Mimecast

Version: 4.0.0

Mimecast is an cloud-based email management service for security, archiving, and continuity services to protect business mail.

Connecting with Mimecast with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Mimecast.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Region: Region where your Mimecast account is hosted.
    • Application ID: Application ID of the registered application.
    • Application Key: Application key of registered application.
    • Access Key: Access key of registered application.
    • Secret Key: Secret key of registered application.
  4. After you've entered all the details, click Connect.

Actions for Mimecast

Get Hold Message List

List of hold messages.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Start TimeJinja Template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.Required
End TimeJinja Template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.Required
Sender Name Column NameColumn name from the parent table that contains sender of the message.Optional
Recipient Name Column NameColumn name from the parent table that contains recipient of the message.Optional
Subject Name Column NameColumn name from the parent table that contains the subject of the message.Optional
Sender IP Name Column NameColumn name from the parent table that contains sender IP of the message.Optional
Held Reason Name Column NameColumn name from the parent table that contains held reason of message.Optional
Is AdminLevel of results to return. If false, only results for the currently authenticated user will be returned. If true, held messages for all recipients will be returned (default is True).Optional
LimitNumber of results to return (Default is 100 messages).Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: List of messages.
3360

Reject Message

Rejects hold the message.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Message IDs Column NameColumn name from the parent table that contains comma-separated ids for messages to be rejected.Required
Message Column NameRejection message to be returned to sender.Required
Reason Type Column NameThe reason code for rejecting the message. Possible values are: MESSAGE CONTAINS UNDESIRABLE CONTENT, MESSAGE CONTAINS CONFIDENTIAL INFORMATION, REVIEWER DISAPPROVES OF CONTENT, INAPPROPRIATE COMMUNICATION, MESSAGE GOES AGAINST EMAIL POLICIES.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.
3360

Release Message

Releases a hold message.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Message ID Column NameColumn name from the parent table that contains the ID for messages to be released.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.
3360

Get Message Details

Retrieve detailed information about a specific message.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Message ID Column NameColumn name from the parent table that contains the ID for messages to be released.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Message Details.
{
         "status": "String",
         "retentionInfo": {
             "currentPurgeDate": "Date String",
             "originalPurgeDate": "String",
             "retentionAdjustmentDays": -1,
             "fbrExpireCheck": [],
             "fbrStamps": [],
             "audits": [],
             "litigationHoldInfo": [],
             "smartTags": [],
             "purgeBasedOn": "String"
         },
         "recipientInfo": {
             "messageInfo": {
                 "attachments": [],
                 "cc": [
                     "String"
                 ],
                 "htmlBody": "String",
                 "transmissionInfo": "String",
                 "fromHeader": "String",
                 "subject": "String",
                 "textBody": "String",
                 "to": [
                     "String"
                 ],
                 "processed": "Date String",
                 "fromEnvelope": "String",
                 "sent": "Date String"
             },
             "recipientMetaInfo": {
                 "remoteServerGreeting": "String",
                 "encryptionInfo": "String",
                 "receiptAcknowledgement": "String",
                 "receiptEvent": "String",
                 "transmissionEnd": "Date String",
                 "spamEvent": "String",
                 "messageExpiresIn": 3650,
                 "processingServer": "String",
                 "binaryEmailSize": 100,
                 "transmissionSize": 100,
                 "remoteHost": "String",
                 "transmissionStart": "Date String",
                 "remoteIp": "String",
                 "components": [
                     {
                         "mimeType": "String",
                         "type": "String",
                         "name": "String",
                         "extension": "String",
                         "size": 100
                     }
                 ]
             }
         },
         "deliveredMessage": {
             "[email protected]": {
                 "messageInfo": {
                     "attachments": [],
                     "cc": [
                         "String"
                     ],
                     "htmlBody": "String",
                     "transmissionInfo": "String",
                     "fromHeader": "String",
                     "subject": "String",
                     "route": "String",
                     "textBody": "String",
                     "to": [
                         "String"
                     ],
                     "processed": "Date String",
                     "fromEnvelope": "String",
                     "sent": "String"
                 },
                 "policyInfo": [
                     {
                         "policyName": "String",
                         "policyType": "String",
                         "inherited": false
                     }
                 ],
                 "deliveryMetaInfo": {
                     "remoteServerGreeting": "String",
                     "encryptionInfo": "String",
                     "receiptAcknowledgement": "String",
                     "emailAddress": "String",
                     "messageExpiresIn": 3650,
                     "processingServer": "String",
                     "transmissionSize": 100,
                     "remoteHost": "String",
                     "transmissionStart": "Date String",
                     "remoteIp": "String",
                     "components": [
                         {
                             "mimeType": "text/plain",
                             "type": "Email Primary Body Plain Text",
                             "name": "body.txt",
                             "extension": "txt",
                             "size": 4075
                         }
                     ],
                     "transmissionEnd": "Date String",
                     "deliveryEvent": "String"
                 }
             }
         },
         "spamInfo": {
             "spamScore": 0,
             "detectionLevel": "moderate",
             "spamProcessingDetail": {
                 "rbl": {
                     "allow": true,
                     "info": "String"
                 },
                 "greyEmail": true,
                 "spf": {
                     "allow": true,
                     "info": "String"
                 },
                 "dkim": {
                     "allow": true,
                     "info": "String"
                 },
                 "dmarc": {
                     "allow": true,
                     "info": "String"
                 },
                 "permittedSender": {
                     "allow": true,
                     "info": "String"
                 },
                 "managedSender": {
                     "allow": true,
                     "info": "String"
                 },
                 "symbolGroups": [
                     {
                         "name": "String",
                         "description": "String"
                     }
                 ],
                 "verdict": {
                     "decision": "String",
                     "description": "String",
                     "risk": "negligible",
                     "categories": [
                         {
                             "name": "String",
                             "risk": "String",
                             "subcategories": [
                                 {
                                     "name": "String",
                                     "risk": "String",
                                     "augmentations": [
                                         {
                                             "name": "String",
                                             "risk": "String"
                                         }
                                     ]
                                 }
                             ]
                         }
                     ]
                 }
             },
             "id": "String"
         }
     }

