Skip to main content

Mimecast v2

This Integration is part of the Mimecast Pack.#

Mimecast unified email management offers cloud email services for email security, continuity and archiving emails. Please read detailed instructions in order to understand how to set the integration's parameters.

Rate Limiting#

https://developer.services.mimecast.com/api-overview#rate-limiting Mimecast uses quotas per period of time (i.e. rate limits) that apply to every API function, per registered App. A typical quota is a number of API calls per unit of time (but could also be expressed as the size of data returned, etc.). When the quota has been exhausted, further requests will fail until the new time period restarts the count of API calls. The rate limit reset value is the length of time in milliseconds before a minimum of 1 API will be permitted.

Configure Mimecast v2 on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Mimecast v2.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    BaseUrl - API url including region, For example https://api.services.mimecast.comTrue
    Client IDFalse
    Client SecretFalse
    App IDFalse
    User Email Address (Use for auto token refresh)False
    PasswordFalse
    App keyFalse
    AccessKeyFalse
    SecretKeyFalse
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Fetch incidentsFalse
    Fetch URL incidentsFalse
    Fetch attachment incidentsFalse
    Fetch impersonation incidentsFalse
    Incident typeFalse
    Hours before first fetch to retrieve incidentsFalse
    Incident typeFalse
    Fetch incidentsFalse
    Incident typeFalse
    Fetch incidentsFalse
    Incident typeFalse
    Fetch incidentsFalse
    Incidents Fetch IntervalFalse

Note: The fields User Email Address (Use for auto token refresh) and Password are not mandatory fields. You will only need them if you have expiry set on the auth of the user account you use to create the API keys. They will be used to auto refresh the API key once it expires.

  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

mimecast-query#

Query Mimecast emails. This is an archive search command.

Base Command#

mimecast-query

Input#

Argument NameDescriptionRequired
queryXmlThe query string xml for the search using Mimecast Unified Search Experience (MUSE) - read more on https://community.mimecast.com/docs/DOC-2262, using this will override other query arguments.Optional
textSearch for this text in messages.Optional
dryRunWill not execute the query, but just return the query string built. Possible values are: true, false. Default is false.Optional
dateSearch in specific dates only. Possible values are: today, yesterday, last_week, last_month, last_year.Optional
dateFromSearch emails from date, format YYYY-MM-DDTHH:MM:SZ (e.g. 2015-09-21T23:00:00Z).Optional
dateToSearch emails to date, format YYYY-MM-DDTHH:MM:SZ (e.g. 2015-09-21T23:00:00Z).Optional
sentToFilter on messages to a specific address.Optional
sentFromFilter on messages from a specific address.Optional
subjectSearch email by subject, will override the text argument.Optional
attachmentTypeThese are the attachment types available: optional - messages with and without attachments any - messages with any attachment documents - messages with doc, dot, docx, docm, dotx, dotm, pdf, rtf, html attachments spreadsheets - messages with xls, xlt, xlsx, xlsm, xltx, xltm, xlsb, xlam, csv attachments presentations - messages with ppt, pptx, pptm, potx, potm, ppam, ppsx, ppsm, sldx, sldm, thms, pps attachments text - messages with txt, text, html, log attachments images - messages with jpg, jpeg, png, bmp, gif, psd, tif, tiff attachments media - messages with mp3, mp4, m4a, mpg, mpeg, avi, wav, aac, wma, mov attachments zips - messages with zip, rar, cab, gz, gzip, 7z attachments none - No attachments are to be present in the results. Possible values are: optional, any, documents, spreadsheets, presentations, text, images, media, zips, none.Optional
attachmentTextSearch for text in attachments.Optional
bodySearch email by text in body, will override the text and subject arguments.Optional
page_sizeNumber of results per page to display. Possible values are: .Optional
startRowThis parameter is ignored, use the pagination parameters instead. Possible values are: .Optional
activeDefines if the search should query recently received messages that are not fully processed yet (default false). You can search by mailbox and date time across active messages. Possible values are: true, false. Default is false.Optional
limitThe maximum number of results to return. Possible values are: . Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.Message.IDstringMessage ID
Mimecast.Message.SubjectstringMessage subject
Mimecast.Message.SenderstringMessage sender address
Mimecast.Message.RecipientstringMessage recipient address
Mimecast.Message.RecievedDatedateMessage received date
Mimecast.Message.SizenumberThe size of the message in bytes
Mimecast.Message.AttachmentCountnumberMessage attachments count
Mimecast.Message.StatusstringMessage status

