icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Mimecast for Splunk
SHA256 checksum (mimecast-for-splunk_409.tgz) 33ba56331f786bda6378270f1915a72d13cff9c05c9f760e5d7a9b2c53c20160 SHA256 checksum (mimecast-for-splunk_408.tgz) 5e18b660e5fdfaad6ada2cdeefde2c6639d67240ed2874cf654792cc2deaab5f SHA256 checksum (mimecast-for-splunk_404.tgz) 29ed6c078c1ec7dc8825ac1b223602d9a20cffbb4d911f0c2e326048a1db3ce7 SHA256 checksum (mimecast-for-splunk_402.tgz) 01267a339a31894a2ae94471b596fe0256ddb3f8c39b542944cf59785bdd57f7 SHA256 checksum (mimecast-for-splunk_315.tgz) 973725bbd2560478d1a1aba1960bc3d97292373ee1e502c82be0a11511d3958f
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Mimecast for Splunk

Splunk Cloud
Overview
Details
Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is extremely high value for security operations teams, the Mimecast and Splunk integration provides security teams the data they need to identify incidents and attacks and inform how they need to respond, enhancing the benefits of the Splunk Enterprise investment and ultimately reducing the risk the organization faces.

About Mimecast

For organizations concerned about cyber risk and struggling to attract and retain sufficient cybersecurity expertise and budget, Mimecast delivers a comprehensive, integrated solution that solves the #1 cybersecurity attack vector – email,
 
Mimecast’s Email Security 3.0 solution framework reduces the time, cost and complexity of achieving more complete cybersecurity, compliance and resilience through additional modules, all while connecting seamlessly with other security and technology investments to provide a coherent security architecture.

Installation Guide: https://community.mimecast.com/s/article/Mimecast-for-Splunk-Administrators-Guide-159829928

Overview

Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is high value
Impersonation Protect Dashboard


The Impersonation Protect dashboard gives you an at-a-glance view of the types of phishing techniques targeting your organization and who is most at risk.

Attachment Protect Dashboard


Use the Attachment Protect Dashboard to view and investigate targeted malware attacks detected by Mimecast.

URL Protect Dashboard


Use the URL Protect Dashboard to gain insights into malicous or suspicious links clicked in emails.

Key Capabilities and Benefits

  • Analyze logs from your Mimecast tenant in isolation using Splunk Enterprise's powerful search capability
  • Correlate logs from your Mimecast tenant with data from other security systems to provide more context and actionable information
  • Stay informed with out-of-the-box dashboards or by creating custom reports and alerts tailored to your organization's needs
  • Track user activty and system changes in Mimecast and correlate this with data from other systems
  • Leverage data to demonstrate regulatory compliance

Solution Overview

  1. Mimecast logs event activity in real time. This includes email receipt, processing and delivery, and employees clicking on links within an email.
    The events are then made available for integration into 3rd party systems via a REST API using industry standard JSON or pipe delimited, key-value pair formats.
  2. Log collection is achieved using modular inputs. For the greatest flexibility, each log type is separated into its own input, allowing you to choose what data you want to ingest.
  3. With modular inputs successfully configured, data is immediately ingested and indexed by Splunk Enterprise. Once indexed, data is searchable and displayed in the app's built in dashboards.

Useful links

Mimecast Tech Connect
for the security operations team, enhancing the benefits of your Splunk Enterprise investment.

Correlate security events detected by Mimecast Targeted Threat Protection and the Secure Email Gateway with other security systems connected to Splunk Enterprise – helping security analysts detect incidents and attacks quickly and accurately.

High Value Data


Add high value email security data to Splunk Enterprise to help investigate and detect threats quickly and accuratley.


Installation Guide

Release Notes

Version 4.0.9
Nov. 6, 2020

Dashboard: Email Activity - Query for the 'Messages Rejected' dashboard panel has been updated

Please see the full list of changes, enhancements and fixes via the below link.

https://community.mimecast.com/s/article/Mimecast-for-Splunk-Release-Notes

Version 4.0.8
Oct. 23, 2020
  • Dashboard: Targeted Threat Protection URL Protect dashboard - 'URL' column has been reverted back to 'Category'
  • Inputs: Mimecast TTP Attachment Protect - Parsing for 'fileHash' field
  • props.conf: [mimecastsiemst] section, TIME_FORMAT value has been updated with %Y-%m-%dT%H:%M:%S%z

Please see the full list of changes, enhancements and fixes via the below link.

https://community.mimecast.com/s/article/Mimecast-for-Splunk-Release-Notes

Version 4.0.4
Oct. 12, 2020

IMPORTANT:

  1. Inputs will stop working following the upgrade. To resume data collection one or more accounts must be added to the Accounts tab via the Configuration page. After an account have been added, inputs must be configured to use an account, before data collection can resume.

  2. Service Health input will need to be created to populate Service Health dashboard.

Enhancements:

  • New Account tab added to Configuration page
  • Improved API Keys management: Credentials for Mimecast API are now managed via new Account tab, instead of individual inputs.
  • Credentials drop down added to all inputs

Inputs:

  • Email, Directory and Journal inputs have been merged into a new single input
  • Service Health input: Formerly the Email, Directory and Journal inputs
  • 2 Threat Intelligence Feed inputs: Targeted and Regional Threat Intelligence feeds

Please see the full list of changes, enhancements and fixes via the below link.

https://community.mimecast.com/s/article/Mimecast-for-Splunk-Release-Notes

Version 4.0.2
Aug. 28, 2020
  • DLP Input to fetch DLP Logs
  • Updates to SIEM Input: SIEM AV log, SIEM Impersonation log
  • CIM field mappings for DLP log fields
  • CIM field mappings for SIEM AV log fields
  • Parsing of new 'subject' field from SIEM process, SIEM TTP URL, SIEM TTP AP logs
  • Parsing of new 'MsgId' field from SIEM process, SIEM TTP URL, SIEM TTP AP, TTP Impersonation logs
  • Parsing of new SpamProcessingDetail field from SIEM receipt logs

Please see the full list of changes, enhancements and fixes via the below link.

https://community.mimecast.com/s/article/Mimecast-for-Splunk-Release-Notes

Version 3.1.5
March 2, 2020

Please see the full list of changes, enhancements and fixes via the below link.

https://community.mimecast.com/s/article/Mimecast-for-Splunk-Release-Notes

1,915
Installs
3,730
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.