Get TTP URL Logs

This action will bring TTP URL logs.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Oldest FirstOrders results with the most recent first. (Default is false).Required
RouteFilters logs by route, must be one of inbound, outbound, internal, or all. (Defaults is all).Required
Scan ResultFilters logs by scan result, must be one of clean, malicious, or all. (Defaults is all).Required
Start TimeJinja-template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.Required
End TimeJinja-template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.Required
Page SizeJinja-template containing page size. The number of results requested. (Default is 100000).Required

Output

An array of TTP URL logs, with each log in different row.

{
    "userOverride": "None",
    "subject": "[EXT] ME debt alert : DEBTWIRE (01/06/2021 07:50:00)",
    "userEmailAddress": "[email protected]",
    "scanResult": "clean",
    "sendingIp": "104.130.123.234",
    "url": "http://email.notifications.debtwire.com/c/eJyNUslu2zAQ_RrxJoO7xAMPXqI0QOO2qIvAuRQ0OYroaKtIxfDfl3aSIpcABXjhm-HwLTNOg5tt1A4O8eQnQMbOkw-_Akx3TmOq1oKKKi82YpXzgq1ztVIiZ6tKqmq9wpIu0Z8ZpvMXExrNa1nQg7TCWCJqXBvLCSslZ5iygzvUyIxj662Jfuh1P0Rfv10C8ppiSrDEBDNRULEgC8XEsuSScq4U4csq4_id5cIOHWp0YTm2lltBbF3gErAiwIyrMdiCK6ZQZ6Jtko77h6rZbvZ8S_fnfffjvO0e_eNt9bw9tsftpjl-e7g7b3f3p313k7ENml_VU4xLRogiyM5tnCdYDw409PntCrW6iXEMGVtmtErndDotPrJLkO8jtK1_gt5Cur54OL2jtgu5656PqshYNcfudxjmKXWxzfajKxmVl2IHzs9dKt50xrdvoDXdaPxTn-BlC1N8gyNMl06hmASGLZTygJMOQmUKgrFLVxJ3ffF9Gmrfws9zuHPpCUnec16mjpDY-Av0X_H7sIMQdW3aAMj5MF48B7cxEa6Z5ljmmOwwS16JpHdJ-UII9oiiHl8ZXL__jDGC_kW3_gVQhG5s09SUzLvTeUbLL7v7rxlVYR5hQk4DCMfRv8n607nX3didR9AuZRQimvRzY1rvFs0cgvF92rdugNaH67bZySdvvbkuuhFlSTEYSRiAoaA4A255QQ6yIFzJv2UUCkQ",
    "emailPartsDescription": [
        "Body"
    ],
    "creationMethod": "User Click",
    "fromUserEmailAddress": "[email protected]",
    "userAwarenessAction": "N/A",
    "has_error": false,
    "ttpDefinition": "Default URL Protection Definition",
    "error": null,
    "date": "2021-06-01T04:47:53+0000",
    "messageId": "<[email protected]>",
    "actions": "Allow",
    "category": "Business",
    "route": "inbound",
    "action": "allow",
    "adminOverride": "N/A"
}

Get TTP Impersonation Protection Logs

This action will bring TTP impersonation protection logs.

