Email is the primary attack vector and holds a huge amount of data, that if harnessed in the right way, can help improve security defenses and response significantly. Using our open API, Mimecast has developed an integration to bring email security data into the Splunk Enterprise platform.
Integrating Mimecast data into Splunk means it can be correlated against other data sources for better visibility and alerting to active and potential threats that may otherwise go unnoticed. Integrating email security data into Splunk’s Common Information Model (CIM) makes it faster and easier to correlate, monitor, query and extract actionable intelligence from.
The app supports multiple input sources including email, directory, journal, and audit data for more comprehensive insights. Deeper Targeted Threat Protection URL data is also included for greater visibility into link activity including user clicks and outcomes. Pre-built dashboards help visualize the data for easier interpretation and action.
See the Mimecast KB article on how to setup Mimecast for Splunk: https://community.mimecast.com/docs/DOC-2142/
- Support for new SIEM log format
- Support for TTP Impersonation Protect logs
- Support for TTP Attachment Protect logs
- Support for adding multiple Mimecast tenants, by making Application key and Application ID per input
- Support for better filtering of data by Mimecast tenant has been added. A new field called 'splunkAccountCode' will be added to all logs prior to being ingested into Splunk.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.