API 2.0 Overview API 1.0 to 2.0 Migration Guide What's New
Action Usecase Alerting Usecase Analysis and Response API's Building Search Queries Configuration Backup Restore and Export APIs Enrichment Usecase Groups Usecase Mimecast API In Power BI Secure Email Gateway SIEM Tutorial CG SIEM Tutorial CI SIEM Batch CG Guidelines SIEM Batch CI Guidelines
API 2.0 Reference API 1.0 Reference
Alliance Partners
Become a Partner

CrowdStrike Logscale

Developed by Mimecast

From detection to security insights with CrowdStrike LogScale and Mimecast

By integrating Mimecast and CrowdStrike LogScale, organizations gain search and correlation capabilities across all log types to detect and respond to cyber attacks. Live searches and near real time dashboards cut detection times and blazing fast search empowers incident response and threat hunting teams to uncover the full kill chain and proactively find potentially malicious activity. LogScale blazing fast search performance enables threat hunters to quickly ask any questions of their Mimecast data, including complex correlation searches across multiple data sources.

Developer: Mimecast
Contact: Mimecast Support
Documentation: View
Release Date: July 2021
Version: 1.0
Talk to a Specialist
GET STARTED

Solution Overview

1. Emails received by Mimecast are passed through a series of hygiene scanning techniques, to ensure that they are safe before delivery to the recipient.

2. Email intelligence provided by Mimecast is sent to CrowdStrike Logscale for normalization and correlation. 

3. CrowdStrike Logscale uses the email intelligence to alert analysts and add context to data from other security tool data sources.

Mimecast and CrowdStrike Logscale Use Cases: 

Mimecast data ingested adds additional data and context within CrowdStrike Logscale to aid: 

Phishing

Phishing email is sent, the user clicks on the link and then Mimecast identifies the link as malicious and blocks user access. SIEM ingests email telemetry from Mimecast including URL logs. SIEM analyzes phishing link for additional IOCs and identifies 10 matching emails. Analyst runs remediation process to remove the malicious email. 

Compromised Accounts

SIEM triggers an alert based on suspicious user behavior. SIEM enriches indicators from the alert in Mimecast and web security, looking for URL events. Events relating to malicious URLs are found in Mimecast and web security. Analyst resets user credentials. 

Lateral Movement

A user's laptop is connected to open Wi-Fi and infected with malware which phones home to a C&C server. The attacker uses it as a foothold to propagate malware via email. Mimecast identifies malware, blocks email and removes from user inboxes. SIEM correlates events from agents and email activity to gather a full timeline and TTPs of the incident. Analyst quarantines the laptop, creates firewall deny rule for the C&C server IP address.

Key Benefits

01.

Add context to your Mimecast logs by correlating with other log sources including infrastructure, network and software logs.

02. 

CrowdStrike Logscale unique architecture enables customer's to log everything to miss nothing.

 

03.

Get more value from Mimecast IOC detections by searching for these across other log sources.

04.

Contain attacks earlier with rapid detections and response to phishing and business email compromise tactics.

05.

Empower threat hunters with blazing fast search across logs from the #1 attack vector, email.

 

06.

Enable investigations to uncover the full kill-chain right back to the initial email compromise

Related Resources

Resources_26.jpg
Email Security Resource
Mimecast and CrowdStrike in Under 90 Seconds
Video
News_Coverage_38.jpg
Press Release
Mimecast joins the CrowdStrike elevate partner program to better protect customers from advanced cyberattacks  
Oct 28, 2020
Resources_38.jpg
Email Security Resource
The Powerful Alliance of CrowdStrike, Mimecast, Netskope and Okta
Whitepaper

Related Integrations

CrowdStrike
CrowdStrike Falcon XDR
Back to Top