Inputs Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Oldest FirstOrders results with the most recent first. (Default is false).
Search FieldThe field to search, must be one of: senderAddress, recipientAddress, subject, definition or all (meaning all of the preceding fields). (Defaults is all if a search string(query) is provided).
QueryJinja-template containing query. Required if searchField is not null. A character string to search for in the logs.
Start TimeJinja-template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.
End TimeJinja-template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.
Page SizeJinja-template containing page size. The number of results requested. (Default is 100000).

Output

An array of TTP Impersonation Protection logs, with each log in different row.

{
    "subject": "Same Day Ach – Compliance as The RDFI And Opportunities For The ODFI And Originator",
    "taggedMalicious": true,
    "senderIpAddress": "147.253.210.103",
    "impersonationResults": [
        {
            "impersonationDomainSource": "targeted_threat_dictionary",
            "stringSimilarToDomain": "Bank,need,needed,payments,changes,processing,payment,transactions,transaction,Same Day"
        },
        {
            "impersonationDomainSource": "newly_observed_domain",
            "similarDomain": "bounces.getinfoforwebinars.com",
            "stringSimilarToDomain": "surbl_fresh"
        }
    ],
    "identifiers": [
        "newly_observed_domain",
        "targeted_threat_dictionary"
    ],
    "has_error": false,
    "id": "MTOKEN:eNqrVkouLS7Jz00tSs5PSVWyUnIODXY0NDJxNLQwVdJRykxRsjI1NrMwNzfQUSpLLSrOzM9TsjLUUSrJA6s2MDBRqgUAwuoTYw",
    "taggedExternal": true,
    "error": null,
    "hits": 2,
    "messageId": "<[email protected]>",
    "eventTime": "2021-06-01T12:59:49+0000",
    "definition": "Impersonation Protection",
    "senderAddress": "[email protected]",
    "action": "hold",
    "recipientAddress": "[email protected]"
}

Get TTP Attachment Protection Logs

This action will bring TTP attachment protection logs.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Oldest FirstOrders results with the most recent first. (Default is false).Required
RouteFilters logs by result, must be one of safe, malicious, timeout, error, unsafe, or all. (Defaults is all).Required
Start TimeJinja-template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.Required
End TimeJinja-template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.Required
Page SizeJinja-template containing page size. The number of results requested. (Default is 100000).Required

Output

An array of TTP Attachment Protection logs, with each log in different row.

{
    "subject": "Pharming GRP NV: Pharming Group to present at Jefferies Virtual Healthcare Conference - June 1",
    "result": "safe",
    "fileName": "body.txt",
    "fileType": "message/rfc822",
    "has_error": false,
    "error": null,
    "date": "2021-06-01T04:57:59+0000",
    "messageId": "<60B5BE5600B3043C01D80001_0_194028@msclnypmsgsv03>",
    "definition": "Default Attachment Protection Definition",
    "details": "Safe                                              \r\nTime taken: 0 hrs, 0 min, 2 sec",
    "route": "inbound",
    "senderAddress": "[email protected]",
    "actionTriggered": "none, none",
    "fileHash": "0dd7e40563915eea2f5f93694d3dddac714e3145f2595d80e787bb0e4980a720",
    "recipientAddress": "[email protected]"
}

Find groups

This action will bring a list of groups/folders.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
QueryJinja-templated text containing query. A character string to search for in the groups.
Example: {{query_column}}
Required
SourceThe source of the groups. (Default is cloud).Required
Page SizeJinja-templated text containing page size.The number of results requested. (Default is 100000) Example: {{page_size_column}}.Required

Output

A JSON object containing a list of groups.

{
    "subject": "Pharming GRP NV: Pharming Group to present at Jefferies Virtual Healthcare Conference - June 1",
    "result": "safe",
    "fileName": "body.txt",
    "fileType": "message/rfc822",
    "has_error": false,
    "error": null,
    "date": "2021-06-01T04:57:59+0000",
    "messageId": "<60B5BE5600B3043C01D80001_0_194028@msclnypmsgsv03>",
    "definition": "Default Attachment Protection Definition",
    "details": "Safe                                              \r\nTime taken: 0 hrs, 0 min, 2 sec",
    "route": "inbound",
    "senderAddress": "[email protected]",
    "actionTriggered": "none, none",
    "fileHash": "0dd7e40563915eea2f5f93694d3dddac714e3145f2595d80e787bb0e4980a720",
    "recipientAddress": "[email protected]"
}

Get group members

This action will bring a list of members.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
QueryJinja-templated text containing query. A character string to search for in the groups.
Example: {{query_column}}
Required
IDJinja-templated text containing the Mimecast ID of the group.
Example: {{id_column}}
Required

Output

A JSON object containing a list of members.

