Mimecast
Version: 4.0.0
Mimecast is an cloud-based email management service for security, archiving, and continuity services to protect business mail.
Connecting with Mimecast with LogicHub
- Navigate to Automations > Integrations.
- Search for Mimecast.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- Region: Region where your Mimecast account is hosted.
- Application ID: Application ID of the registered application.
- Application Key: Application key of registered application.
- Access Key: Access key of registered application.
- Secret Key: Secret key of registered application.
- After you've entered all the details, click Connect.
Actions for Mimecast
Get Hold Message List
List of hold messages.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Start Time | Jinja Template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}. | Required |
| End Time | Jinja Template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}. | Required |
| Sender Name Column Name | Column name from the parent table that contains sender of the message. | Optional |
| Recipient Name Column Name | Column name from the parent table that contains recipient of the message. | Optional |
| Subject Name Column Name | Column name from the parent table that contains the subject of the message. | Optional |
| Sender IP Name Column Name | Column name from the parent table that contains sender IP of the message. | Optional |
| Held Reason Name Column Name | Column name from the parent table that contains held reason of message. | Optional |
| Is Admin | Level of results to return. If false, only results for the currently authenticated user will be returned. If true, held messages for all recipients will be returned (default is True). | Optional |
| Limit | Number of results to return (Default is 100 messages). | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of messages.
Reject Message
Rejects hold the message.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Message IDs Column Name | Column name from the parent table that contains comma-separated ids for messages to be rejected. | Required |
| Message Column Name | Rejection message to be returned to sender. | Required |
| Reason Type Column Name | The reason code for rejecting the message. Possible values are: MESSAGE CONTAINS UNDESIRABLE CONTENT, MESSAGE CONTAINS CONFIDENTIAL INFORMATION, REVIEWER DISAPPROVES OF CONTENT, INAPPROPRIATE COMMUNICATION, MESSAGE GOES AGAINST EMAIL POLICIES. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Success/Failure message.
Release Message
Releases a hold message.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Message ID Column Name | Column name from the parent table that contains the ID for messages to be released. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Success/Failure message.
Get Message Details
Retrieve detailed information about a specific message.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Message ID Column Name | Column name from the parent table that contains the ID for messages to be released. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Message Details.
{
"status": "String",
"retentionInfo": {
"currentPurgeDate": "Date String",
"originalPurgeDate": "String",
"retentionAdjustmentDays": -1,
"fbrExpireCheck": [],
"fbrStamps": [],
"audits": [],
"litigationHoldInfo": [],
"smartTags": [],
"purgeBasedOn": "String"
},
"recipientInfo": {
"messageInfo": {
"attachments": [],
"cc": [
"String"
],
"htmlBody": "String",
"transmissionInfo": "String",
"fromHeader": "String",
"subject": "String",
"textBody": "String",
"to": [
"String"
],
"processed": "Date String",
"fromEnvelope": "String",
"sent": "Date String"
},
"recipientMetaInfo": {
"remoteServerGreeting": "String",
"encryptionInfo": "String",
"receiptAcknowledgement": "String",
"receiptEvent": "String",
"transmissionEnd": "Date String",
"spamEvent": "String",
"messageExpiresIn": 3650,
"processingServer": "String",
"binaryEmailSize": 100,
"transmissionSize": 100,
"remoteHost": "String",
"transmissionStart": "Date String",
"remoteIp": "String",
"components": [
{
"mimeType": "String",
"type": "String",
