Sumo Logic Cloud SOAR

Developed by Sumo Logic

Coordinated, Automated and Efficient Incident Response

By integrating Mimecast and Sumo Logic, organizations gain search and correlation capabilities to detect and respond to cyberattacks from a central location - No needless pivoting between consoles. Sumo Logic combines infrastructure orchestration, playbook automation, case management and integrated threat intelligence to streamline processes and tools.

Solution Overview

1. As inbound emails are received by Mimecast on behalf of the organization, they are subject to analysis by the Mimecast inspection funnel, where a series of email hygiene and advanced security scanning techniques are applied, to ensure that emails are safe before they are delivered to the recipient.

2. Email related data from Mimecast ingested into the Sumo Logic SOAR platform to help with analyst investigations.

3. Coordinate response actions across security tools based on Mimecast data.

4. Adjust Mimecast policies, search and destroy malicious emails, or prevent future threats.


Mimecast & Sumo Logic Use Cases:

Coordinated response aiding in:

Complex Email Threat Investigation

 Develop playbooks to quickly pull together contextual data around an email threat discovered in Mimecast and coordinate next step actions to remediate or flag for further investigation.

Automated Email Threat Enrichment

Orchestrate and automate a variety of critical but repeatable Mimecast commands during an incident response to improve response times.

Complex Email Threat Investigation

Analysts gain greater visibility and new actionable information about the attack through integrated Mimecast commands, with documentation per step and artifact reporting.

Threat Intelligence

 Unifying aggregation, scoring, and sharing of threat intelligence with playbook-driven automation across the security estate.

                                               Key Benefits


Automate email security processes, shorten decision making cycle, and drive resource efficiency through automation.


Enrich intelligence from Mimecast and other security tools for coordinated response.


Achieve full orchestration capabilities using proactive playbooks and workflows. 

Back to Top