Skip to main content

Mimecast Event Collector

This Integration is part of the Mimecast Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Configure Mimecast Event Collector on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Mimecast Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    Base URLTrue
    Application IDTrue
    Application KeyTrue
    Access KeyTrue
    Secret KeyTrue
    First fetch timestamp (<number> <time unit>, for example, 12 hours, 7 days, 3 months, 1 year)This parameter is used only for the Audit logs configuration. SIEM logs always set to "7 days ago". For additional information, review the pack README.True
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

General information#

This integration is collecting events from 2 end points.

  • audit events#

    All events are fetched at once when activating the integration from first fetch timestamp until now. After that the fetch mechanism will call every 1 minute to update the audit events from Mimecast.
  • SIEM logs#

    The logs will always be fetched from 7 days ago. Once the integration is activated, the logs will stream in batches of 350 logs per fetch. When all available logs are retrieved, the fetch mechanism will call every 1 minute to update the SIEM logs from Mimecast.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Manual command to fetch events and display them.

Base Command#



Argument NameDescriptionRequired
should_push_eventsSet this argument to True in order to create events, otherwise the command will only display them. Possible values are: True, False. Default is False.Required

Context Output#

There is no context output for this command.