"name": "String",
"extension": "String",
"size": 100
}
]
}
},
"deliveredMessage": {
"[email protected]": {
"messageInfo": {
"attachments": [],
"cc": [
"String"
],
"htmlBody": "String",
"transmissionInfo": "String",
"fromHeader": "String",
"subject": "String",
"route": "String",
"textBody": "String",
"to": [
"String"
],
"processed": "Date String",
"fromEnvelope": "String",
"sent": "String"
},
"policyInfo": [
{
"policyName": "String",
"policyType": "String",
"inherited": false
}
],
"deliveryMetaInfo": {
"remoteServerGreeting": "String",
"encryptionInfo": "String",
"receiptAcknowledgement": "String",
"emailAddress": "String",
"messageExpiresIn": 3650,
"processingServer": "String",
"transmissionSize": 100,
"remoteHost": "String",
"transmissionStart": "Date String",
"remoteIp": "String",
"components": [
{
"mimeType": "text/plain",
"type": "Email Primary Body Plain Text",
"name": "body.txt",
"extension": "txt",
"size": 4075
}
],
"transmissionEnd": "Date String",
"deliveryEvent": "String"
}
}
},
"spamInfo": {
"spamScore": 0,
"detectionLevel": "moderate",
"spamProcessingDetail": {
"rbl": {
"allow": true,
"info": "String"
},
"greyEmail": true,
"spf": {
"allow": true,
"info": "String"
},
"dkim": {
"allow": true,
"info": "String"
},
"dmarc": {
"allow": true,
"info": "String"
},
"permittedSender": {
"allow": true,
"info": "String"
},
"managedSender": {
"allow": true,
"info": "String"
},
"symbolGroups": [
{
"name": "String",
"description": "String"
}
],
"verdict": {
"decision": "String",
"description": "String",
"risk": "negligible",
"categories": [
{
"name": "String",
"risk": "String",
"subcategories": [
{
"name": "String",
"risk": "String",
"augmentations": [
{
"name": "String",
"risk": "String"
}
]
}
]
}
]
}
},
"id": "String"
}
}
Get TTP URL Logs
This action will bring TTP URL logs.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Oldest First | Orders results with the most recent first. (Default is false). | Required |
| Route | Filters logs by route, must be one of inbound, outbound, internal, or all. (Defaults is all). | Required |
| Scan Result | Filters logs by scan result, must be one of clean, malicious, or all. (Defaults is all). | Required |
| Start Time | Jinja-template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}. | Required |
| End Time | Jinja-template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}. | Required |
| Page Size | Jinja-template containing page size. The number of results requested. (Default is 100000). | Required |
Output
An array of TTP URL logs, with each log in different row.
{
"userOverride": "None",
"subject": "[EXT] ME debt alert : DEBTWIRE (01/06/2021 07:50:00)",
"userEmailAddress": "[email protected]",
"scanResult": "clean",
"sendingIp": "104.130.123.234",
"url": "http://devo.com",
"emailPartsDescription": [
"Body"
],
"creationMethod": "User Click",
"fromUserEmailAddress": "[email protected]",
"userAwarenessAction": "N/A",
"has_error": false,
"ttpDefinition": "Default URL Protection Definition",
"error": null,
"date": "2021-06-01T04:47:53+0000",
"messageId": "<[email protected]>",
"actions": "Allow",
"category": "Business",
"route": "inbound",
"action": "allow",
"adminOverride": "N/A"
}
Get TTP Impersonation Protection Logs
This action will bring TTP impersonation protection logs.
Inputs Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Oldest First | Orders results with the most recent first. (Default is false). | |
| Search Field | The field to search, must be one of: senderAddress, recipientAddress, subject, definition or all (meaning all of the preceding fields). (Defaults is all if a search string(query) is provided). | |
| Query | Jinja-template containing query. Required if searchField is not null. A character string to search for in the logs. | |
| Start Time | Jinja-template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}. | |
| End Time | Jinja-template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}. | |
| Page Size | Jinja-template containing page size. The number of results requested. (Default is 100000). |
Output
An array of TTP Impersonation Protection logs, with each log in different row.
