Flat File - Mimecast Email

Device Details

Device Name	Mimecast Email
Vendor	Mimecast
Device Type	Enhanced Logging feature (Download Log File Data)
Supported Model Name/Number	All
Supported Software Version(s)	All
Collection Method	Flat File
Configurable Log Output?	N/A
Log Source Type	Flat File - Mimecast Email
Log Processing Policy	Logrhythm Default
Exceptions	N/A
Additional Information	https://www.mimecast.com/tech-connect/documentation/tutorials/understanding-siem-logs/ https://integrations.mimecast.com/tech-partners/logrhythm/ https://community.mimecast.com/s/article/Mimecast-Data-Collection-Scripts-for-LogRhythm-Administrators-Guide-1454838593

- In order to successfully use this endpoint, the logged in user must be a Mimecast administrator with at least the Accounts | Dashboard | Read permission.

(List of LR Tags used to parse the log information for each message type)

Type	Product Version	Supported Schema Fields
Email Attachment	All	<account>, <objectname>, <hash>, <size>, <dip>, <recipient>, <domainorigin>, <objecttype>, <sender>
Email Spam Information	All	<vmid>, <quantity>, <dip>, <status>, <tag2>, <reason>, <object>, <url>, <subject>, <login>, <sender>, <recipient>, <tag1>, <action> <protname>, <hash>, <amount>
Email Statistic Information	All	<vmid>, <action>, <quantity>, <objectname>, <size>, <url>, <amount>
Email Statistic Information	All	<vmid>, <action>, <quantity>, <objectname>, <size>, <url>, <amount>
General Blocked Event	All	<reason>, <url>, <status>, <dip>, <dname>, <sender>, <recipient>, <domain>
General Email Attachment Message	All	<vmid>, <dip>, <objecttype>, <url>, <subject>, <quantity>, <sender>, <recipient>, <size>, <protname>, <bytesout>, <policy>
General Email Information	All	<vmid>, <status>, <dip>, <quantity>, <tag1>, <object>, <subject>, <url>, <login>, <amount>, <sender>, <recipient>, <size>, <protname>, <hash>, <itemsout>
General Email Information 2	All	<vmid>, <sender>, <recipient>, <size>, <status>, <itemsout>, <quantity>, <action>, <tag2>, <protname>, <dip> ,<hash> ,<tag1> ,<object> <url>, <subject>, <login>, <objectname>, <objecttype>
General Email Information 3	All	<vmid>, <action>, <object>, <sender>, <recipient>, <quantity>, <dip>, <url>, <subject>, <login>, <sender>, <protname>, <hash>, <amount>

KB Version	Log Type	Change Type	Details
KB 7.1.614.0	Flat File	Documentation	Existing device configuration guide updated with new format.