Email is the primary attack vector and holds a huge amount of data, that if harnessed in the right way, can help improve security defenses and response significantly. Using our open API, Mimecast has developed an integration to bring email security data into the Splunk Enterprise platform.
Integrating Mimecast data into Splunk means it can be correlated against other data sources for better visibility and alerting to active and potential threats that may otherwise go unnoticed. Integrating email security data into Splunk’s Common Information Model (CIM) makes it faster and easier to correlate, monitor, query and extract actionable intelligence from.
The app supports multiple input sources including email, directory, journal, and audit data for more comprehensive insights. Deeper Targeted Threat Protection URL data is also included for greater visibility into link activity including user clicks and outcomes. Pre-built dashboards help visualize the data for easier interpretation and action.
See the Mimecast KB article on how to setup Mimecast for Splunk: https://community.mimecast.com/docs/DOC-2142/
- Issue with Dashboards not displaying data have been fixed.
- Target Threat Protect - Attachment Protect input type have been updated to collect only malicious data.
- Target Threat Protect - Attachment Protect input type collecting duplicate data has been fixed.
- Target Threat Protect - Impersonation Protect input type have been updated to collect only malicious data.
- Target Threat Protect - Impersonation Protect input type collecting duplicate data has been fixed.
- Presentation issues for attachment filenames have been addressed.
- Escape (\) and quote characters ("") are now removed before ingesting logs into Splunk.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.