Mimecast Event Collector
#This Integration is part of the Mimecast Pack.
Supported Cortex XSOAR versions: 6.8.0 and later.
#Configure Mimecast Event Collector on Cortex XSOAR
Navigate to Settings > Integrations > Servers & Services.
Search for Mimecast Event Collector.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Base URL True Application ID True Application Key True Access Key True Secret Key True First fetch timestamp (<number> <time unit>, for example, 12 hours, 7 days, 3 months, 1 year) This parameter is used only for the Audit logs configuration. SIEM logs always set to "7 days ago". For additional information, review the pack README. True Trust any certificate (not secure) False Use system proxy settings False
Click Test to validate the URLs, token, and connection.
This integration is collecting events from 2 end points.
#All events are fetched at once when activating the integration from first fetch timestamp until now. After that the fetch mechanism will call every 1 minute to update the audit events from Mimecast. audit events
#The logs will always be fetched from 7 days ago. Once the integration is activated, the logs will stream in batches of 350 logs per fetch. When all available logs are retrieved, the fetch mechanism will call every 1 minute to update the SIEM logs from Mimecast. SIEM logs
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Manual command to fetch events and display them.
|should_push_events||Set this argument to True in order to create events, otherwise the command will only display them. Possible values are: True, False. Default is False.||Required|
There is no context output for this command.