Mimecast

Mimecast is an cloud-based email management service for security, archiving, and continuity services to protect business mail.

Integration with LogicHub

Connecting with Mimecast

To connect with Mimecast following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Region: Region where your Mimecast account is hosted.
  • Application ID: Application ID of the registered application.
  • Application Key: Application key of registered application.
  • Access Key: Access key of registered application.
  • Secret Key: Secret key of registered application.

Actions with Mimecast

Get Hold Message List

List of hold messages.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Start Time: Jinja Template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.
  • Jinja Template End Time: Jinja Template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.
  • Sender Name Column Name (Optional): Column name from the parent table that contains sender of the message.
  • Recipient Name Column Name (Optional): Column name from the parent table that contains recipient of the message.
  • Subject Name Column Name (Optional): Column name from the parent table that contains the subject of the message.
  • Sender IP Name Column Name (Optional): Column name from the parent table that contains sender IP of the message.
  • Held Reason Name Column Name (Optional): Column name from the parent table that contains held reason of message.
  • Is Admin (Optional): Level of results to return. If false, only results for the currently authenticated user will be returned. If true, held messages for all recipients will be returned (default is True).
  • Limit (Optional): Number of results to return (Default is 100 messages).

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: List of messages.

Reject Message

Rejects hold the message.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Message IDs Column Name: Column name from the parent table that contains comma-separated ids for messages to be rejected.
  • Message Column Name: Rejection message to be returned to sender.
  • Reason Type Column Name: The reason code for rejecting the message. Possible values are: MESSAGE CONTAINS UNDESIRABLE CONTENT, MESSAGE CONTAINS CONFIDENTIAL INFORMATION, REVIEWER DISAPPROVES OF CONTENT, INAPPROPRIATE COMMUNICATION, MESSAGE GOES AGAINST EMAIL POLICIES.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.

Release Message

Releases a hold message.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Message ID Column Name: Column name from the parent table that contains the ID for messages to be released.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.

Get Message Details

Retrieve detailed information about a specific message.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Message ID Column Name: Column name from the parent table that contains the ID for messages to be released.

