Assumptions
This document uses terms and phrases that may be specific to Mimecast. To learn more about Mimecast terminology and capabilities (policies, groups, etc.), please refer to Mimecaster Central.
URL & Domain Management
| API Endpoint |
Information | Example | Included Data |
Notes |
| Delete Managed URL |
This API endpoint allows for the removal of an existing Managed URL entry. |
Remove a blocked URL after verification that the destination is no longer malicious |
Success or failure status of the URL removal | |
| Create Managed URL | This endpoint can be used to add new managed URL entries for URL Protection. The common actions are to manually block or permit a URL, however additional options include the ability to disable URL rewriting and bypassing User Awareness. |
Permit a known URL that has been blocked by Mimecast’s scanning engine, or prevent rewriting of URLs that are only valid once |
URL value, click-log enforcement, user awareness enforcement, action, URL matching condition, enable or disable or URL rewrite, port enforcement |
Each account has a maximum URL entry limit, which can be reached more quickly when automating the addition of URLs. To get more information on your account’s current limit, please reach out to your Customer Success Manager, or your regional Customer Success Desk. |
| Create Policy | This endpoint creates new blocked sender policies, which can be used to manage a combination of sender and recipient restrictions. |
Block a sender based on a combination of domain and IP range, or based on matching a regular expression |
Sender application, recipient application, IP range application, policy start and end dates, description, override enforcement, bi-directional application |
Groups can be used to apply policies based on a number of members, and are preferred over creating a policy per-user when applicable. Groups also allow for easier modification, when policy application is temporary |
| Get Policy | This endpoint retrieves the blocked sender policy details, which can be used to manage a combination of sender and recipient restrictions. |
Find policy a that is blocking outbound emails for a specific user | Sender application, recipient application, IP range application, policy start and end dates, description, override enforcement, bi-directional application |
Group Management
|
API Endpoint |
Information | Example | Included Data | Notes |
| Add Group Member | This endpoint can be used to add user email addresses or domains to a profile group | Add a new domain to the Blocked Senders group | Domain or email address added to the group, group ID, entry ID | Groups do not support wildcard or regular expression entries. If either of these is needed, a Blocked Sender Policy should be used |
| Create Group | This API endpoint can be used to create new Profile Groups at the root level, or as a child-group. Groups can be used to apply permissions and policies |
Create a new group for an integration-specific set of policy applications or user login restriction |
Group name, group ID (used to reference when creating policies) parent group ID, member count, sub-group count |
|
| Update Group | This API endpoint can be used to update existing Profile Groups at the root level, or as a child-group | Rename an existing group | Group name, group ID (used to reference when creating policies) parent group ID, member count, sub-group count |
|
| Delete Group | This API endpoint can be used to remove an existing Profile Group | Temporary group of restricted users is no longer needed | Group deletion request status | Groups must be empty of members and subgroups prior to deletion, and cannot have any policies currently scoped to the group |
| Remove Group Member | This API endpoint can be used to remove user email addresses or domains from a Profile Group. Hash - Bring Your Own Threat Intelligence (e.g. block a Hash) |
Bring Your Own Threat Intelligence (e.g., block a file hash)
| API Endpoint |
Information |
Example |
| Create Batch |
This endpoint can be used to import a single or batch of multiple indicators. |
These indicators can be used to perform a specific action based on their presence. (E.g. a file-hash can be added with a block action to prevent the delivery of a message with an attachment matching that file-hash) |
Message Remediation (A.K.A., Search & Destroy)
| API Endpoint |
Information |
Example |
Notes |
| Search for File |
Used to identify if an account has seen a specific file hash within messages over the last year. |
Need to determine if any user has received a specific SHA-256 file hash |
A maximum of 100 file hashes can be submitted in a single API call Currently, this endpoint does not support image file hashes |
| Create Incident (Trigger removal of Email) |
This endpoint can be used to create a remediation incident, by messaged or file hash. |
Need to remove any message containing a specific URL, and hide the copy from users' view in Mimecast |
A successful call will return the incident information and will take the same actions as a manual remediation incident created in the Administration Console |
User Action Capabilities
Policy Management
| API Endpoint | Information |
| Permit or Block Sender | This API endpoint can be used manage sender by either permitting or blocking them. |
Group Management
Group Management (Policies are applied to groups and the related endpoints allow the
management of group and users – e.g. add the email addresses of users for the group in which the policy will be applied to)