Mimecast

Version: 3.3.0

Mimecast is a cloud-based email management service for security, archiving, and continuity services to protect business mail.

Connect Mimecast with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Mimecast.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Region: Region where your Mimecast account is hosted.
    • Application ID: Application ID of the registered application.
    • Application Key: Application key of registered application.
    • Access Key: Access key of registered application.
    • Secret Key: Secret key of registered application.
  4. After you've entered all the details, click Connect.

Actions for Mimecast

Get Hold Message List

List of hold messages.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Start Time

Jinja-templated for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.

Required

End Time

Jinja-templated for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.

Required

Sender Name Column Name

Column name from the parent table that contains sender of the message.

Optional

Recipient Name Column Name

Column name from the parent table that contains recipient of the message.

Optional

Subject Name Column Name

Column name from the parent table that contains the subject of the message.

Optional

Sender IP Name Column Name

Column name from the parent table that contains sender IP of the message.

Optional

Held Reason Name Column Name

Column name from the parent table that contains held reason of message.

Optional

Is Admin

Level of results to return. If false, only results for the currently authenticated user will be returned. If true, held messages for all recipients will be returned (default is True).

Optional

Limit

Number of results to return (Default is 100 messages).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: List of messages.

Reject Message

Rejects hold the message.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Message IDs Column Name

Column name from the parent table that contains comma-separated ids for messages to be rejected.

Required

Message Column Name

Rejection message to be returned to sender.

Required

Reason Type Column Name

The reason code for rejecting the message. Possible values are: MESSAGE CONTAINS UNDESIRABLE CONTENT, MESSAGE CONTAINS CONFIDENTIAL INFORMATION, REVIEWER DISAPPROVES OF CONTENT, INAPPROPRIATE COMMUNICATION, MESSAGE GOES AGAINST EMAIL POLICIES.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.

Release Message

Releases a hold message.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Message ID Column Name

Column name from the parent table that contains the ID for messages to be released.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Success/Failure message.

Get Message Details

Retrieve detailed information about a specific message.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Message ID Column Name

