icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Mimecast for Splunk
SHA256 checksum (mimecast-for-splunk_530.tgz) 040ce75a9d6fd7b6309c311516ffac7552cdea075e3d9dc95dff1c2af7e6f8a6 SHA256 checksum (mimecast-for-splunk_520.tgz) 86faf36359a58ccbe4ac73e45b78672ec70bd7e84aaaa40d9f92fa9b743b2b4b SHA256 checksum (mimecast-for-splunk_510.tgz) ec6fb99e5400e41d7493e3c069dd16d10c53af18effa5dc2bf0e6392d0af5040 SHA256 checksum (mimecast-for-splunk_500.tgz) 97898d7f109e287fa8b02bf5b37de5fc018c88f6ee47d06057d4dc7cbe802c97 SHA256 checksum (mimecast-for-splunk_420.tgz) 779517c22986624965ecca036201aa94c3603947762211e9f731ef85961cc560 SHA256 checksum (mimecast-for-splunk_411.tgz) 9f41ff04652046d986a2d313f1bb4356559657a5aaabdaf93839a8e031590a39 SHA256 checksum (mimecast-for-splunk_410.tgz) 70dca6214cbe62714fa54d057846da294d0c5791a9da2c0809e27000eee537e6
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Mimecast for Splunk

Splunk Cloud
Overview
Details
Cyberattacks can come from many different vectors, but they most commonly arrive via email. By using email to conduct phishing, business email compromise (BEC) attacks, brand impersonation and more, attackers leverage an organization’s weakest security link — its people — to wreak havoc. As a result, email is the No. 1 attack vector for security teams to secure.

By integrating Mimecast with Splunk, security teams can leverage advanced threat detection, enhanced investigation, and faster response to increase their overall level of protection through proactive actions that identify at-risk users and devices. Together, the platforms share high-fidelity indicators to help analysts quickly and accurately identify the root cause of an attack and remediate the threat. This helps security teams ward against initial infection and lateral spread that can lead to downtime, ransom demands, lost data, and stolen passwords.

Splunk can ingest Mimecast logs, along with other security tools, to obtain complete visibility across environments. Out-of-the-box detection templates created by Mimecast’s team of security experts based on known threats, common attack vectors and suspicious activity reduce detection times to make analysts aware of a threat the moment it occurs.

Mimecast regional threat intelligence data can power analytics to generate actionable alerts and incidents, allowing security teams to easily investigate and triage incidents based on the severity and status of detected threats. Additionally, Mimecast provides a Splunk SOAR application as well as a comprehensive Application Programming Interface (API) to make it easy for the platform to be integrated with Splunk’s leading security orchestration, automation, and response (SOAR) for efficient, automated response actions.

Installation Guide: https://community.mimecast.com/s/article/api-and-integration-mimecast-for-splunk

Overview

Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is high value
Impersonation Protect Dashboard


The Impersonation Protect dashboard gives you an at-a-glance view of the types of phishing techniques targeting your organization and who is most at risk.

Attachment Protect Dashboard


Use the Attachment Protect Dashboard to view and investigate targeted malware attacks detected by Mimecast.

URL Protect Dashboard


Use the URL Protect Dashboard to gain insights into malicous or suspicious links clicked in emails.

Key Capabilities and Benefits

● Threat correlation: Identify initial attack deployment methodology, characteristics, and subsequent access attempts without the need for manual effort or multiple toolsets.
● Advanced threat detection: Improve your organization’s security posture and detect threats by augmenting email perimeter defense with user and entity behavior analytics.
● Lateral movement detection: Detect and follow attackers even as they switch IP addresses, devices, or credentials.
● Alert prioritization: Increase efficiency and effectiveness by prioritizing the most pressing threats.
● Threat intelligence: Understand how your organization has been targeted and what attacks have been blocked for better protection at the email perimeter, inside the network and beyond its perimeter.
● Threat investigation: Analyze activity events before and after an attack across the entire attack chain to enhance analyst productivity and repair vulnerabilities.

Solution Overview

  1. Mimecast logs event activity in real time. This includes email receipt, processing and delivery, and employees clicking on links within an email.
    The events are then made available for integration into 3rd party systems via a REST API using industry standard JSON or pipe delimited, key-value pair formats.
  2. Log collection is achieved using modular inputs. For the greatest flexibility, each log type is separated into its own input, allowing you to choose what data you want to ingest.
  3. With modular inputs successfully configured, data is immediately ingested and indexed by Splunk Enterprise. Once indexed, data is searchable and displayed in the app's built in dashboards.

Useful links

Mimecast Tech Connect
for the security operations team, enhancing the benefits of your Splunk Enterprise investment.

Correlate security events detected by Mimecast Targeted Threat Protection and the Secure Email Gateway with other security systems connected to Splunk Enterprise – helping security analysts detect incidents and attacks quickly and accurately.

High Value Data


Add high value email security data to Splunk Enterprise to help investigate and detect threats quickly and accuratley.


Installation Guide

Release Notes

Version 5.3.0
Feb. 6, 2025

· Migrated Add-On for Splunk with AOB version 4.3.0
· Updated Python SDK version to 2.1.0
· Updated data ingestion logic for the "actions" field for TTP URL data.
· Fixed auto datetime parsing issue
· Fixed extractions issue to support special characters in the data

Version 5.2.0
Sept. 18, 2024

Added compatibility with Splunk 9.3

Version 5.1.0
July 9, 2024

Added a new input "Mimecast Awareness Training"
Added new dashboard "Awareness Training"

Version 5.0.0
June 4, 2024

Migrated the endpoints to API v2
Revamp the Inputs and Accounts page
Moved 'Account Code' and 'Base URL' from Input page to Account Page.
Removed 'Application ID', 'Access Key' and 'Secret Key' fields from Account page.
Added 'Client ID' and 'Client Secret' fields for API v2 on the Account page.
Introduced a new input: "Mimecast SIEM - Cloud Integrated".
Introduced a new dashboard: "Email Activity Summary - Cloud Integrated" under Email Activity tab.
Resolved parsing issue for events with equal sign and new line characters.

Version 4.2.0
Jan. 3, 2024

Upgraded Add-on Builder framework version to v4.1.4

Version 4.1.1
May 9, 2022
  • Missing Mimecast icons and logo have been added back

Please see the full list of changes, enhancements and fixes via the below link.

https://community.mimecast.com/s/article/Mimecast-for-Splunk-Release-Notes

Version 4.1.0
April 20, 2022
  • Minor bug fixes for dashboard widgets
  • Updated app to be compatible with Addon Builder 4.1.0
  • XML versions added to dashboards to address jquery vulnerability

Please see the full list of changes, enhancements and fixes via the below link.

https://community.mimecast.com/s/article/Mimecast-for-Splunk-Release-Notes


Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk LLC in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.