{
"subject": "Same Day Ach – Compliance as The RDFI And Opportunities For The ODFI And Originator",
"taggedMalicious": true,
"senderIpAddress": "147.253.210.103",
"impersonationResults": [
{
"impersonationDomainSource": "targeted_threat_dictionary",
"stringSimilarToDomain": "Bank,need,needed,payments,changes,processing,payment,transactions,transaction,Same Day"
},
{
"impersonationDomainSource": "newly_observed_domain",
"similarDomain": "devo.com",
"stringSimilarToDomain": "surbl_fresh"
}
],
"identifiers": [
"newly_observed_domain",
"targeted_threat_dictionary"
],
"has_error": false,
"id": "MTOKEN:eNqrVkouLS7Jz00tSs5PSVWyUnIODXY0NDJxNLQwVdJRykxRsjI1NrMwNzfQUSpLLSrOzM9TsjLUUSrJA6s2MDBRqgUAwuoTYw",
"taggedExternal": true,
"error": null,
"hits": 2,
"messageId": "<[email protected]>",
"eventTime": "2021-06-01T12:59:49+0000",
"definition": "Impersonation Protection",
"senderAddress": "[email protected]",
"action": "hold",
"recipientAddress": "[email protected]"
}
Get TTP Attachment Protection Logs
This action will bring TTP attachment protection logs.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Oldest First | Orders results with the most recent first. (Default is false). | Required |
| Route | Filters logs by result, must be one of safe, malicious, timeout, error, unsafe, or all. (Defaults is all). | Required |
| Start Time | Jinja-template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}. | Required |
| End Time | Jinja-template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}. | Required |
| Page Size | Jinja-template containing page size. The number of results requested. (Default is 100000). | Required |
Output
An array of TTP Attachment Protection logs, with each log in different row.
{
"subject": "Pharming GRP NV: Pharming Group to present at Jefferies Virtual Healthcare Conference - June 1",
"result": "safe",
"fileName": "body.txt",
"fileType": "message/rfc822",
"has_error": false,
"error": null,
"date": "2021-06-01T04:57:59+0000",
"messageId": "<60B5BE5600B3043C01D80001_0_194028@msclnypmsgsv03>",
"definition": "Default Attachment Protection Definition",
"details": "Safe \r\nTime taken: 0 hrs, 0 min, 2 sec",
"route": "inbound",
"senderAddress": "[email protected]",
"actionTriggered": "none, none",
"fileHash": "0dd7e40563915eea2f5f93694d3dddac714e3145f2595d80e787bb0e4980a720",
"recipientAddress": "[email protected]"
}
Find groups
This action will bring a list of groups/folders.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Query | Jinja-templated text containing query. A character string to search for in the groups. Example: {{query_column}} | Required |
| Source | The source of the groups. (Default is cloud). | Required |
| Page Size | Jinja-templated text containing page size.The number of results requested. (Default is 100000) Example: {{page_size_column}}. | Required |
Output
A JSON object containing a list of groups.
{
"subject": "Pharming GRP NV: Pharming Group to present at Jefferies Virtual Healthcare Conference - June 1",
"result": "safe",
"fileName": "body.txt",
"fileType": "message/rfc822",
"has_error": false,
"error": null,
"date": "2021-06-01T04:57:59+0000",
"messageId": "<60B5BE5600B3043C01D80001_0_194028@msclnypmsgsv03>",
"definition": "Default Attachment Protection Definition",
"details": "Safe \r\nTime taken: 0 hrs, 0 min, 2 sec",
"route": "inbound",
"senderAddress": "[email protected]",
"actionTriggered": "none, none",
"fileHash": "0dd7e40563915eea2f5f93694d3dddac714e3145f2595d80e787bb0e4980a720",
"recipientAddress": "[email protected]"
}
Get group members
This action will bring a list of members.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Query | Jinja-templated text containing query. A character string to search for in the groups. Example: {{query_column}} | Required |
| ID | Jinja-templated text containing the Mimecast ID of the group. Example: {{id_column}} | Required |
Output
A JSON object containing a list of members.
{
"name":"",
"internal":false,
"domain":"fundmanager.io",
"emailAddress":"",
"has_error":false,
"error":null,
"type":""
}
Add group member
This action can be used to add user email addresses or domains to a profile group.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| ID | Jinja-templated text containing the Mimecast ID of the group to add to. Example: {{id_column}} | Required |
| Email Address | Jinja-templated text containing the email address of a user to add to a group. Example: {{email_address_column}} | Required |
Output
A JSON object containing multiple rows of result:
*meta:status
- data:data/null
- fail:fail Details.
