Rapid7 insightIDR Integration

Developed by Rapid7

Strong security requires visibility and situational awareness. Generate alerts from both email and web security events detected by Mimecast in Rapid7 insightIDR.

Cyber attacks are increasing in volume and sophistication every day. Situational awareness about activity and threat detection across all gateways, applications and systems, is critical to keep the organization safe and minimize the impact of an attack.

Email continues to be the most targeted attack vector in the industry. Attacks range from malware infected email attachments to sophisticated phishing campaigns containing links to weaponized URLs. This makes activity and threat detection data from the Secure Email Gateway high value to security teams and a must have in any SIEM or alerting application.

Solution Overview

The Mimecast integration with Rapid7 insightIDR provides a zero-code solution to add activity and threat detection data from Mimecast into the insightIDR application with no additional cost.

As email and web threats are detected by Mimecast, logs are created and made available to insightIDR via a secure REST API. The integration periodically connects to this API to ingest data into insightIDR where it is used to generate virus infection and web proxy alerts.

Rapid7 insightIDR Integration Solution Overview

Data is available for the following activity / threat types;

  • Receipt - These events show the actions taken on an email, including whether the email successfully made it to the recipient’s inbox, or if the email was rejected due to an invalid address
  • Targeted Threat Protection URL - These events are generated when there are malicious or phishing links in emails.
  • Targeted Threat Protection Attachment - These events show the results of attachment scanning from Mimecast.

Developer

Rapid7

Contact

https://insight.rapid7.com/login

Documentation

View

Release Date

October 2020

Version

1