Forum Discussion
Solved
RE: Mimecast integration (log ingestion) with Microsoft Sentinel
Can somebody inform me what is best practice or method for ingesting event or log data from Mimecast to Microsoft Sentinel? I am trying to understand what SIEM integration Mimecast has got.
- Hi all, after months of pushing the Mimecast development team we finally have updated Mimecast integration for Microsoft Sentinel:
Find the solutions on the Azure marketplace here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=mimecast&page=1&filters=partner...
Also, if you search 'Mimecast' in your Microsoft Sentinel content hub you should now see the 4 Mimecast products available to deploy in your environment,
all the best!
Hi all, after months of pushing the Mimecast development team we finally have updated Mimecast integration for Microsoft Sentinel:
Find the solutions on the Azure marketplace here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=mimecast&page=1&filters=partner...
Also, if you search 'Mimecast' in your Microsoft Sentinel content hub you should now see the 4 Mimecast products available to deploy in your environment,
all the best!
Find the solutions on the Azure marketplace here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=mimecast&page=1&filters=partner...
Also, if you search 'Mimecast' in your Microsoft Sentinel content hub you should now see the 4 Mimecast products available to deploy in your environment,
all the best!
Hi there,
Am looking to pull SPF, DMARC details from Mimecast to sentinel and couldn't see those details from Microsoft mimecast functions. Does anyone come across this scenario? Thanks in advance.
- Hi,
so assuming you are ingesting Mimecast events into your log analytics workspace already. If you see the Mimecast connector 'Mimecast Secure Email Gateway' table MimecastSIEM_CL. Run a KQL query:
MimecastSIEM_CL
| where logType_s has "receipt" and Dir_s has "Inbound" //looks for all mails received coming inbound only.
open some of the records and you should see an entry in the table under the schema (column) 'SpamProcessingDetail_s': which shows the SPF, DKIM and DMARC info.
Hope this helps!
all the best.