Google Threat Intelligence

Google Threat Intelligence Integration

The integration pulls IoCs from GTI threat lists and pushes them into Mimecast. Different indicator types are enforced differently in Mimecast (for example, File Hashes via Bring Your Own Threat Intelligence, URLs via Managed URLs, Domains via Blocked Senders). The integration runs on a schedule and uses checkpoints so only new data is processed after the first run.

Developer: Google

Supported By: Mimecast Support

Release Date: March 2026

Talk to a Specialist

Get Started

File Hashes

Fetch SHA256 hashes from selected GTI threat lists (e.g. ransomware, malware) and pushes them to Mimecast Bring Your Own Threat Intelligence (BYOTI).

URLs

Fetch URLs from selected threat lists and adds them to Mimecast Managed URLs.

Domains

Fetch domains from selected threat lists and adds them to Mimecast (Block Senders and optionally, Managed URLs).

Key Benefits

01.

Automates ingestion of GTI threat intelligence into Mimecast for email protection.

02.

Reduces manual effort to maintain BYOTI, Managed URLs, and Blocked Senders lists from threat feeds.

03.

Lets you choose which indicator types to import and refine data with Query, Verdicts, and Severities.

04.

Uses checkpointing so only new data is processed after the first run.

05.

Supports notifications when the integration hits permanent errors (e.g. invalid credentials).