mimecast-list-blocked-sender-policies#

Deprecate - use mimecast-list-policies instead

Base Command#

mimecast-list-blocked-sender-policies

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
Mimecast.Policy.IDstringPolicy ID
Mimecast.Policy.Sender.AddressstringBlock Sender by email address
Mimecast.Policy.Sender.DomainstringBlock Sender by domain
Mimecast.Policy.Sender.GroupstringBlock Sender by group
Mimecast.Policy.BidirectionalbooleanBlocked policy is bidirectional or not
Mimecast.Policy.Receiver.AddressstringBlock emails to receiver type address
Mimecast.Policy.Receiver.DomainstringBlock emails to receiver type domain
Mimecast.Policy.Receiver.GroupstringBlock emails to receiver type group
Mimecast.Policy.FromDatedatePolicy validation start date
Mimecast.Policy.ToDatedatePolicy expiration date
Mimecast.Policy.Sender.TypestringBlock emails to sender type
Mimecast.Policy.Receiver.TypestringBlock emails to receiver type

mimecast-get-policy#

Get a policy by ID.

Base Command#

mimecast-get-policy

Input#

Argument NameDescriptionRequired
policyIDPolicy ID. The policy ID can be retrieved from the data.id field using the mimecast-list-policies command. For type address-alteration provide the folderId from the data.addressAlterationSetId field.Required
policyTypePolicy type. Possible values are: blockedsenders, antispoofing-bypass, address-alteration. Default is blockedsenders.Optional

Context Output#

PathTypeDescription
Mimecast.Policy.IDstringPolicy ID.
Mimecast.Policy.Sender.AddressstringBlock Sender by email address.
Mimecast.Policy.Sender.DomainstringBlock Sender by domain.
Mimecast.Policy.Sender.GroupstringBlock Sender by group.
Mimecast.Policy.BidirectionalbooleanBlocked policy is bidirectional or not.
Mimecast.Policy.Receiver.AddressstringBlock emails to receiver type address.
Mimecast.Policy.Receiver.DomainstringBlock emails to receiver type domain.
Mimecast.Policy.Receiver.GroupstringBlock emails to receiver type group.
Mimecast.Policy.FromdatedatePolicy validation start date.
Mimecast.Policy.TodatedatePolicy expiration date.
Mimecast.Blockedsenders.IDstringPolicy ID.
Mimecast.Blockedsenders.Sender.AddressstringBlock Sender by email address.
Mimecast.Blockedsenders.Sender.DomainstringBlock Sender by domain.
Mimecast.Blockedsenders.Sender.GroupstringBlock Sender by group.
Mimecast.Blockedsenders.BidirectionalbooleanBlocked policy is bidirectional or not.
Mimecast.Blockedsenders.Receiver.AddressstringBlock emails to receiver type address.
Mimecast.Blockedsenders.Receiver.DomainstringBlock emails to receiver type domain.
Mimecast.Blockedsenders.Receiver.GroupstringBlock emails to receiver type group.
Mimecast.Blockedsenders.FromdatedatePolicy validation start date.
Mimecast.Blockedsenders.TodatedatePolicy expiration date.
Mimecast.AntispoofingBypassPolicy.IDstringPolicy ID.
Mimecast.AntispoofingBypassPolicy.Sender.AddressstringBlock Sender by email address.
Mimecast.AntispoofingBypassPolicy.Sender.DomainstringBlock Sender by domain.
Mimecast.AntispoofingBypassPolicy.Sender.GroupstringBlock Sender by group.
Mimecast.AntispoofingBypassPolicy.BidirectionalbooleanBlocked policy is bidirectional or not.
Mimecast.AntispoofingBypassPolicy.Receiver.AddressstringBlock emails to receiver type address.
Mimecast.AntispoofingBypassPolicy.Receiver.DomainstringBlock emails to receiver type domain.
Mimecast.AntispoofingBypassPolicy.Receiver.GroupstringBlock emails to receiver type group.
Mimecast.AntispoofingBypassPolicy.FromdatedatePolicy validation start date.
Mimecast.AntispoofingBypassPolicy.TodatedatePolicy expiration date.
Mimecast.AddressAlterationPolicy.IDstringPolicy ID.
Mimecast.AddressAlterationPolicy.Sender.AddressstringBlock Sender by email address.
Mimecast.AddressAlterationPolicy.Sender.DomainstringBlock Sender by domain.
Mimecast.AddressAlterationPolicy.Sender.GroupstringBlock Sender by group.
Mimecast.AddressAlterationPolicy.BidirectionalbooleanBlocked policy is bidirectional or not.
Mimecast.AddressAlterationPolicy.Receiver.AddressstringBlock emails to receiver type address.
Mimecast.AddressAlterationPolicy.Receiver.DomainstringBlock emails to receiver type domain.
Mimecast.AddressAlterationPolicy.Receiver.GroupstringBlock emails to receiver type group.
Mimecast.AddressAlterationPolicy.FromdatedatePolicy validation start date.
Mimecast.AddressAlterationPolicy.TodatedatePolicy expiration date.

