icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Mimecast Awareness Training - Campaigns
SHA256 checksum (mimecast-awareness-training-campaigns_131.tgz) a936b24d2cbb02bc0812c6c02678871dec17d3f2e5b3d116a61419d373e9e2aa SHA256 checksum (mimecast-awareness-training-campaigns_130.tgz) 39650172f0ce2db75ebee6a6a6d69d62a3952f128bd7c3da61952e2a5f895e3b SHA256 checksum (mimecast-awareness-training-campaigns_120.tgz) fafd41db4b22db3330221ed196b69fb91717eb42edcdcbe4e2581c27bc4632cf SHA256 checksum (mimecast-awareness-training-campaigns_101.tgz) b4153a3f644276ad75ac318f8afaf4ff5bde3a355400483098f8cdc19599e573 SHA256 checksum (mimecast-awareness-training-campaigns_100.tgz) 898c0d15f9532659a13fd95bdd5222c27e1c0d4dadc2dc4dc07b85d5316ad7b0
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Mimecast Awareness Training - Campaigns

Overview
Details
This TA allows Splunk administrators to ingest or onboard data from Mimecast Awareness Training API, specifically the "Get Campaigns" and "Get User Data" endpoints.

To configure an input after installing this app, go to Settings > Data Inputs > Mimecast Awareness Training - Campaigns
You will need to supply the the following:
- Access Key
- Secret Key
- App Id
- App Key

Once the abovementioned credentials have been entered, click on More Settings and select your index and interval. Since this API endpoint returns data that do not change a lot, it is recommended to set a wide interval, such as "every 12 hours".

NOTE: Do not change the sourcetype as there's a renaming that happens in the background / parsing phase.

The author of this add-on is not employed by Mimecast. This was built out of necessity. The main Splunk TA built by Mimecast is found here: https://splunkbase.splunk.com/app/4075/

For more details about the API, visit https://integrations.mimecast.com/documentation/endpoint-reference/awareness-training/

Help me upgrade this app: https://github.com/morethanyell/mimecast-apis-splunk-ta

App Configuration

Installation

NOTE: There are other methods of installing this app.
- Download the app on your local machine
- Navigate to App Manager
- Use the "Install App From File" option
- Select the downloaded tarball of this app
- Click Upload
- Your Splunk server should require to restart

Configure An Input

  • Navigate to Settings > Data Input and then look for "Mimecast Awareness Training - Campaigns"
  • Click "Add New"
  • Supply the following:
    • Access Key
    • Secret Key
    • App Id; and
    • App Key
  • Above information should have been given to you by your Mimecast representative
  • Click "More Settings"
  • Give a large value for interval, e.g. 86400, which represent "once per day"
    • This means, the script will only runs once per day
    • Depending on how active the campaigns are, you can lower this interval to at least "once every hour"
  • Select your index and leave sourcetype
    • The metadata host is defaulted to https://de-api.mimecast.com
    • While the sourcetype is defaulted to mc:api:response at typing phase but is then renamed to either mc:api:userdata or mc:api:campaigns depending on the events being parsed
    • The value for source metadata is also rewritten to mc_<supplied API Key>
  • Save your settings

Sample Splunk Queries

Display User Data

index=<your selected index> sourcetype=mc:api:userdata

Display Campaigns

index=<your selected index> sourcetype=mc:api:campaigns

Scripting Details

This app uses Python script that is 90% based on Mimecast's API documentation. The logic is as follows:
- [POST] Request the Campaigns API endpoint
- Append values to each JSON object:
- Hard code KV "sourcetype": "mc:api:campaigns", which will be used in transforms.conf for sourcetype renaming
- Hard code KV "api_source": <App ID>, which will be used in transforms.conf for source assignment
- Write each JSON object as an "event"
- Using the "Campaign ID" in above's JSON object, [POST] request the User Data API endpoint, with blank value for nextPage token
- Append values to each JSON object:
- Hard code KV "sourcetype": "mc:api:userdata", which will be used in transforms.conf for sourcetype renaming
- Hard code KV "api_source": <App ID>, which will be used in transforms.conf for source assignment
- Hard code KV "campaignId": <campaignId>
- Hard code KV "campaignName": <campaignName>
- Hard code KV "launchDate": <launchDate>
- Write each JSON object as an "event"
- Capture nextPage token and then loop until the reponse doesn't contain any nextPage
- Write each JSON object as "event"

Release Notes

Version 1.3.1
May 20, 2022

Important

  • This version includes breaking changes. It's important to delete the existing inputs configuration and create a new one.

Changes

  • Improved logging
  • Changed JSON field api_source to apiSourceAppId in sourcetypes "mc:api:campaigns" and "mc:api:userdata"
  • Added JSON field apiScriptHost to both "mc:api:campaigns" and "mc:api:userdata" sourcetypes
  • Minor bugs fixed
Version 1.3.0
May 20, 2022

Important

This version includes breaking changes. It's important to delete the existing inputs configuration and create a new one.

Changes

  • Improved logging
  • Changed JSON field api_source to apiSourceAppId in sourcetypes "mc:api:campaigns" and "mc:api:userdata"
  • Added JSON field apiScriptHost to both "mc:api:campaigns" and "mc:api:userdata" sourcetypes
Version 1.2.0
May 6, 2022

Added feature that hides / masks the keys in passwords.conf

Version 1.0.1
May 2, 2022
Version 1.0.0
April 29, 2022

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.