Output of Action
json containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Message Details.
{
         "status": "String",
         "retentionInfo": {
             "currentPurgeDate": "Date String",
             "originalPurgeDate": "String",
             "retentionAdjustmentDays": -1,
             "fbrExpireCheck": [],
             "fbrStamps": [],
             "audits": [],
             "litigationHoldInfo": [],
             "smartTags": [],
             "purgeBasedOn": "String"
         },
         "recipientInfo": {
             "messageInfo": {
                 "attachments": [],
                 "cc": [
                     "String"
                 ],
                 "htmlBody": "String",
                 "transmissionInfo": "String",
                 "fromHeader": "String",
                 "subject": "String",
                 "textBody": "String",
                 "to": [
                     "String"
                 ],
                 "processed": "Date String",
                 "fromEnvelope": "String",
                 "sent": "Date String"
             },
             "recipientMetaInfo": {
                 "remoteServerGreeting": "String",
                 "encryptionInfo": "String",
                 "receiptAcknowledgement": "String",
                 "receiptEvent": "String",
                 "transmissionEnd": "Date String",
                 "spamEvent": "String",
                 "messageExpiresIn": 3650,
                 "processingServer": "String",
                 "binaryEmailSize": 100,
                 "transmissionSize": 100,
                 "remoteHost": "String",
                 "transmissionStart": "Date String",
                 "remoteIp": "String",
                 "components": [
                     {
                         "mimeType": "String",
                         "type": "String",
                         "name": "String",
                         "extension": "String",
                         "size": 100
                     }
                 ]
             }
         },
         "deliveredMessage": {
             "[email protected]": {
                 "messageInfo": {
                     "attachments": [],
                     "cc": [
                         "String"
                     ],
                     "htmlBody": "String",
                     "transmissionInfo": "String",
                     "fromHeader": "String",
                     "subject": "String",
                     "route": "String",
                     "textBody": "String",
                     "to": [
                         "String"
                     ],
                     "processed": "Date String",
                     "fromEnvelope": "String",
                     "sent": "String"
                 },
                 "policyInfo": [
                     {
                         "policyName": "String",
                         "policyType": "String",
                         "inherited": false
                     }
                 ],
                 "deliveryMetaInfo": {
                     "remoteServerGreeting": "String",
                     "encryptionInfo": "String",
                     "receiptAcknowledgement": "String",
                     "emailAddress": "String",
                     "messageExpiresIn": 3650,
                     "processingServer": "String",
                     "transmissionSize": 100,
                     "remoteHost": "String",
                     "transmissionStart": "Date String",
                     "remoteIp": "String",
                     "components": [
                         {
                             "mimeType": "text/plain",
                             "type": "Email Primary Body Plain Text",
                             "name": "body.txt",
                             "extension": "txt",
                             "size": 4075
                         }
                     ],
                     "transmissionEnd": "Date String",
                     "deliveryEvent": "String"
                 }
             }
         },
         "spamInfo": {
             "spamScore": 0,
             "detectionLevel": "moderate",
             "spamProcessingDetail": {
                 "rbl": {
                     "allow": true,
                     "info": "String"
                 },
                 "greyEmail": true,
                 "spf": {
                     "allow": true,
                     "info": "String"
                 },
                 "dkim": {
                     "allow": true,
                     "info": "String"
                 },
                 "dmarc": {
                     "allow": true,
                     "info": "String"
                 },
                 "permittedSender": {
                     "allow": true,
                     "info": "String"
                 },
                 "managedSender": {
                     "allow": true,
                     "info": "String"
                 },
                 "symbolGroups": [
                     {
                         "name": "String",
                         "description": "String"
                     }
                 ],
                 "verdict": {
                     "decision": "String",
                     "description": "String",
                     "risk": "negligible",
                     "categories": [
                         {
                             "name": "String",
                             "risk": "String",
                             "subcategories": [
                                 {
                                     "name": "String",
                                     "risk": "String",
                                     "augmentations": [
                                         {
                                             "name": "String",
                                             "risk": "String"
                                         }
                                     ]
                                 }
                             ]
                         }
                     ]
                 }
             },
             "id": "String"
         }
     }

Get TTP URL Logs

This action will bring TTP URL logs.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Oldest First: Orders results with the most recent first. (Default is false).
  • Route: Filters logs by route, must be one of inbound, outbound, internal, or all. (Defaults is all).
  • Scan Result: Filters logs by scan result, must be one of clean, malicious, or all. (Defaults is all).
  • Start Time: Jinja Template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.
  • End Time: Jinja Template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.
  • Page Size: Jinja Template containing page size. The number of results requested. (Default is 100000).

Output of Action
Array of TTP URL logs, with each log in different row.

{
    "userOverride": "None",
    "subject": "[EXT] ME debt alert : DEBTWIRE (01/06/2021 07:50:00)",
    "userEmailAddress": "[email protected]",
    "scanResult": "clean",
    "sendingIp": "104.130.123.234",
    "url": "http://email.notifications.debtwire.com/c/eJyNUslu2zAQ_RrxJoO7xAMPXqI0QOO2qIvAuRQ0OYroaKtIxfDfl3aSIpcABXjhm-HwLTNOg5tt1A4O8eQnQMbOkw-_Akx3TmOq1oKKKi82YpXzgq1ztVIiZ6tKqmq9wpIu0Z8ZpvMXExrNa1nQg7TCWCJqXBvLCSslZ5iygzvUyIxj662Jfuh1P0Rfv10C8ppiSrDEBDNRULEgC8XEsuSScq4U4csq4_id5cIOHWp0YTm2lltBbF3gErAiwIyrMdiCK6ZQZ6Jtko77h6rZbvZ8S_fnfffjvO0e_eNt9bw9tsftpjl-e7g7b3f3p313k7ENml_VU4xLRogiyM5tnCdYDw409PntCrW6iXEMGVtmtErndDotPrJLkO8jtK1_gt5Cur54OL2jtgu5656PqshYNcfudxjmKXWxzfajKxmVl2IHzs9dKt50xrdvoDXdaPxTn-BlC1N8gyNMl06hmASGLZTygJMOQmUKgrFLVxJ3ffF9Gmrfws9zuHPpCUnec16mjpDY-Av0X_H7sIMQdW3aAMj5MF48B7cxEa6Z5ljmmOwwS16JpHdJ-UII9oiiHl8ZXL__jDGC_kW3_gVQhG5s09SUzLvTeUbLL7v7rxlVYR5hQk4DCMfRv8n607nX3didR9AuZRQimvRzY1rvFs0cgvF92rdugNaH67bZySdvvbkuuhFlSTEYSRiAoaA4A255QQ6yIFzJv2UUCkQ",
    "emailPartsDescription": [
        "Body"
    ],
    "creationMethod": "User Click",
    "fromUserEmailAddress": "[email protected]",
    "userAwarenessAction": "N/A",
    "has_error": false,
    "ttpDefinition": "Default URL Protection Definition",
    "error": null,
    "date": "2021-06-01T04:47:53+0000",
    "messageId": "<[email protected]>",
    "actions": "Allow",
    "category": "Business",
    "route": "inbound",
    "action": "allow",
    "adminOverride": "N/A"
}

