Mimecast
Mimecast is an cloud-based email management service for security, archiving, and continuity services to protect business mail.
Integration with LogicHub
Connecting with Mimecast
To connect with Mimecast following details are required:
- Label: Connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Region: Region where your Mimecast account is hosted.
- Application ID: Application ID of the registered application.
- Application Key: Application key of registered application.
- Access Key: Access key of registered application.
- Secret Key: Secret key of registered application.
Actions with Mimecast
Get Hold Message List
List of hold messages.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Jinja Template Start Time: Jinja Template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.
- Jinja Template End Time: Jinja Template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.
- Sender Name Column Name (Optional): Column name from the parent table that contains sender of the message.
- Recipient Name Column Name (Optional): Column name from the parent table that contains recipient of the message.
- Subject Name Column Name (Optional): Column name from the parent table that contains the subject of the message.
- Sender IP Name Column Name (Optional): Column name from the parent table that contains sender IP of the message.
- Held Reason Name Column Name (Optional): Column name from the parent table that contains held reason of message.
- Is Admin (Optional): Level of results to return. If false, only results for the currently authenticated user will be returned. If true, held messages for all recipients will be returned (default is True).
- Limit (Optional): Number of results to return (Default is 100 messages).
Output of Action
JSON containing the following items:
- has_error: True/False
- error: message/null
- result: List of messages.
Reject Message
Rejects hold the message.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Message IDs Column Name: Column name from the parent table that contains comma-separated ids for messages to be rejected.
- Message Column Name: Rejection message to be returned to sender.
- Reason Type Column Name: The reason code for rejecting the message. Possible values are: MESSAGE CONTAINS UNDESIRABLE CONTENT, MESSAGE CONTAINS CONFIDENTIAL INFORMATION, REVIEWER DISAPPROVES OF CONTENT, INAPPROPRIATE COMMUNICATION, MESSAGE GOES AGAINST EMAIL POLICIES.
Output of Action
JSON containing the following items:
- has_error: True/False
- error: message/null
- result: Success/Failure message.
Release Message
Releases a hold message.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Message ID Column Name: Column name from the parent table that contains the ID for messages to be released.
Output of Action
JSON containing the following items:
- has_error: True/False
- error: message/null
- result: Success/Failure message.
Get Message Details
Retrieve detailed information about a specific message.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Message ID Column Name: Column name from the parent table that contains the ID for messages to be released.
Output of Action
json containing the following items:
- has_error: True/False
- error: message/null
- result: Message Details.
{
"status": "String",
"retentionInfo": {
"currentPurgeDate": "Date String",
"originalPurgeDate": "String",
"retentionAdjustmentDays": -1,
"fbrExpireCheck": [],
"fbrStamps": [],
"audits": [],
"litigationHoldInfo": [],
"smartTags": [],
"purgeBasedOn": "String"
},
"recipientInfo": {
"messageInfo": {
"attachments": [],
"cc": [
"String"
],
"htmlBody": "String",
"transmissionInfo": "String",
"fromHeader": "String",
"subject": "String",
"textBody": "String",
"to": [
"String"
],
"processed": "Date String",
"fromEnvelope": "String",
"sent": "Date String"
},
"recipientMetaInfo": {
"remoteServerGreeting": "String",
"encryptionInfo": "String",
"receiptAcknowledgement": "String",
"receiptEvent": "String",
"transmissionEnd": "Date String",
"spamEvent": "String",
"messageExpiresIn": 3650,
"processingServer": "String",
"binaryEmailSize": 100,
"transmissionSize": 100,
"remoteHost": "String",
"transmissionStart": "Date String",