Column name from the parent table that contains the ID for messages to be released.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Message Details.
{
         "status": "String",
         "retentionInfo": {
             "currentPurgeDate": "Date String",
             "originalPurgeDate": "String",
             "retentionAdjustmentDays": -1,
             "fbrExpireCheck": [],
             "fbrStamps": [],
             "audits": [],
             "litigationHoldInfo": [],
             "smartTags": [],
             "purgeBasedOn": "String"
         },
         "recipientInfo": {
             "messageInfo": {
                 "attachments": [],
                 "cc": [
                     "String"
                 ],
                 "htmlBody": "String",
                 "transmissionInfo": "String",
                 "fromHeader": "String",
                 "subject": "String",
                 "textBody": "String",
                 "to": [
                     "String"
                 ],
                 "processed": "Date String",
                 "fromEnvelope": "String",
                 "sent": "Date String"
             },
             "recipientMetaInfo": {
                 "remoteServerGreeting": "String",
                 "encryptionInfo": "String",
                 "receiptAcknowledgement": "String",
                 "receiptEvent": "String",
                 "transmissionEnd": "Date String",
                 "spamEvent": "String",
                 "messageExpiresIn": 3650,
                 "processingServer": "String",
                 "binaryEmailSize": 100,
                 "transmissionSize": 100,
                 "remoteHost": "String",
                 "transmissionStart": "Date String",
                 "remoteIp": "String",
                 "components": [
                     {
                         "mimeType": "String",
                         "type": "String",
                         "name": "String",
                         "extension": "String",
                         "size": 100
                     }
                 ]
             }
         },
         "deliveredMessage": {
             "[email protected]": {
                 "messageInfo": {
                     "attachments": [],
                     "cc": [
                         "String"
                     ],
                     "htmlBody": "String",
                     "transmissionInfo": "String",
                     "fromHeader": "String",
                     "subject": "String",
                     "route": "String",
                     "textBody": "String",
                     "to": [
                         "String"
                     ],
                     "processed": "Date String",
                     "fromEnvelope": "String",
                     "sent": "String"
                 },
                 "policyInfo": [
                     {
                         "policyName": "String",
                         "policyType": "String",
                         "inherited": false
                     }
                 ],
                 "deliveryMetaInfo": {
                     "remoteServerGreeting": "String",
                     "encryptionInfo": "String",
                     "receiptAcknowledgement": "String",
                     "emailAddress": "String",
                     "messageExpiresIn": 3650,
                     "processingServer": "String",
                     "transmissionSize": 100,
                     "remoteHost": "String",
                     "transmissionStart": "Date String",
                     "remoteIp": "String",
                     "components": [
                         {
                             "mimeType": "text/plain",
                             "type": "Email Primary Body Plain Text",
                             "name": "body.txt",
                             "extension": "txt",
                             "size": 4075
                         }
                     ],
                     "transmissionEnd": "Date String",
                     "deliveryEvent": "String"
                 }
             }
         },
         "spamInfo": {
             "spamScore": 0,
             "detectionLevel": "moderate",
             "spamProcessingDetail": {
                 "rbl": {
                     "allow": true,
                     "info": "String"
                 },
                 "greyEmail": true,
                 "spf": {
                     "allow": true,
                     "info": "String"
                 },
                 "dkim": {
                     "allow": true,
                     "info": "String"
                 },
                 "dmarc": {
                     "allow": true,
                     "info": "String"
                 },
                 "permittedSender": {
                     "allow": true,
                     "info": "String"
                 },
                 "managedSender": {
                     "allow": true,
                     "info": "String"
                 },
                 "symbolGroups": [
                     {
                         "name": "String",
                         "description": "String"
                     }
                 ],
                 "verdict": {
                     "decision": "String",
                     "description": "String",
                     "risk": "negligible",
                     "categories": [
                         {
                             "name": "String",
                             "risk": "String",
                             "subcategories": [
                                 {
                                     "name": "String",
                                     "risk": "String",
                                     "augmentations": [
                                         {
                                             "name": "String",
                                             "risk": "String"
                                         }
                                     ]
                                 }
                             ]
                         }
                     ]
                 }
             },
             "id": "String"
         }
     }

Get TTP URL Logs

This action will bring TTP URL logs.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Oldest First

Orders results with the most recent first. (Default is false).

Required

Route

Filters logs by route, must be one of inbound, outbound, internal, or all. (Defaults is all).

Required

Scan Result

Jinja-templated for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.

Required

End Time

Jinja-templated for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.

Required

Page Size

Jinja-templated containing page size. The number of results requested. (Default is 100000).

Required

Output

An array of TTP URL logs, with each log in different row.

{
    "userOverride": "None",
    "subject": "[EXT] ME debt alert : DEBTWIRE (01/06/2021 07:50:00)",
    "userEmailAddress": "[email protected]",
    "scanResult": "clean",
    "sendingIp": "104.130.123.234",
    "url": "http://email.notifications.debtwire.com/c/eJyNUslu2zAQ_RrxJoO7xAMPXqI0QOO2qIvAuRQ0OYroaKtIxfDfl3aSIpcABXjhm-HwLTNOg5tt1A4O8eQnQMbOkw-_Akx3TmOq1oKKKi82YpXzgq1ztVIiZ6tKqmq9wpIu0Z8ZpvMXExrNa1nQg7TCWCJqXBvLCSslZ5iygzvUyIxj662Jfuh1P0Rfv10C8ppiSrDEBDNRULEgC8XEsuSScq4U4csq4_id5cIOHWp0YTm2lltBbF3gErAiwIyrMdiCK6ZQZ6Jtko77h6rZbvZ8S_fnfffjvO0e_eNt9bw9tsftpjl-e7g7b3f3p313k7ENml_VU4xLRogiyM5tnCdYDw409PntCrW6iXEMGVtmtErndDotPrJLkO8jtK1_gt5Cur54OL2jtgu5656PqshYNcfudxjmKXWxzfajKxmVl2IHzs9dKt50xrdvoDXdaPxTn-BlC1N8gyNMl06hmASGLZTygJMOQmUKgrFLVxJ3ffF9Gmrfws9zuHPpCUnec16mjpDY-Av0X_H7sIMQdW3aAMj5MF48B7cxEa6Z5ljmmOwwS16JpHdJ-UII9oiiHl8ZXL__jDGC_kW3_gVQhG5s09SUzLvTeUbLL7v7rxlVYR5hQk4DCMfRv8n607nX3didR9AuZRQimvRzY1rvFs0cgvF92rdugNaH67bZySdvvbkuuhFlSTEYSRiAoaA4A255QQ6yIFzJv2UUCkQ",
    "emailPartsDescription": [
        "Body"
    ],
    "creationMethod": "User Click",
    "fromUserEmailAddress": "[email protected]",
    "userAwarenessAction": "N/A",
    "has_error": false,
    "ttpDefinition": "Default URL Protection Definition",
    "error": null,
    "date": "2021-06-01T04:47:53+0000",
    "messageId": "<[email protected]>",
    "actions": "Allow",
    "category": "Business",
    "route": "inbound",
    "action": "allow",
    "adminOverride": "N/A"
}

