Forum Discussion
Solved
RE: Mimecast integration (log ingestion) with Microsoft Sentinel
Can somebody inform me what is best practice or method for ingesting event or log data from Mimecast to Microsoft Sentinel? I am trying to understand what SIEM integration Mimecast has got.
- Hi all, after months of pushing the Mimecast development team we finally have updated Mimecast integration for Microsoft Sentinel:
Find the solutions on the Azure marketplace here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=mimecast&page=1&filters=partner...
Also, if you search 'Mimecast' in your Microsoft Sentinel content hub you should now see the 4 Mimecast products available to deploy in your environment,
all the best!
Hi JMSHW0420, you should probably be looking at the Azure Marketplace app for Mimecast
https://azuremarketplace.microsoft.com/en/marketplace/apps/mimecastnorthamerica1584469118674.mimecast_email_security-for_azure_sentinel?tab=overview
https://azuremarketplace.microsoft.com/en/marketplace/apps/mimecastnorthamerica1584469118674.mimecast_email_security-for_azure_sentinel?tab=overview
- Tried with this for a client and worked with Mimecast support. They were asking us to use an EOL OS which we were not happy to proceed with. No updates as of yet.
I hope Microsoft work on a connector with Mimecast and resolve this soon.BcyberS Absolutely right, and it's ludicrous. Even then their code doesn't work well. I have published some fixes to it over time but it's really not great. GitHub - TotalGriffLock/Mimecast-Azure-Sentinel-Fixes: Reliability fixes made to the Mimecast log agent for Azure Sentinel
I can only assume the person who wrote it has left Mimecast and it is no longer maintained.
- Hey, thanks for sending the GitHub link.
We have also spoken with a 'Mimecast Development Manager' who tells us there will be a new update along with a fresh publication which will make setup smooth via a cloud connector (removing the need for any middleware).
I will let you know once we receive this update.