Command example#

!mimecast-get-policy policyType=blockedsenders policyID=eNo1jkkOgjAAAP_Sqx4KLbgkHoggEjdcsOIN24p1odACBo1_Fw_eZzLzBprTSnHBwBAE_SZeTf0O0Q6rB0VaL_U8NNeEBta194xKFCrL1RSGkbsnXnCSaTTLEtw3jbt6XI4oiVO-K-TUIqVYJ_lz4KPsihcFxucNqpb7mzh4L7aZzNViBLogl3dBm1_ZwHbP7gJa6VI-uKKS8XZnHG0dA5qOieyWrrnSQmYt_Dd3Tc6Dnw0hhp8vdftBPg

Context Example#

{
"Mimecast": {
"Blockedsenders": {
"Bidirectional": false,
"FromDate": "1900-01-01T00:00:00+0000",
"ID": "eNo1jkkOgjAAAP_Sqx4KLbgkHoggEjdcsOIN24p1odACBo1_Fw_eZzLzBprTSnHBwBAE_SZeTf0O0Q6rB0VaL_U8NNeEBta194xKFCrL1RSGkbsnXnCSaTTLEtw3jbt6XI4oiVO-K-TUIqVYJ_lz4KPsihcFxucNqpb7mzh4L7aZzNViBLogl3dBm1_ZwHbP7gJa6VI-uKKS8XZnHG0dA5qOieyWrrnSQmYt_Dd3Tc6Dnw0hhp8vdftBPg",
"Reciever": {
"Address": null,
"Domain": null,
"Group": null,
"Type": "everyone"
},
"Sender": {
"Address": null,
"Domain": null,
"Group": null,
"Type": "everyone"
},
"ToDate": "2100-01-01T23:59:59+0000"
},
"Policy": {
"Bidirectional": false,
"FromDate": "1900-01-01T00:00:00+0000",
"ID": "eNo1jkkOgjAAAP_Sqx4KLbgkHoggEjdcsOIN24p1odACBo1_Fw_eZzLzBprTSnHBwBAE_SZeTf0O0Q6rB0VaL_U8NNeEBta194xKFCrL1RSGkbsnXnCSaTTLEtw3jbt6XI4oiVO-K-TUIqVYJ_lz4KPsihcFxucNqpb7mzh4L7aZzNViBLogl3dBm1_ZwHbP7gJa6VI-uKKS8XZnHG0dA5qOieyWrrnSQmYt_Dd3Tc6Dnw0hhp8vdftBPg",
"Reciever": {
"Address": null,
"Domain": null,
"Group": null,
"Type": "everyone"
},
"Sender": {
"Address": null,
"Domain": null,
"Group": null,
"Type": "everyone"
},
"ToDate": "2100-01-01T23:59:59+0000"
}
}
}