Get TTP Impersonation Protection Logs

This action will bring TTP impersonation protection logs.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Oldest First

Orders results with the most recent first. (Default is false).

Required

Search Field

The field to search, must be one of: senderAddress, recipientAddress, subject, definition or all (meaning all of the preceding fields). (Defaults is all if a search string(query) is provided).

Required

Query

Jinja-templated containing query. Required if searchField is not null. A character string to search for in the logs.

Required

Start Time

Jinja-templated for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.

Required

End Time

Jinja-templated for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.

Required

Page Size

Jinja-templated containing page size. The number of results requested. (Default is 100000).

Required

Output

An array of TTP Impersonation Protection logs, with each log in different row.

{
    "subject": "Same Day Ach – Compliance as The RDFI And Opportunities For The ODFI And Originator",
    "taggedMalicious": true,
    "senderIpAddress": "147.253.210.103",
    "impersonationResults": [
        {
            "impersonationDomainSource": "targeted_threat_dictionary",
            "stringSimilarToDomain": "Bank,need,needed,payments,changes,processing,payment,transactions,transaction,Same Day"
        },
        {
            "impersonationDomainSource": "newly_observed_domain",
            "similarDomain": "bounces.getinfoforwebinars.com",
            "stringSimilarToDomain": "surbl_fresh"
        }
    ],
    "identifiers": [
        "newly_observed_domain",
        "targeted_threat_dictionary"
    ],
    "has_error": false,
    "id": "MTOKEN:eNqrVkouLS7Jz00tSs5PSVWyUnIODXY0NDJxNLQwVdJRykxRsjI1NrMwNzfQUSpLLSrOzM9TsjLUUSrJA6s2MDBRqgUAwuoTYw",
    "taggedExternal": true,
    "error": null,
    "hits": 2,
    "messageId": "<[email protected]>",
    "eventTime": "2021-06-01T12:59:49+0000",
    "definition": "Impersonation Protection",
    "senderAddress": "[email protected]",
    "action": "hold",
    "recipientAddress": "[email protected]"
}

Get TTP Attachment Protection Logs

This action will bring TTP attachment protection logs.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Oldest First

Orders results with the most recent first. (Default is false).

Required

Route

Filters logs by result, must be one of safe, malicious, timeout, error, unsafe, or all. (Defaults is all).

Required

Start Time

Jinja-templated for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.

Required

End Time

Jinja-templated for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.

Required

Page Size

Jinja-templated containing page size. The number of results requested. (Default is 100000).

Required

Output

An array of TTP Attachment Protection logs, with each log in different row.

