time till when you want to search TTP URL logs on Mimecast. Defaults to the time of the request. |
Scan Result | Select the scan result by which you want to filter the TTP URL logs. You can choose from the following options: clean, malicious, or all. Defaults to 'all'. |
Page Size | Specify the number of results that are requested by this operation. |
Page Token | Specify the value of the Next or Previous fields from an earlier request. |
The output contains the following populated JSON schema:
{
"fail": [],
"data": [
{
"source": "",
"folders": [
{
"folderCount": "",
"parentId": "",
"userCount": "",
"source": "",
"description": "",
"id": ""
}
],
"query": ""
}
],
"meta": {
"status": "",
"pagination": {
"previous": "",
"pageSize": ""
}
}
}
The Sample - Mimecast - 2.0.0
playbook collection comes bundled with the Mimecast connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Mimecast connector.
NOTE: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.