Human Readable Output#

Mimecast Get blockedsenders Policy#

Policy IDSenderRecieverBidirectionalStartEnd
eNo1jkkOgjAAAP_Sqx4KLbgkHoggEjdcsOIN24p1odACBo1_Fw_eZzLzBprTSnHBwBAE_SZeTf0O0Q6rB0VaL_U8NNeEBta194xKFCrL1RSGkbsnXnCSaTTLEtw3jbt6XI4oiVO-K-TUIqVYJ_lz4KPsihcFxucNqpb7mzh4L7aZzNViBLogl3dBm1_ZwHbP7gJa6VI-uKKS8XZnHG0dA5qOieyWrrnSQmYt_Dd3Tc6Dnw0hhp8vdftBPgGroup: null
Email Address: null
Domain: null
Type: everyone		Group: null
Email Address: null
Domain: null
Type: everyone		false1900-01-01T00:00:00+00002100-01-01T23:59:59+0000

Command example#

!mimecast-get-policy policyType="address-alteration" policyID=eNoVjr0OgjAYAN-lKw5QoAqJQ5H4AwZQUBM2hKJV5IutFcX47uJ8yd19kGSlEoxXyEXqLNMl8frQfnVci4Mrk8XFwunCq09G3h5MvVknETV4crYK_6htaTaZZw7gFXO4jTecxHcVBTYmmh4WqnprPQ1Fv4jpdkxMv4Z83wDsu3QGUzRCpZIPuDFRQsWG-myXUkPHFJtkgE8mJIcWucYI1dBUTPwXiWUN9u8P87s5UQ

Context Example#

{
"Mimecast": {
"AddressAlterationPolicy": {
"Bidirectional": null,
"FromDate": null,
"ID": "eNoVzs2OgjAUQOF3uVtY0IKdkcRFxfiHgwqIhh3S4tRU70wrGjS--zD7k5zvBVbWrZFKQAiHMrrbtMvPQUy_dLSaJx0lC5rNxs2JlNe97-nVJuFEbb6DanJ0Up5_TvMh0oUcqgHdKrb-bZPlgDLHi6tWdM6Tx-Y5W_P0g_mTBstCIxaPLMIRuKBF9QNhU2krXahbe8OLNDUK2VOiXcaJRzn1WV_epbEKrxASFxrUQpp_LwuCfvX-A6m-PQc",
"Reciever": {
"Address": null,
"Domain": null,
"Group": null,
"Type": null
},
"Sender": {
"Address": null,
"Domain": null,
"Group": null,
"Type": null
},
"ToDate": null
},
"Policy": {
"Bidirectional": null,
"FromDate": null,
"ID": "eNoVzs2OgjAUQOF3uVtY0IKdkcRFxfiHgwqIhh3S4tRU70wrGjS--zD7k5zvBVbWrZFKQAiHMrrbtMvPQUy_dLSaJx0lC5rNxs2JlNe97-nVJuFEbb6DanJ0Up5_TvMh0oUcqgHdKrb-bZPlgDLHi6tWdM6Tx-Y5W_P0g_mTBstCIxaPLMIRuKBF9QNhU2krXahbe8OLNDUK2VOiXcaJRzn1WV_epbEKrxASFxrUQpp_LwuCfvX-A6m-PQc",
"Reciever": {
"Address": null,
"Domain": null,
"Group": null,
"Type": null
},
"Sender": {
"Address": null,
"Domain": null,
"Group": null,
"Type": null
},
"ToDate": null
}
}
}

Human Readable Output#

Mimecast Get address-alteration Policy#

Policy IDSenderRecieverBidirectionalStartEnd
eNoVzs2OgjAUQOF3uVtY0IKdkcRFxfiHgwqIhh3S4tRU70wrGjS--zD7k5zvBVbWrZFKQAiHMrrbtMvPQUy_dLSaJx0lC5rNxs2JlNe97-nVJuFEbb6DanJ0Up5_TvMh0oUcqgHdKrb-bZPlgDLHi6tWdM6Tx-Y5W_P0g_mTBstCIxaPLMIRuKBF9QNhU2krXahbe8OLNDUK2VOiXcaJRzn1WV_epbEKrxASFxrUQpp_LwuCfvX-A6m-PQcGroup: null
Email Address: null
Domain: null
Type: null		Group: null
Email Address: null
Domain: null
Type: null

