cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

RE: Mimecast integration (log ingestion) with Microsoft Sentinel

JMSHW0420
Brass Contributor

‎Jul 25 2023 03:23 AM

‎Jul 25 2023 03:23 AM

RE: Mimecast integration (log ingestion) with Microsoft Sentinel

Can somebody inform me what is best practice or method for ingesting event or log data from Mimecast to Microsoft Sentinel?

 

I am trying to understand what SIEM integration Mimecast has got.

2,645 Views
1 Like
7 Replies
Reply
7 Replies
camc

‎Jul 25 2023 04:33 AM

‎Jul 25 2023 04:33 AM

Re: RE: Mimecast integration (log ingestion) with Microsoft Sentinel

Hi JMSHW0420, you should probably be looking at the Azure Marketplace app for Mimecast

https://azuremarketplace.microsoft.com/en/marketplace/apps/mimecastnorthamerica1584469118674.mimecas...
0 Likes
Reply
BcyberS

‎Sep 19 2023 01:31 AM

‎Sep 19 2023 01:31 AM

Re: RE: Mimecast integration (log ingestion) with Microsoft Sentinel

Tried with this for a client and worked with Mimecast support. They were asking us to use an EOL OS which we were not happy to proceed with. No updates as of yet.

I hope Microsoft work on a connector with Mimecast and resolve this soon.
0 Likes
Reply
jgriff100

‎Oct 13 2023 02:56 AM

‎Oct 13 2023 02:56 AM

Re: RE: Mimecast integration (log ingestion) with Microsoft Sentinel

@BcyberS Absolutely right, and it's ludicrous. Even then their code doesn't work well. I have published some fixes to it over time but it's really not great. GitHub - TotalGriffLock/Mimecast-Azure-Sentinel-Fixes: Reliability fixes made to the Mimecast log ag...

 

I can only assume the person who wrote it has left Mimecast and it is no longer maintained.

0 Likes
Reply
BcyberS

‎Oct 13 2023 06:11 AM

‎Oct 13 2023 06:11 AM

Re: RE: Mimecast integration (log ingestion) with Microsoft Sentinel

Hey, thanks for sending the GitHub link.
We have also spoken with a 'Mimecast Development Manager' who tells us there will be a new update along with a fresh publication which will make setup smooth via a cloud connector (removing the need for any middleware).

I will let you know once we receive this update.
1 Like
Reply
best response confirmed by JMSHW0420 (Brass Contributor)
BcyberS

‎Oct 27 2023 01:08 AM

‎Oct 27 2023 01:08 AM

Solution

Re: RE: Mimecast integration (log ingestion) with Microsoft Sentinel

Hi all, after months of pushing the Mimecast development team we finally have updated Mimecast integration for Microsoft Sentinel:

Find the solutions on the Azure marketplace here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=mimecast&page=1&filters=partner...

Also, if you search 'Mimecast' in your Microsoft Sentinel content hub you should now see the 4 Mimecast products available to deploy in your environment,

all the best!
1 Like
Reply
nicheem

‎Mar 14 2024 07:38 AM

‎Mar 14 2024 07:38 AM

, Re: RE: Mimecast integration (log ingestion) with Microsoft Sentinel

Hi there,

 

Am looking to pull SPF, DMARC details from Mimecast to sentinel and couldn't see those details from Microsoft mimecast functions. Does anyone come across this scenario? Thanks in advance.

0 Likes
Reply
BcyberS

‎Mar 14 2024 09:16 AM

‎Mar 14 2024 09:16 AM

Re: , Re: RE: Mimecast integration (log ingestion) with Microsoft Sentinel

Hi,

so assuming you are ingesting Mimecast events into your log analytics workspace already. If you see the Mimecast connector 'Mimecast Secure Email Gateway' table MimecastSIEM_CL. Run a KQL query:

MimecastSIEM_CL
| where logType_s has "receipt" and Dir_s has "Inbound" //looks for all mails received coming inbound only.

open some of the records and you should see an entry in the table under the schema (column) 'SpamProcessingDetail_s': which shows the SPF, DKIM and DMARC info.

Hope this helps!

all the best.
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by JMSHW0420 (Brass Contributor)
BcyberS

‎Oct 27 2023 01:08 AM

‎Oct 27 2023 01:08 AM

Solution

Re: RE: Mimecast integration (log ingestion) with Microsoft Sentinel

Hi all, after months of pushing the Mimecast development team we finally have updated Mimecast integration for Microsoft Sentinel:

Find the solutions on the Azure marketplace here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=mimecast&page=1&filters=partner...

Also, if you search 'Mimecast' in your Microsoft Sentinel content hub you should now see the 4 Mimecast products available to deploy in your environment,

all the best!

View solution in original post

1 Like
Reply