Developed by Mimecast
The Mimecast integration with IBM QRadar offers joint customers improved visibility into potential vulnerabilities, ongoing attacks, prioritized incident response alerts and an overall increased security posture through one single console.
With email remaining the number one attack vector, it’s more important than ever to bring email security data into a single platform. The Mimecast for IBM QRadar app offers organizations better detection and alerting before, during and after an attack. Integrating Mimecast data into the IBM QRadar security intelligence platform through the Mimecast data logging API allows email security data to be correlated against other data sources, and be included in behavioral anomaly detection helping to identify indicators of advanced threats in real-time, that would otherwise go unnoticed.
Mimecast and IBM customers can better predict and prioritize what vulnerabilities to remediate through improved visibility of attacks with highly focused alerts. These alerts allow security teams to respond faster and with more certainty which helps contain and limit the impact of an attack. Additionally, joint customers can benefit from an increased security posture by leveraging one single system for threat intelligence and response.
-Improved parser to handle the presence of special characters within the 'subject' field.
-Support for distributed QRadar environments. Admins can specify the IP address of the target event collector/processor on the Mimecast for QRadar App configuration page
-Improved OpenSSL key generation
-Mimecast Saved Searches have been assigned to a group
-Resolved a high resource consumption issue, where supervisord.log references as 'Too many open files'
-Updated minimum QRadar version to 7.3.1
- Integrate Mimecast security data
- Gateway, audit and Targeted Threat Protection logs
- Mimecast security data is mapped to QRadar event ID's
- Pre-defined searches for simpler data visibility