Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is high value
Impersonation Protect Dashboard
The Impersonation Protect dashboard gives you an at-a-glance view of the types of phishing techniques targeting your organization and who is most at risk.
Attachment Protect Dashboard
Use the Attachment Protect Dashboard to view and investigate targeted malware attacks detected by Mimecast.
URL Protect Dashboard
Use the URL Protect Dashboard to gain insights into malicous or suspicious links clicked in emails.
● Threat correlation: Identify initial attack deployment methodology, characteristics, and subsequent access attempts without the need for manual effort or multiple toolsets.
● Advanced threat detection: Improve your organization’s security posture and detect threats by augmenting email perimeter defense with user and entity behavior analytics.
● Lateral movement detection: Detect and follow attackers even as they switch IP addresses, devices, or credentials.
● Alert prioritization: Increase efficiency and effectiveness by prioritizing the most pressing threats.
● Threat intelligence: Understand how your organization has been targeted and what attacks have been blocked for better protection at the email perimeter, inside the network and beyond its perimeter.
● Threat investigation: Analyze activity events before and after an attack across the entire attack chain to enhance analyst productivity and repair vulnerabilities.
Mimecast Tech Connect
for the security operations team, enhancing the benefits of your Splunk Enterprise investment.
Correlate security events detected by Mimecast Targeted Threat Protection and the Secure Email Gateway with other security systems connected to Splunk Enterprise – helping security analysts detect incidents and attacks quickly and accurately.
High Value Data
Add high value email security data to Splunk Enterprise to help investigate and detect threats quickly and accuratley.
· Migrated Add-On for Splunk with AOB version 4.3.0
· Updated Python SDK version to 2.1.0
· Updated data ingestion logic for the "actions" field for TTP URL data.
· Fixed auto datetime parsing issue
· Fixed extractions issue to support special characters in the data
Added compatibility with Splunk 9.3
Added a new input "Mimecast Awareness Training"
Added new dashboard "Awareness Training"
Migrated the endpoints to API v2
Revamp the Inputs and Accounts page
Moved 'Account Code' and 'Base URL' from Input page to Account Page.
Removed 'Application ID', 'Access Key' and 'Secret Key' fields from Account page.
Added 'Client ID' and 'Client Secret' fields for API v2 on the Account page.
Introduced a new input: "Mimecast SIEM - Cloud Integrated".
Introduced a new dashboard: "Email Activity Summary - Cloud Integrated" under Email Activity tab.
Resolved parsing issue for events with equal sign and new line characters.
Upgraded Add-on Builder framework version to v4.1.4
Please see the full list of changes, enhancements and fixes via the below link.
https://community.mimecast.com/s/article/Mimecast-for-Splunk-Release-Notes
Please see the full list of changes, enhancements and fixes via the below link.
https://community.mimecast.com/s/article/Mimecast-for-Splunk-Release-Notes
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.