icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Mimecast for Splunk
SHA256 checksum (mimecast-for-splunk_411.tgz) 9f41ff04652046d986a2d313f1bb4356559657a5aaabdaf93839a8e031590a39 SHA256 checksum (mimecast-for-splunk_410.tgz) 70dca6214cbe62714fa54d057846da294d0c5791a9da2c0809e27000eee537e6
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Mimecast for Splunk

Splunk Cloud
Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is extremely high value for security operations teams, the Mimecast and Splunk integration provides security teams the data they need to identify incidents and attacks and inform how they need to respond, enhancing the benefits of the Splunk Enterprise investment and ultimately reducing the risk the organization faces.

About Mimecast

For organizations concerned about cyber risk and struggling to attract and retain sufficient cybersecurity expertise and budget, Mimecast delivers a comprehensive, integrated solution that solves the #1 cybersecurity attack vector – email,
Mimecast’s Email Security 3.0 solution framework reduces the time, cost and complexity of achieving more complete cybersecurity, compliance and resilience through additional modules, all while connecting seamlessly with other security and technology investments to provide a coherent security architecture.

Installation Guide: https://community.mimecast.com/s/article/Mimecast-for-Splunk-Administrators-Guide-159829928


Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is high value
Impersonation Protect Dashboard

The Impersonation Protect dashboard gives you an at-a-glance view of the types of phishing techniques targeting your organization and who is most at risk.

Attachment Protect Dashboard

Use the Attachment Protect Dashboard to view and investigate targeted malware attacks detected by Mimecast.

URL Protect Dashboard

Use the URL Protect Dashboard to gain insights into malicous or suspicious links clicked in emails.

Key Capabilities and Benefits

  • Analyze logs from your Mimecast tenant in isolation using Splunk Enterprise's powerful search capability
  • Correlate logs from your Mimecast tenant with data from other security systems to provide more context and actionable information
  • Stay informed with out-of-the-box dashboards or by creating custom reports and alerts tailored to your organization's needs
  • Track user activty and system changes in Mimecast and correlate this with data from other systems
  • Leverage data to demonstrate regulatory compliance

Solution Overview

  1. Mimecast logs event activity in real time. This includes email receipt, processing and delivery, and employees clicking on links within an email.
    The events are then made available for integration into 3rd party systems via a REST API using industry standard JSON or pipe delimited, key-value pair formats.
  2. Log collection is achieved using modular inputs. For the greatest flexibility, each log type is separated into its own input, allowing you to choose what data you want to ingest.
  3. With modular inputs successfully configured, data is immediately ingested and indexed by Splunk Enterprise. Once indexed, data is searchable and displayed in the app's built in dashboards.

Useful links

Mimecast Tech Connect
for the security operations team, enhancing the benefits of your Splunk Enterprise investment.

Correlate security events detected by Mimecast Targeted Threat Protection and the Secure Email Gateway with other security systems connected to Splunk Enterprise – helping security analysts detect incidents and attacks quickly and accurately.

High Value Data

Add high value email security data to Splunk Enterprise to help investigate and detect threats quickly and accuratley.

Installation Guide

Release Notes

Version 4.1.1
May 9, 2022
  • Missing Mimecast icons and logo have been added back

Please see the full list of changes, enhancements and fixes via the below link.


Version 4.1.0
April 20, 2022
  • Minor bug fixes for dashboard widgets
  • Updated app to be compatible with Addon Builder 4.1.0
  • XML versions added to dashboards to address jquery vulnerability

Please see the full list of changes, enhancements and fixes via the below link.


Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.