This guide outlines the procedures required to create a Mimecast API application and enable SIEM logs in preparation for collecting Mimecast logs via the Open Collector.
You must have administrator privileges in the Mimecast console in order to complete the steps in this guide.
Create a Mimecast Application Role
To create a Mimecast application role:
-
Log into the Mimecast administrator console.
-
Click Account, and then Roles.
-
Click the New Role button to initiate the creation of a new role.
-
Provide a Role Name and Description to clearly articulate the purpose of the role.
-
Deselect all application permissions, then enable the following permissions based on the endpoint from which you wish to collect:
|
Endpoint Name |
Product |
Required Permissions |
|---|---|---|
|
Archive Search Logs |
Audit Events |
Archive > Search Logs > Read |
|
Archive Message View Logs |
Audit Events |
Archive > View Logs > Read |
|
TTP URL Logs |
Security Events |
Monitoring > URL Protection > Read |
|
TTP Impersonation Protect Logs |
Security Events |
Monitoring > Impersonation Protection > Read |
|
Attachment Protection Logs |
Security Events |
Monitoring > Attachment Protection > Read |
|
Audit Events |
Audit Events |
Account > Logs > Read |
|
SIEM Logs (MTA) |
Threats, Security Events and Data for CG |
Security Events and Data Retrieval > Threat and Security Events (SIEM) > Read |
-
Click Save and Exit to finalize the role creation process.
Create a Mimecast API Application to Obtain Application Keys
To access vital Mimecast Email Security account information, including region, application ID, application key, access key, and secret key information:
-
Log into the Mimecast administrator console.
-
Click Integrations, and then API and Platform Integrations.
-
Click Generate Keys on the Mimecast API 2.0 tile.
-
In the Details section, make the following selections:
-
Category: SIEM Integration
-
Product Overview:
-
Threats, Security Events, and Data for CG
-
Security Events
-
Audit Events
-
-
Application Role: Select the role created in the previous section.
-
-
Enter the required Application Name and Description, then click the Next button.
-
In the Notification section, provide the necessary Technical Point of Contact and Email, then click the Next button.
-
Review the provided information and click Add and Generate Keys to complete the process.
-
Copy the generated keys and store them securely.
The displayed keys cannot be retrieved once you leave this screen, so ensure they are copied to a secure location to be used in the next page of this guide.
Enable the SIEM Logs (MTA) Endpoint
To enable the SIEM Logs (MTA) endpoint:
-
Confirm that you hold a Mimecast administrator role that has Gateway, Tracking, and Read permissions.
-
Log into the Mimecast administrator console.
-
Click Administrator, and then Account.
-
Click Account Settings, and then Enhanced Logging.
-
Select the log types you wish to utilize for the endpoint.
-
Click Save to apply the changes.