{
    "subject": "Pharming GRP NV: Pharming Group to present at Jefferies Virtual Healthcare Conference - June 1",
    "result": "safe",
    "fileName": "body.txt",
    "fileType": "message/rfc822",
    "has_error": false,
    "error": null,
    "date": "2021-06-01T04:57:59+0000",
    "messageId": "<[email protected]>",
    "definition": "Default Attachment Protection Definition",
    "details": "Safe                                              \r\nTime taken: 0 hrs, 0 min, 2 sec",
    "route": "inbound",
    "senderAddress": "[email protected]",
    "actionTriggered": "none, none",
    "fileHash": "0dd7e40563915eea2f5f93694d3dddac714e3145f2595d80e787bb0e4980a720",
    "recipientAddress": "[email protected]"
}

Find groups

This action will bring a list of groups/folders.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Query

Jinja-templated text containing query. A character string to search for in the groups. Example: {{query_column}}

Required

Source

The source of the groups. (Default is cloud).

Required

Page Size

Jinja-templated text containing page size.The number of results requested. (Default is 100000) Example: {{page_size_column}}

Required

Output

A JSON object containing list of groups.

{
    "subject": "Pharming GRP NV: Pharming Group to present at Jefferies Virtual Healthcare Conference - June 1",
    "result": "safe",
    "fileName": "body.txt",
    "fileType": "message/rfc822",
    "has_error": false,
    "error": null,
    "date": "2021-06-01T04:57:59+0000",
    "messageId": "<[email protected]>",
    "definition": "Default Attachment Protection Definition",
    "details": "Safe                                              \r\nTime taken: 0 hrs, 0 min, 2 sec",
    "route": "inbound",
    "senderAddress": "[email protected]",
    "actionTriggered": "none, none",
    "fileHash": "0dd7e40563915eea2f5f93694d3dddac714e3145f2595d80e787bb0e4980a720",
    "recipientAddress": "[email protected]"
}

Get group members

This action will bring a list of members.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Query

Jinja-templated text containing query. A character string to search for in the groups. Example: {{query_column}}

Required

ID

Jinja-templated text containing the Mimecast ID of the group.
Example: {{id_column}}

Required

Output

A JSON object containing list of members.

{
   "name":"",
   "internal":false,
   "domain":"fundmanager.io",
   "emailAddress":"",
   "has_error":false,
   "error":null,
   "type":""
}

Add group member

This action can be used to add user email addresses or domains to a profile group.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

ID

Jinja-templated text containing the Mimecast ID of the group to add to. Example: {{id_column}}

Required

Email Address

Jinja-templated text containing the email address of a user to add to a group. Example: {{email_address_column}}

Required

Output

A JSON object containing multiple rows of result:
*meta:status

  • data:data/null
  • fail:fail Details.
{
   "meta":{
      "status":200
   },
   "data":[
      {
         "id":"eNoVzVsLgjAYgOH_8t0m6NRleiceCAIjYhWxm3BfOJ2u5qET_ffs-oXn_UCP5WhQCohA3F7cPqfNRdTbgm0S6bO7DltPxYcHfS8YwaJeh6csX6aqoVPFbTpw2_WL6tkdp4Dk2Q4sKMd-0C2aUguc0YTt4xWJPRrMbULTS91BRCy4aiXQKNk1_zlxnMANXe_7A7exLmU",
         "folderId":"eNoVjr0KgzAYAN_lWytItInGTWqkdBCkqB1cxHyibTQlUftH3712voO7D1hsF4ODhAhGwfLT9ch1FSaB5q8yI4J7vorLB33vCoLZBi8iZYm60bWvXTrXrrfP-udUrQFJRQ4OKNncIeoaZdGBdrGzHtG0WuIWOBTnOCSxT4NNXNHYQU8QEQc6rSSa_0TAGfO_Px11Lwk",
         "emailAddress":"[email protected]",
         "internal":false
      }
   ],
   "fail":[
      
   ]
}

Remove group member

This action can be used to remove user email addresses or domains from a profile group.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

ID

Jinja-templated text containing the Mimecast ID of the group to add to. Example: {{id_column}}

Required

Email Address

Jinja-templated text containing the email address of a user to add to a group.
Example: {{email_address_column}}

Required


Did this page help you?