Trellix ESM

Developed by Trellix

Strong security requires visibility. Add data from the Secure Email Gateway to McAfee ESM quickly and easily to improve security.

McAfee ESM Integration Summary

Cyber attacks are increasing in volume and sophistication every day. Visibility into activity and threat detection across all gateways, applications and systems, is critical to keep the organization safe and minimize the impact of an attack.

Email continues to be the most targeted attack vector in the industry. Attacks range from malware infected email attachments to sophisticated phishing campaigns containing links to weaponized URLs. This makes activity and threat detection data from the Secure Email Gateway high value to security teams and a must have in any SIEM application.

Key Benefits

  • Improve Visibility - Gain visibility into threats that start with email
  • Enhance Intelligence - Correlate email-borne attacks with events observed in other security systems and leverage McAfee ESM advanced analytics to help detect and prioritize threats
  • Get ahead of attacks - Use email activity data to spot anomalies that could be a leading indicator of an attack


Solution Overview

The Mimecast integration with McAfee ESM provides a zero-code solution to add activity and threat detection data from the Mimecast Secure Email Gateway into the McAfee ESM application with no additional cost.

As email activity and threats are detected by Mimecast, logs are created and made available to McAfee ESM via a secure REST API. The integration periodically connects to this API to ingest data into McAfee ESM where it is normalized to the McAfee ESM data model and ready to be used. Data is available for the following activity / threat types; inbound email (both accepted and rejected), outbound email, internal email, malicious URL clicks, malware detected in email attachments, malware-less email impersonation attacks.

McAfee ESM Integration Workflow




Trellix Support



Release Date

September 2020



Back to Top