mimecast-create-policy#

Deprecated. Please use mimecast-create-block-sender-policy

Base Command#

mimecast-create-policy

Input#

Argument NameDescriptionRequired
descriptionPolicy description.Required
fromPartAddresses based on. Possible values are: envelope_from, header_from, both. Default is envelope_from.Optional
fromTypeBlocked Sender type. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, individual_email_address.Required
fromValueRequired if fromType is one of email domain, profile group, individual email address. Expected values: If fromType is email_domain, a domain name without the @ symbol. If fromType is profile_group, the ID of the profile group. If fromType is individual_email_address, an email address.Optional
toTypeReceiver type. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address, free_mail_domains, header_display_name.Required
toValueRequired if fromType is one of email domain, profile group, individual email address. Expected values: If toType is email_domain, a domain name without the @ symbol. If toType is profile_group, the ID of the profile group. If toType is individual_email_address, an email address.Optional
optionThe block option, must be one of: no_action, block_sender. Possible values are: no_action, block_sender.Required

Context Output#

PathTypeDescription
Mimecast.Policy.IDstringPolicy ID
Mimecast.Policy.Sender.AddressstringBlock Sender by email address
Mimecast.Policy.Sender.DomainstringBlock Sender by domain
Mimecast.Policy.Sender.GroupstringBlock Sender by group
Mimecast.Policy.BidirectionalbooleanBlocked policy is Bidirectional or not
Mimecast.Policy.Receiver.AddressstringBlock emails to receiver type address
Mimecast.Policy.Receiver.DomainstringBlock emails to receiver type domain
Mimecast.Policy.Receiver.GroupstringBlock emails to receiver type group
Mimecast.Policy.FromdatedatePolicy validation start date
Mimecast.Policy.TodatedatePolicy expiration date
Mimecast.Policy.Sender.TypeStringThe sender type
Mimecast.Policy.Receiver.TypeStringThe receiver type

mimecast-delete-policy#

Delete a Blocked Sender Policy.

Base Command#

mimecast-delete-policy

Input#

Argument NameDescriptionRequired
policyIDPolicy ID. The policy ID can be retrieved from the data.id field using the mimecast-list-policies command.Required
policyTypeThe type of policy to delete. Possible values are: antispoofing-bypass, address-alteration, blockedsenders. Default is blockedsenders.Optional

Context Output#

PathTypeDescription
Mimecast.Policy.IDstringPolicy ID.
Mimecast.Blockedsenders.IDstringPolicy ID.
Mimecast.AntispoofingBypassPolicy.IDstringPolicy ID.
Mimecast.AddressAlterationPolicy.IDstringPolicy ID.

mimecast-manage-sender#

Permit or block a specific sender

Base Command#

mimecast-manage-sender

Input#

Argument NameDescriptionRequired
senderThe email address of sender to permit or block.Required
recipientThe email address of recipient to permit or block.Required
actionChoose to either "permit" (to bypass spam checks) or "block" (to reject the email). Possible values are: permit, block.Required
limitThe maximum number of results to return. Possible values are: . Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size. Possible values are: .Optional
page_sizeNumber of results per page to display. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.Managed.SenderstringThe email address of the sender
Mimecast.Managed.RecipientstringThe email address of the recipient
Mimecast.Managed.ActionstringChosen action
Mimecast.Managed.IDstringThe Mimecast secure ID of the managed sender object.

mimecast-list-managed-url#

Get a list of all managed URLs

Base Command#

mimecast-list-managed-url

Input#

Argument NameDescriptionRequired
urlFilter results by specific URL.Optional

Context Output#

PathTypeDescription
Mimecast.URL.DomainstringThe managed domain
Mimecast.URL.DisablelogclickbooleanIf logging of user clicks on the URL is disabled
Mimecast.URL.ActionstringEither block of permit
Mimecast.URL.PathstringThe path of the managed URL
Mimecast.URL.matchTypestringEither explicit - applies to the full URL or domain - applies to all URL values in the domain
Mimecast.URL.IDstringThe Mimecast secure ID of the managed URL
Mimecast.URL.disableRewritebooleanIf rewriting of this URL in emails is disabled