"remoteIp": "String",
"components": [
{
"mimeType": "String",
"type": "String",
"name": "String",
"extension": "String",
"size": 100
}
]
}
},
"deliveredMessage": {
"[email protected]": {
"messageInfo": {
"attachments": [],
"cc": [
"String"
],
"htmlBody": "String",
"transmissionInfo": "String",
"fromHeader": "String",
"subject": "String",
"route": "String",
"textBody": "String",
"to": [
"String"
],
"processed": "Date String",
"fromEnvelope": "String",
"sent": "String"
},
"policyInfo": [
{
"policyName": "String",
"policyType": "String",
"inherited": false
}
],
"deliveryMetaInfo": {
"remoteServerGreeting": "String",
"encryptionInfo": "String",
"receiptAcknowledgement": "String",
"emailAddress": "String",
"messageExpiresIn": 3650,
"processingServer": "String",
"transmissionSize": 100,
"remoteHost": "String",
"transmissionStart": "Date String",
"remoteIp": "String",
"components": [
{
"mimeType": "text/plain",
"type": "Email Primary Body Plain Text",
"name": "body.txt",
"extension": "txt",
"size": 4075
}
],
"transmissionEnd": "Date String",
"deliveryEvent": "String"
}
}
},
"spamInfo": {
"spamScore": 0,
"detectionLevel": "moderate",
"spamProcessingDetail": {
"rbl": {
"allow": true,
"info": "String"
},
"greyEmail": true,
"spf": {
"allow": true,
"info": "String"
},
"dkim": {
"allow": true,
"info": "String"
},
"dmarc": {
"allow": true,
"info": "String"
},
"permittedSender": {
"allow": true,
"info": "String"
},
"managedSender": {
"allow": true,
"info": "String"
},
"symbolGroups": [
{
"name": "String",
"description": "String"
}
],
"verdict": {
"decision": "String",
"description": "String",
"risk": "negligible",
"categories": [
{
"name": "String",
"risk": "String",
"subcategories": [
{
"name": "String",
"risk": "String",
"augmentations": [
{
"name": "String",
"risk": "String"
}
]
}
]
}
]
}
},
"id": "String"
}
}
Get TTP URL Logs
This action will bring TTP URL logs.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Oldest First: Orders results with the most recent first. (Default is false).
- Route: Filters logs by route, must be one of inbound, outbound, internal, or all. (Defaults is all).
- Scan Result: Filters logs by scan result, must be one of clean, malicious, or all. (Defaults is all).
- Start Time: Jinja Template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.
- End Time: Jinja Template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.
- Page Size: Jinja Template containing page size. The number of results requested. (Default is 100000).
Output of Action
Array of TTP URL logs, with each log in different row.
{
"userOverride": "None",
"subject": "[EXT] ME debt alert : DEBTWIRE (01/06/2021 07:50:00)",
"userEmailAddress": "[email protected]",
"scanResult": "clean",
"sendingIp": "104.130.123.234",
"url": "http://email.notifications.debtwire.com/c/eJyNUslu2zAQ_RrxJoO7xAMPXqI0QOO2qIvAuRQ0OYroaKtIxfDfl3aSIpcABXjhm-HwLTNOg5tt1A4O8eQnQMbOkw-_Akx3TmOq1oKKKi82YpXzgq1ztVIiZ6tKqmq9wpIu0Z8ZpvMXExrNa1nQg7TCWCJqXBvLCSslZ5iygzvUyIxj662Jfuh1P0Rfv10C8ppiSrDEBDNRULEgC8XEsuSScq4U4csq4_id5cIOHWp0YTm2lltBbF3gErAiwIyrMdiCK6ZQZ6Jtko77h6rZbvZ8S_fnfffjvO0e_eNt9bw9tsftpjl-e7g7b3f3p313k7ENml_VU4xLRogiyM5tnCdYDw409PntCrW6iXEMGVtmtErndDotPrJLkO8jtK1_gt5Cur54OL2jtgu5656PqshYNcfudxjmKXWxzfajKxmVl2IHzs9dKt50xrdvoDXdaPxTn-BlC1N8gyNMl06hmASGLZTygJMOQmUKgrFLVxJ3ffF9Gmrfws9zuHPpCUnec16mjpDY-Av0X_H7sIMQdW3aAMj5MF48B7cxEa6Z5ljmmOwwS16JpHdJ-UII9oiiHl8ZXL__jDGC_kW3_gVQhG5s09SUzLvTeUbLL7v7rxlVYR5hQk4DCMfRv8n607nX3didR9AuZRQimvRzY1rvFs0cgvF92rdugNaH67bZySdvvbkuuhFlSTEYSRiAoaA4A255QQ6yIFzJv2UUCkQ",
"emailPartsDescription": [
"Body"
],
"creationMethod": "User Click",
"fromUserEmailAddress": "[email protected]",
"userAwarenessAction": "N/A",
"has_error": false,
"ttpDefinition": "Default URL Protection Definition",
"error": null,
"date": "2021-06-01T04:47:53+0000",
"messageId": "<[email protected]>",
"actions": "Allow",
"category": "Business",
"route": "inbound",
"action": "allow",
"adminOverride": "N/A"
}
Get TTP Impersonation Protection Logs
This action will bring TTP impersonation protection logs.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Oldest First: Orders results with the most recent first. (Default is false).
