CrowdStrike Logscale

Developed by Mimecast

Mimecast and CrowdStrike Logscale Use Cases: 

Mimecast data ingested adds additional data and context within CrowdStrike Logscale to aid: 

Phishing

Phishing email is sent, the user clicks on the link and then Mimecast identifies the link as malicious and blocks user access. SIEM ingests email telemetry from Mimecast including URL logs. SIEM analyzes phishing link for additional IOCs and identifies 10 matching emails. Analyst runs remediation process to remove the malicious email. 

Compromised Accounts

SIEM triggers an alert based on suspicious user behavior. SIEM enriches indicators from the alert in Mimecast and web security, looking for URL events. Events relating to malicious URLs are found in Mimecast and web security. Analyst resets user credentials. 

Lateral Movement

A user's laptop is connected to open Wi-Fi and infected with malware which phones home to a C&C server. The attacker uses it as a foothold to propagate malware via email. Mimecast identifies malware, blocks email and removes from user inboxes. SIEM correlates events from agents and email activity to gather a full timeline and TTPs of the incident. Analyst quarantines the laptop, creates firewall deny rule for the C&C server IP address.
Back to Top