mimecast-create-managed-url#

Create a managed URL on Mimecast

Base Command#

mimecast-create-managed-url

Input#

Argument NameDescriptionRequired
urlThe URL to block or permit. Do not include a fragment (#).Required
actionSet to "block" to block list the URL, "permit" to add to allow list. Possible values are: block, permit.Required
matchTypeSet to "explicit" to block or permit only instances of the full URL. Set to "domain" to block or permit any URL with the same domain. Possible values are: explicit, domain. Default is explicit.Optional
disableRewriteDisable rewriting of this URL in emails. Applies only if action = "permit". Default false. Possible values are: true, false. Default is false.Optional
commentAdd a comment about the managed URL.Optional
disableUserAwarenessDisable User Awareness challenges for this URL. Applies only if action = "permit". Default false. Possible values are: true, false. Default is false.Optional
disableLogClickDisable logging of user clicks on the URL. Default is false. Possible values are: true, false. Default is false.Optional

Context Output#

PathTypeDescription
Mimecast.URL.DomainstringThe managed domain
Mimecast.URL.ActionstringEither block of permit
Mimecast.URL.disableLogClickstringIf logging of user clicks on the URL is disabled
Mimecast.URL.matchTypestringEither explicit - applies to the full URL or domain - applies to all URL values in the domain
Mimecast.URL.IDstringThe Mimecast secure ID of the managed URL
Mimecast.URL.disableRewritebooleanIf rewriting of this URL in emails is disabled

mimecast-list-messages#

Get a list of messages for a given user. This is an archive search command. Required Permissions The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Archive/Search/Read.
  • or Mimecast user with delegate permissions to address or user.

Base Command#

mimecast-list-messages

Input#

Argument NameDescriptionRequired
mailboxThe email address to return the message list forOptional
startTimeThe start date of messages to return, in the following format, 2015-11-16T14:49:18+0000. Default is the last calendar monthOptional
endTimeThe end date of messages to return, in the following format, 2015-11-16T14:49:18+0000. Default is the end of the current dayOptional
viewThe message list type, must be one of: inbox or sent, default is inboxOptional
subjectFilter by message subjectOptional
limitThe maximum number of results to return. Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional

Context Output#

PathTypeDescription
Mimecast.Message.SubjectstringMessage Subject
Mimecast.Message.IDstringMessage ID
Mimecast.Message.SizenumberThe size of the message in bytes
Mimecast.Message.RecievedDatedateThe date the message was received
Mimecast.Message.FromstringThe mail Sender
Mimecast.Message.AttachmentCountstringThe number of attachments on the message

mimecast-get-attachment-logs#

Returns Attachment Protect logs for a Mimecast customer account

Base Command#

mimecast-get-attachment-logs

Input#

Argument NameDescriptionRequired
resultsNumberThis parameter is ignored, use the 'limit' parameter instead. Possible values are: .Optional
fromDateStart date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is the start of the current day.Optional
toDateEnd date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is time of request.Optional
resultTypeFilters logs by scan result, default is malicious. Possible values are: safe, malicious, timeout, error, unsafe, all. Default is malicious.Optional
limitThe maximum number of results to return. Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional

Context Output#

PathTypeDescription
Mimecast.AttachmentLog.ResultstringThe result of the attachment analysis: clean, malicious, unknown, or timeout
Mimecast.AttachmentLog.DatedateThe time at which the attachment was released from the sandbox
Mimecast.AttachmentLog.SenderstringThe sender of the attachment
Mimecast.AttachmentLog.FileNamestringThe file name of the original attachment
Mimecast.AttachmentLog.ActionstringThe action triggered for the attachment
Mimecast.AttachmentLog.RecipientstringThe address of the user that received the attachment
Mimecast.AttachmentLog.FileTypestringThe file type of the attachment
Mimecast.AttachmentLog.RoutestringThe route of the original email containing the attachment, either: inbound, outbound, internal, or external

mimecast-get-url-logs#

Returns URL protect logs for a Mimecast customer account. Default value of scanResult as malicious