- Search Field: The field to search, must be one of: senderAddress, recipientAddress, subject, definition or all (meaning all of the preceding fields). (Defaults is all if a search string(query) is provided).
- Query: Jinja Template containing query. Required if searchField is not null. A character string to search for in the logs.
- Start Time: Jinja Template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.
- End Time: Jinja Template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.
- Page Size: Jinja Template containing page size. The number of results requested. (Default is 100000).
Output of Action
Array of TTP Impersonation Protection logs, with each log in different row.
{
"subject": "Same Day Ach – Compliance as The RDFI And Opportunities For The ODFI And Originator",
"taggedMalicious": true,
"senderIpAddress": "147.253.210.103",
"impersonationResults": [
{
"impersonationDomainSource": "targeted_threat_dictionary",
"stringSimilarToDomain": "Bank,need,needed,payments,changes,processing,payment,transactions,transaction,Same Day"
},
{
"impersonationDomainSource": "newly_observed_domain",
"similarDomain": "bounces.getinfoforwebinars.com",
"stringSimilarToDomain": "surbl_fresh"
}
],
"identifiers": [
"newly_observed_domain",
"targeted_threat_dictionary"
],
"has_error": false,
"id": "MTOKEN:eNqrVkouLS7Jz00tSs5PSVWyUnIODXY0NDJxNLQwVdJRykxRsjI1NrMwNzfQUSpLLSrOzM9TsjLUUSrJA6s2MDBRqgUAwuoTYw",
"taggedExternal": true,
"error": null,
"hits": 2,
"messageId": "<[email protected]>",
"eventTime": "2021-06-01T12:59:49+0000",
"definition": "Impersonation Protection",
"senderAddress": "[email protected]",
"action": "hold",
"recipientAddress": "[email protected]"
}
Get TTP Attachment Protection Logs
This action will bring TTP attachment protection logs.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Oldest First: Orders results with the most recent first. (Default is false).
- Route: Filters logs by result, must be one of safe, malicious, timeout, error, unsafe, or all. (Defaults is all).
- Start Time: Jinja Template for the date and time of the earliest message to return (Default is Batch start time). Example: 2011-12-03T10:15:30+0000, {{start_time_column}}.
- End Time: Jinja Template for the date and time of the latest message to return, (Default is Batch end time). Example: 2011-12-04T10:15:30+0000, {{end_time_column}}.
- Page Size: Jinja Template containing page size. The number of results requested. (Default is 100000).
Output of Action
Array of TTP Attachment Protection logs, with each log in different row.
{
"subject": "Pharming GRP NV: Pharming Group to present at Jefferies Virtual Healthcare Conference - June 1",
"result": "safe",
"fileName": "body.txt",
"fileType": "message/rfc822",
"has_error": false,
"error": null,
"date": "2021-06-01T04:57:59+0000",
"messageId": "<[email protected]>",
"definition": "Default Attachment Protection Definition",
"details": "Safe \r\nTime taken: 0 hrs, 0 min, 2 sec",
"route": "inbound",
"senderAddress": "[email protected]",
"actionTriggered": "none, none",
"fileHash": "0dd7e40563915eea2f5f93694d3dddac714e3145f2595d80e787bb0e4980a720",
"recipientAddress": "[email protected]"
}
Find groups
This action will bring a list of groups/folders.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Jinja Template Query: Jinja-templated text containing query. A character string.
