Skip to main content
Skip table of contents

Create a Mimecast API Application and Enable SIEM Logs

This guide outlines the procedures required to create a Mimecast API application and enable SIEM logs in preparation for collecting Mimecast logs via the Open Collector.

You must have an administrator account without the Mimecast console in order to complete the steps in this guide.

Create a Mimecast Application Role

To create a Mimecast application role:

  1. Log into the Mimecast administrator console.

  2. Click Account, and then Roles.

  3. Click the New Role button to initiate the creation of a new role.

  4. Provide a Role Name and Description to clearly articulate the purpose of the role.

  5. Deselect all application permissions, except for Security Events and Data Retrieval.

  6. Click Save and Exit to finalize the role creation process.

Create a Mimecast API Application to Obtain Application Keys

To access vital Mimecast Email Security account information, including region, application ID, application key, access key, and secret key information:

  1. Log into the Mimecast administrator console.

  2. Click Integrations, and then API and Platform Integrations.

  3. Click Generate Keys on the Mimecast API 2.0 tile.

  4. In the Details section, make the following selections:

    1. Category: SIEM Integration

    2. Product Overview: Threats, Security Events, and Data for CG

    3. Application Role: Select the role created in the previous section.

  5. Enter the required Application Name and Description, then click the Next button.

  6. In the Notification section, provide the necessary Technical Point of Contact and Email, then click the Next button.

  7. Review the provided information and click Add and Generate Keys to complete the process.

  8. Copy the generated keys and store them securely.

The displayed keys cannot be retrieved once you leave this screen, so ensure they are copied to a secure location to be used in the next page of this guide.

Enable the SIEM Logs (MTA) Endpoint

To enable the SIEM Logs (MTA) endpoint:

  1. Confirm that you hold a Mimecast administrator role that has Gateway, Tracking, and Read permissions.

  2. Log into the Mimecast administrator console.

  3. Click Administrator, and then Account.

  4. Click Account Settings, and then Enhanced Logging.

  5. Select the log types you wish to utilize for the endpoint.

  6. Click Save to apply the changes.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.