Developed by Mimecast

Identify Threats & Inform Response

Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is high value for the security operations team, enhancing the benefits of your Splunk Enterprise investment.

Correlate security events detected by Mimecast Targeted Threat Protection and the Secure Email Gateway with other security systems connected to Splunk Enterprise – helping security analysts detect incidents and attacks quickly and accurately.


Key Benefits


  • Analyze logs from your Mimecast tenant in isolation using Splunk Enterprise's powerful search capability
  • Correlate logs from your Mimecast tenant with data from other security systems to provide more context and actionable information
  • Stay informed with out-of-the-box dashboards or by creating custom reports and alerts tailored to your organization's needs
  • Track user activty and system changes in Mimecast and correlate this with data from other systems
  • Leverage data to demonstrate regulatory compliance


Solution Overview


  1. Mimecast logs event activity in real time. This includes email receipt, processing and delivery, and employees clicking on links within an email.
    The events are then made available for integration into 3rd party systems via a REST API using industry standard JSON or pipe delimited, key-value pair formats.
  2. Log collection is achieved using modular inputs. For the greatest flexibility, each log type is separated into its own input, allowing you to choose what data you want to ingest.
  3. With modular inputs successfully configured, data is immediately ingested and indexed by Splunk Enterprise. Once indexed, data is searchable and displayed in the app's built in dashboards.


Release Notes








Release Date

October 2020



Back to Top