{
   "name":"",
   "internal":false,
   "domain":"fundmanager.io",
   "emailAddress":"",
   "has_error":false,
   "error":null,
   "type":""
}

Add group member

This action can be used to add user email addresses or domains to a profile group.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IDJinja-templated text containing the Mimecast ID of the group to add to. Example: {{id_column}}Required
Email AddressJinja-templated text containing the email address of a user to add to a group. Example: {{email_address_column}}Required

Output

A JSON object containing multiple rows of result:
*meta:status

  • data:data/null
  • fail:fail Details.
{
   "meta":{
      "status":200
   },
   "data":[
      {
         "id":"eNoVzVsLgjAYgOH_8t0m6NRleiceCAIjYhWxm3BfOJ2u5qET_ffs-oXn_UCP5WhQCohA3F7cPqfNRdTbgm0S6bO7DltPxYcHfS8YwaJeh6csX6aqoVPFbTpw2_WL6tkdp4Dk2Q4sKMd-0C2aUguc0YTt4xWJPRrMbULTS91BRCy4aiXQKNk1_zlxnMANXe_7A7exLmU",
         "folderId":"eNoVjr0KgzAYAN_lWytItInGTWqkdBCkqB1cxHyibTQlUftH3712voO7D1hsF4ODhAhGwfLT9ch1FSaB5q8yI4J7vorLB33vCoLZBi8iZYm60bWvXTrXrrfP-udUrQFJRQ4OKNncIeoaZdGBdrGzHtG0WuIWOBTnOCSxT4NNXNHYQU8QEQc6rSSa_0TAGfO_Px11Lwk",
         "emailAddress":"[email protected]",
         "internal":false
      }
   ],
   "fail":[
      
   ]
}

Remove group member

This action can be used to remove user email addresses or domains from a profile group.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IDJinja-templated text containing the Mimecast ID of the group to add to. Example: {{id_column}}Required
Email AddressJinja-templated text containing the email address of a user to add to a group. Example: {{email_address_column}}Required

Get Policy

This endpoint can be used to get Blocked Sender Policies.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Policy IdJinja-templated text containing the policy id of blocked sender policy. If not provided, all policies will be returned.Optional

Output

A JSON object containing a list of policies.

{
	"result": [{
		"option": "block_sender",
		"id": "fmbvdvbksndv",
		"policy": {
			"description": "Test Policy",
			"fromPart": "header_from",
			"from": {
				"type": "individual_email_address",
				"emailAddress": "[email protected]"
			},
			"to": {
				"type": "individual_email_address",
				"emailAddress": "[email protected]"
			},
			"fromType": "individual_email_address",
			"fromValue": "[email protected]",
			"toType": "individual_email_address",
			"toValue": "[email protected]",
			"fromEternal": true,
			"toEternal": true,
			"fromDate": "1900-01-01T00:00:00+0000",
			"toDate": "2100-01-01T23:59:59+0000",
			"override": false,
			"bidirectional": true,
			"conditions": {},
			"enabled": true,
			"enforced": false,
			"createTime": "2022-05-12T06:22:43+0000",
			"lastUpdated": "2022-05-12T06:22:43+0000"
		}
	}],
	"error": null,
	"has_error": false
}

Create Policy

This endpoint creates new blocked sender policies, which can be used to manage a combination of sender and recipient restrictions.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
PolicyJinja-templated text containing the Policy in json format. Example : {{policy}}Required
OptionJinja-templated text that defines a policy action, must be one of: no_action, block_sender.Required

Output

A JSON object:

{
	"fail": [],
	"data": [{
		"option": "no_action",
		"id": "asfhabkjasbfl",
		"policy": {
			"description": "Test Policy",
			"fromPart": "header_from",
			"from": {
				"type": "individual_email_address",
				"emailAddress": "[email protected]"
			},
			"to": {
				"type": "individual_email_address",
				"emailAddress": "[email protected]"
			},
			"fromType": "individual_email_address",
			"fromValue": "[email protected]",
			"toType": "individual_email_address",
			"toValue": "[email protected]",
			"fromEternal": true,
			"toEternal": true,
			"fromDate": "1900-01-01T00:00:00+0000",
			"toDate": "2100-01-01T23:59:59+0000",
			"override": false,
			"bidirectional": true,
			"conditions": {},
			"enabled": true,
			"enforced": false,
			"createTime": "2022-05-12T06:24:39+0000",
			"lastUpdated": "2022-05-12T06:24:39+0000"
		}
	}],
	"has_error": false,
	"meta": {
		"status": 200
	},
	"error": null
}

Release Notes

  • v4.0.0 - Updated architecture to support IO via filesystem
  • v3.4.1 - Added Get Policy and Create Policy actions.

© 2017-2021 LogicHub®. All Rights Reserved.