to search for in the groups. Example: {{query_column}} - Source: The source of the groups. (Default is cloud)
- Jinja Template Page Size: Jinja-templated text containing page size.The number
of results requested. (Default is 100000) Example: {{page_size_column}}
Output of Action
List of groups
{
"source":"cloud",
"description":"MG-Pietech Domains",
"has_error":false,
"id":"eNoVzkELgjAYgOH_8l0TbLq18jZM6SRImB28iPtEazrbdEXRf8_uLzzvByw2i8FeQgSSjnlv6RQ-isXxodw6OXVDqMTlyd6bgmB2Ox2uSbo7qjtzXeWzufIDmnWvsXScpEkOHihZTxC1tbLoQbPYWQ9oGi1xBeLiLPZEhIyvoUNjez1CRDxotZJo_hOU8oAG3x8DgTCp",
"error":null,
"folderCount":0,
"parentId":"eNoVzs0KgkAUQOF3udsEHZ1xyp2kFgRClJrgRpwrWqMT409S9O7Z_sB3PjBgNWlsBXgQLifXiu3lQLi2rnnOAtWlmSP99MXem4RgfD_ubmHkBvLB5qYw2ViYNo2bpc9mTqLwDAZIUT7Bq0s5oAHVNIyqQ10pgSuwTy7-lvgO42s4ox5a1YNHDKiVFKj_E5Rym5LvD1-TL2I",
"userCount":2
}
Get group members
This action will bring a list of members.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Jinja Template Query: Jinja-templated text containing query. A character string.
to search for in the groups. Example: {{query_column}} - Jinja Template ID: Jinja-templated text containing the Mimecast ID of the group.
Example: {{id_column}}
Output of Action
List of members
{
"name":"",
"internal":false,
"domain":"fundmanager.io",
"emailAddress":"",
"has_error":false,
"error":null,
"type":""
}
Add group member
This action can be used to add user email addresses or domains to a profile group.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Jinja TemplateID: Jinja-templated text containing the Mimecast ID of the group to add to. Example: {{id_column}}
- Jinja Template Email Address: Jinja-templated text containing the email address of a user to add to a group. Example: {{email_address_column}}
Output of Action
JSON containing the following items:
*meta:status
- data:data/null
- fail:fail Details.
{
"meta":{
"status":200
},
"data":[
{
"id":"eNoVzVsLgjAYgOH_8t0m6NRleiceCAIjYhWxm3BfOJ2u5qET_ffs-oXn_UCP5WhQCohA3F7cPqfNRdTbgm0S6bO7DltPxYcHfS8YwaJeh6csX6aqoVPFbTpw2_WL6tkdp4Dk2Q4sKMd-0C2aUguc0YTt4xWJPRrMbULTS91BRCy4aiXQKNk1_zlxnMANXe_7A7exLmU",
"folderId":"eNoVjr0KgzAYAN_lWytItInGTWqkdBCkqB1cxHyibTQlUftH3712voO7D1hsF4ODhAhGwfLT9ch1FSaB5q8yI4J7vorLB33vCoLZBi8iZYm60bWvXTrXrrfP-udUrQFJRQ4OKNncIeoaZdGBdrGzHtG0WuIWOBTnOCSxT4NNXNHYQU8QEQc6rSSa_0TAGfO_Px11Lwk",
"emailAddress":"[email protected]",
"internal":false
}
],
"fail":[
]
}
Remove group member
This action can be used to remove user email addresses or domains from a profile group.
Inputs to this Action
- Connection: Choose a connection that you have created.
- Jinja TemplateID: Jinja-templated text containing the Mimecast ID of the group to add to. Example: {{id_column}}
- Jinja Template Email Address: Jinja-templated text containing the email address of a user to add to a group. Example: {{email_address_column}}
Output of Action
Updated 10 months ago
Did this page help you?