Base Command#

mimecast-get-url-logs

Input#

Argument NameDescriptionRequired
resultsNumberThe number of results to request. Default is allOptional
fromDateStart date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is the start of the current day.Optional
toDateEnd date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is time of request.Optional
resultTypeFilters logs by scan result, default is allOptional
limitThe maximum number of results to return. Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional

Context Output#

PathTypeDescription
Mimecast.UrlLog.CategorystringThe category of the URL clicked
Mimecast.UrlLog.UserAddressstringThe email address of the user who clicked the link
Mimecast.UrlLog.URLstringThe url clicked
Mimecast.UrlLog.AwarenessstringThe action taken by the user if user awareness was applied
Mimecast.UrlLog.AdminOverridestringThe action defined by the administrator for the URL
Mimecast.UrlLog.DatedateThe date that the URL was clicked
Mimecast.UrlLog.ResultstringThe result of the URL scan
Mimecast.UrlLog.ActionstringThe action that was taken for the click
Mimecast.UrlLog.RoutestringThe route of the original email containing the attachment, either: inbound, outbound, internal, or external
Mimecast.UrlLog. userOverridestringThe action requested by the user.

mimecast-get-impersonation-logs#

Returns Impersonation Protect logs for a Mimecast customer account

Base Command#

mimecast-get-impersonation-logs

Input#

Argument NameDescriptionRequired
resultsNumberThis parameter is ignored, use the 'limit' parameter instead. Possible values are: .Optional
taggedMaliciousFilters for messages tagged malicious (true) or not tagged malicious (false). Omit for no tag filtering. Default is true. Possible values are: true, false. Default is true.Optional
searchFieldThe field to search,Defaults is all (meaning all of the preceding fields). Possible values are: senderAddress, recipientAddress, subject, policy, all.Optional
queryRequired if searchField exists. A character string to search for in the logs.Optional
identifiersFilters logs by identifiers, can include any of newly_observed_domain, internal_user_name, repy_address_mismatch, and targeted_threat_dictionary. you can choose more then one identifier separated by comma. Possible values are: newly_observed_domain, internal_user_name, repy_address_mismatch, targeted_threat_dictionary.Optional
fromDateStart date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is the start of the current day.Optional
toDateEnd date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is time of request.Optional
actionsFilters logs by action, you can choose more then one action separated by comma. Possible values are: delete, hold, bounce, smart_folder, disable_smart_folder, content_expire, meta_expire, stationery, gcc, secure_delivery, delivery_route, document_policy, disable_document_policy, attach_set_policy, remove_email.Optional
limitThe maximum number of results to return. Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size. Possible values are: .Optional
page_sizeNumber of results per page to display. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.Impersonation.ResultCountnumberThe total number of IMPERSONATION log lines found for the request
Mimecast.Impersonation.HitsnumberThe number of identifiers that the message triggered
Mimecast.Impersonation.MaliciousbooleanWhether the message was tagged as malicious
Mimecast.Impersonation.SenderIPstringThe source IP address of the message
Mimecast.Impersonation.SenderAddressstringThe email address of the sender of the message
Mimecast.Impersonation.SubjectstringThe subject of the email
Mimecast.Impersonation.IdentifiersstringThe properties of the message that triggered the action: similar_internal_domain, newly_observed_domain, internal_user_name, reply_address_mismatch, and/or targeted_threat_dictionary
Mimecast.Impersonation.DatedateThe time at which the log was recorded
Mimecast.Impersonation.ActionstringThe action triggered by the email
Mimecast.Impersonation.PolicystringThe name of the policy definition that triggered the log
Mimecast.Impersonation.IDstringImpersonation Log ID
Mimecast.Impersonation.RecipientAddressstringThe email address of the recipient of the email
Mimecast.Impersonation.ExternalbooleanWhether the message was tagged as coming from an external address

mimecast-url-decode#

Decodes a given url from mimecast

Base Command#

mimecast-url-decode

Input#

Argument NameDescriptionRequired
urlURL to decode.Required

Context Output#

PathTypeDescription
URL.DatastringThe encoded url to parse
URL.Mimecast.DecodedURLstringParsed url

mimecast-discover#

discover authentication types that are supported for your account and which base URL to use for the requesting user. only for API 1.0 users.