Get TTP Impersonation Protection Logs

This action will bring TTP impersonation protection logs.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Oldest First: Orders results with the most recent first. (Default is false).
  • Search Field: The field to search, must be one of: senderAddress, recipientAddress, subject, definition or all (meaning all of the preceding fields). (Defaults is all if a search string(query) is provided).
  • Query: Jinja Template containing query. Required if searchField is not null. A character string to search for in the logs.
  • Start Time: Jinja Template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.
  • End Time: Jinja Template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.
  • Page Size: Jinja Template containing page size. The number of results requested. (Default is 100000).

Output of Action
Array of TTP Impersonation Protection logs, with each log in different row.

{
    "subject": "Same Day Ach – Compliance as The RDFI And Opportunities For The ODFI And Originator",
    "taggedMalicious": true,
    "senderIpAddress": "147.253.210.103",
    "impersonationResults": [
        {
            "impersonationDomainSource": "targeted_threat_dictionary",
            "stringSimilarToDomain": "Bank,need,needed,payments,changes,processing,payment,transactions,transaction,Same Day"
        },
        {
            "impersonationDomainSource": "newly_observed_domain",
            "similarDomain": "bounces.getinfoforwebinars.com",
            "stringSimilarToDomain": "surbl_fresh"
        }
    ],
    "identifiers": [
        "newly_observed_domain",
        "targeted_threat_dictionary"
    ],
    "has_error": false,
    "id": "MTOKEN:eNqrVkouLS7Jz00tSs5PSVWyUnIODXY0NDJxNLQwVdJRykxRsjI1NrMwNzfQUSpLLSrOzM9TsjLUUSrJA6s2MDBRqgUAwuoTYw",
    "taggedExternal": true,
    "error": null,
    "hits": 2,
    "messageId": "<[email protected]>",
    "eventTime": "2021-06-01T12:59:49+0000",
    "definition": "Impersonation Protection",
    "senderAddress": "[email protected]",
    "action": "hold",
    "recipientAddress": "[email protected]"
}

Get TTP Attachment Protection Logs

This action will bring TTP attachment protection logs.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Oldest First: Orders results with the most recent first. (Default is false).
  • Route: Filters logs by result, must be one of safe, malicious, timeout, error, unsafe, or all. (Defaults is all).
  • Start Time: Jinja Template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.
  • End Time: Jinja Template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.
  • Page Size: Jinja Template containing page size. The number of results requested. (Default is 100000).

Output of Action
Array of TTP Attachment Protection logs, with each log in different row.

