Forum Discussion
Solved
RE: Mimecast integration (log ingestion) with Microsoft Sentinel
Can somebody inform me what is best practice or method for ingesting event or log data from Mimecast to Microsoft Sentinel?
I am trying to understand what SIEM integration Mimecast has got.
- Hi all, after months of pushing the Mimecast development team we finally have updated Mimecast integration for Microsoft Sentinel:
Find the solutions on the Azure marketplace here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=mimecast&page=1&filters=partner...
Also, if you search 'Mimecast' in your Microsoft Sentinel content hub you should now see the 4 Mimecast products available to deploy in your environment,
all the best!
- Hi all, after months of pushing the Mimecast development team we finally have updated Mimecast integration for Microsoft Sentinel:
Find the solutions on the Azure marketplace here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=mimecast&page=1&filters=partner...
Also, if you search 'Mimecast' in your Microsoft Sentinel content hub you should now see the 4 Mimecast products available to deploy in your environment,
all the best!Hi there,
Am looking to pull SPF, DMARC details from Mimecast to sentinel and couldn't see those details from Microsoft mimecast functions. Does anyone come across this scenario? Thanks in advance.
- Hi,
so assuming you are ingesting Mimecast events into your log analytics workspace already. If you see the Mimecast connector 'Mimecast Secure Email Gateway' table MimecastSIEM_CL. Run a KQL query:
MimecastSIEM_CL
| where logType_s has "receipt" and Dir_s has "Inbound" //looks for all mails received coming inbound only.
open some of the records and you should see an entry in the table under the schema (column) 'SpamProcessingDetail_s': which shows the SPF, DKIM and DMARC info.
Hope this helps!
all the best.
- Hi JMSHW0420, you should probably be looking at the Azure Marketplace app for Mimecast
https://azuremarketplace.microsoft.com/en/marketplace/apps/mimecastnorthamerica1584469118674.mimecast_email_security-for_azure_sentinel?tab=overview- Tried with this for a client and worked with Mimecast support. They were asking us to use an EOL OS which we were not happy to proceed with. No updates as of yet.
I hope Microsoft work on a connector with Mimecast and resolve this soon.BcyberS Absolutely right, and it's ludicrous. Even then their code doesn't work well. I have published some fixes to it over time but it's really not great. GitHub - TotalGriffLock/Mimecast-Azure-Sentinel-Fixes: Reliability fixes made to the Mimecast log agent for Azure Sentinel
I can only assume the person who wrote it has left Mimecast and it is no longer maintained.