{
"meta":{
"status":200
},
"data":[
{
"id":"eNoVzVsLgjAYgOH_8t0m6NRleiceCAIjYhWxm3BfOJ2u5qET_ffs-oXn_UCP5WhQCohA3F7cPqfNRdTbgm0S6bO7DltPxYcHfS8YwaJeh6csX6aqoVPFbTpw2_WL6tkdp4Dk2Q4sKMd-0C2aUguc0YTt4xWJPRrMbULTS91BRCy4aiXQKNk1_zlxnMANXe_7A7exLmU",
"folderId":"eNoVjr0KgzAYAN_lWytItInGTWqkdBCkqB1cxHyibTQlUftH3712voO7D1hsF4ODhAhGwfLT9ch1FSaB5q8yI4J7vorLB33vCoLZBi8iZYm60bWvXTrXrrfP-udUrQFJRQ4OKNncIeoaZdGBdrGzHtG0WuIWOBTnOCSxT4NNXNHYQU8QEQc6rSSa_0TAGfO_Px11Lwk",
"emailAddress":"[email protected]",
"internal":false
}
],
"fail":[
]
}
Remove group member
This action can be used to remove user email addresses or domains from a profile group.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| ID | Jinja-templated text containing the Mimecast ID of the group to add to. Example: {{id_column}} | Required |
| Email Address | Jinja-templated text containing the email address of a user to add to a group. Example: {{email_address_column}} | Required |
Get Policy
This endpoint can be used to get Blocked Sender Policies.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Policy Id | Jinja-templated text containing the policy id of blocked sender policy. If not provided, all policies will be returned. | Optional |
Output
A JSON object containing a list of policies.
{
"result": [{
"option": "block_sender",
"id": "fmbvdvbksndv",
"policy": {
"description": "Test Policy",
"fromPart": "header_from",
"from": {
"type": "individual_email_address",
"emailAddress": "[email protected]"
},
"to": {
"type": "individual_email_address",
"emailAddress": "[email protected]"
},
"fromType": "individual_email_address",
"fromValue": "[email protected]",
"toType": "individual_email_address",
"toValue": "[email protected]",
"fromEternal": true,
"toEternal": true,
"fromDate": "1900-01-01T00:00:00+0000",
"toDate": "2100-01-01T23:59:59+0000",
"override": false,
"bidirectional": true,
"conditions": {},
"enabled": true,
"enforced": false,
"createTime": "2022-05-12T06:22:43+0000",
"lastUpdated": "2022-05-12T06:22:43+0000"
}
}],
"error": null,
"has_error": false
}
Create Policy
This endpoint creates new blocked sender policies, which can be used to manage a combination of sender and recipient restrictions.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Policy | Jinja-templated text containing the Policy in json format. Example : {{policy}} | Required |
| Option | Jinja-templated text that defines a policy action, must be one of: no_action, block_sender. | Required |
Output
A JSON object:
{
"fail": [],
"data": [{
"option": "no_action",
"id": "asfhabkjasbfl",
"policy": {
"description": "Test Policy",
"fromPart": "header_from",
"from": {
"type": "individual_email_address",
"emailAddress": "[email protected]"
},
"to": {
"type": "individual_email_address",
"emailAddress": "[email protected]"
},
"fromType": "individual_email_address",
"fromValue": "[email protected]",
"toType": "individual_email_address",
"toValue": "[email protected]",
"fromEternal": true,
"toEternal": true,
"fromDate": "1900-01-01T00:00:00+0000",
"toDate": "2100-01-01T23:59:59+0000",
"override": false,
"bidirectional": true,
"conditions": {},
"enabled": true,
"enforced": false,
"createTime": "2022-05-12T06:24:39+0000",
"lastUpdated": "2022-05-12T06:24:39+0000"
}
}],
"has_error": false,
"meta": {
"status": 200
},
"error": null
}
Release Notes
v4.0.0- Updated architecture to support IO via filesystemv3.4.1- AddedGet PolicyandCreate Policyactions.
Updated 6 months ago