{
    "subject": "Pharming GRP NV: Pharming Group to present at Jefferies Virtual Healthcare Conference - June 1",
    "result": "safe",
    "fileName": "body.txt",
    "fileType": "message/rfc822",
    "has_error": false,
    "error": null,
    "date": "2021-06-01T04:57:59+0000",
    "messageId": "<[email protected]>",
    "definition": "Default Attachment Protection Definition",
    "details": "Safe                                              \r\nTime taken: 0 hrs, 0 min, 2 sec",
    "route": "inbound",
    "senderAddress": "[email protected]",
    "actionTriggered": "none, none",
    "fileHash": "0dd7e40563915eea2f5f93694d3dddac714e3145f2595d80e787bb0e4980a720",
    "recipientAddress": "[email protected]"
}

Find groups

This action will bring a list of groups/folders.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Query: Jinja-templated text containing query. A character string.
    to search for in the groups. Example: {{query_column}}
  • Source: The source of the groups. (Default is cloud)
  • Jinja Template Page Size: Jinja-templated text containing page size.The number
    of results requested. (Default is 100000) Example: {{page_size_column}}

Output of Action
List of groups

{
    "subject": "Pharming GRP NV: Pharming Group to present at Jefferies Virtual Healthcare Conference - June 1",
    "result": "safe",
    "fileName": "body.txt",
    "fileType": "message/rfc822",
    "has_error": false,
    "error": null,
    "date": "2021-06-01T04:57:59+0000",
    "messageId": "<[email protected]>",
    "definition": "Default Attachment Protection Definition",
    "details": "Safe                                              \r\nTime taken: 0 hrs, 0 min, 2 sec",
    "route": "inbound",
    "senderAddress": "[email protected]",
    "actionTriggered": "none, none",
    "fileHash": "0dd7e40563915eea2f5f93694d3dddac714e3145f2595d80e787bb0e4980a720",
    "recipientAddress": "[email protected]"
}

Get group members

This action will bring a list of members.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Query: Jinja-templated text containing query. A character string.
    to search for in the groups. Example: {{query_column}}
  • Jinja Template ID: Jinja-templated text containing the Mimecast ID of the group.
    Example: {{id_column}}

Output of Action
List of members

{
   "name":"",
   "internal":false,
   "domain":"fundmanager.io",
   "emailAddress":"",
   "has_error":false,
   "error":null,
   "type":""
}

Add group member

This action can be used to add user email addresses or domains to a profile group.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja TemplateID: Jinja-templated text containing the Mimecast ID of the group to add to. Example: {{id_column}}
  • Jinja Template Email Address: Jinja-templated text containing the email address of a user to add to a group. Example: {{email_address_column}}

Output of Action
JSON containing the following items:
*meta:status

  • data:data/null
  • fail:fail Details.
{
   "meta":{
      "status":200
   },
   "data":[
      {
         "id":"eNoVzVsLgjAYgOH_8t0m6NRleiceCAIjYhWxm3BfOJ2u5qET_ffs-oXn_UCP5WhQCohA3F7cPqfNRdTbgm0S6bO7DltPxYcHfS8YwaJeh6csX6aqoVPFbTpw2_WL6tkdp4Dk2Q4sKMd-0C2aUguc0YTt4xWJPRrMbULTS91BRCy4aiXQKNk1_zlxnMANXe_7A7exLmU",
         "folderId":"eNoVjr0KgzAYAN_lWytItInGTWqkdBCkqB1cxHyibTQlUftH3712voO7D1hsF4ODhAhGwfLT9ch1FSaB5q8yI4J7vorLB33vCoLZBi8iZYm60bWvXTrXrrfP-udUrQFJRQ4OKNncIeoaZdGBdrGzHtG0WuIWOBTnOCSxT4NNXNHYQU8QEQc6rSSa_0TAGfO_Px11Lwk",
         "emailAddress":"[email protected]",
         "internal":false
      }
   ],
   "fail":[
      
   ]
}

Remove group member

This action can be used to remove user email addresses or domains from a profile group.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja TemplateID: Jinja-templated text containing the Mimecast ID of the group to add to. Example: {{id_column}}
  • Jinja Template Email Address: Jinja-templated text containing the email address of a user to add to a group. Example: {{email_address_column}}

Output of Action


Did this page help you?