Base Command#

mimecast-discover

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Mimecast.Authentication.AuthenticationTypesstringList of authentication types available to the user
Mimecast.Authentication.EmailAddressstringEmail address of the request sender
Mimecast.Authentication.EmailTokenstringEmail token of the request sender

mimecast-refresh-token#

Refresh access key validity only for API 1.0 users

Base Command#

mimecast-refresh-token

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

mimecast-login#

Login to generate Access Key and Secret Key only for API 1.0 users

Base Command#

mimecast-login

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

mimecast-get-message#

Get the contents or metadata of a given message. This is an archive search command.

Required Permissions#

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Archive/Search Content View.
  • or Mimecast user with delegate permissions to address or user.

Base Command#

mimecast-get-message

Input#

Argument NameDescriptionRequired
messageIDMessage IDRequired
contextDefines which copy of the message part to return, must be one of: "delivered" the copy that has been processed by the Mimecast MTA with policies such as URL rewriting applied, OR "received" - the copy of the message that Mimecast originally received. (Only relevant for part argument = message or all)Required
typeThe message type to return. (Only relevant for part argument = message or all)Optional
partDefine what message part to return - download message, get metadata or both.Optional

Context Output#

PathTypeDescription
Mimecast.Message.IDstringMessage ID
Mimecast.Message.SubjectstringThe message subject.
Mimecast.Message.HeaderDatedateThe date of the message as defined in the message headers.
Mimecast.Message.SizenumberThe message size.
Mimecast.Message.FromstringSender of the message as defined in the message header.
Mimecast.Message.To.EmailAddressstringRecipient of the message.
Mimecast.Message.ReplyTostringThe value of the Reply-To header.
Mimecast.Message.CC.EmailAddressstringEach CC recipient of the message.
Mimecast.Message.EnvelopeFromstringSender of the message as defined in the message envelope.
Mimecast.Message.Headers.NamestringHeader's name.
Mimecast.Message.Headers.ValuesstringHeader's value.
Mimecast.Message.Attachments.FileNamestringMessage attachment's file name.
Mimecast.Message.Attachments.SHA256stringMessage attachment's SHA256.
Mimecast.Message.Attachments.IDstringMessage attachment's ID.
Mimecast.Message.Attachments.SizenumberMessage attachment's file size.
Mimecast.Message.Attachments.ExtensionbooleanMessage attachment's file extension.
Mimecast.Message.ProcesseddateThe date the message was processed by Mimecast in ISO 8601 format.
Mimecast.Message.HasHtmlBodybooleanIf the message has an HTML body part.
File.SizenumberFile size
File.SHA1stringSHA1 hash of the file
File.SHA256stringSHA256 hash of the file
File.NamestringThe sample name
File.SSDeepstringSSDeep hash of the file
File.EntryIDstringWar-Room Entry ID of the file
File.InfostringBasic information of the file
File.TypestringFile type e.g. "PE"
File.MD5stringMD5 hash of the file
File.ExtensionstringThe extension of the file.

mimecast-download-attachments#

Download attachments from a specified message. This is an archive search command.

Required Permissions#

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Archive/Search Content View.
  • or Mimecast user with delegate permissions to address or user.

Base Command#

mimecast-download-attachments

Input#

Argument NameDescriptionRequired
attachmentIDThe Mimecast ID of the message attachment to return. (Can be retrieved from mimecast-get-message)Required
attachmentNameThe Mimecast attachment name, use this argument in order for the extension value to be included in the context data. (Can be retrieved from mimecast-get-message).Optional

Context Output#

PathTypeDescription
File.SizenumberFile Size
File.SHA1stringSHA1 hash of the file
File.SHA256stringSHA256 hash of the file
File.NamestringThe sample name
File.SSDeepstringSSDeep hash of the file
File.EntryIDstringWar-Room Entry ID of the file
File.InfostringBasic information of the file
File.TypestringFile type e.g., "PE"
File.MD5stringMD5 hash of the file
File.ExtensionstringThe extension of the file.

mimecast-find-groups#

Returns the list of groups according to the specified query.

Base Command#

mimecast-find-groups

Input#

Argument NameDescriptionRequired
query_stringThe string to query.Optional
query_sourceThe group source by which to filter. Possible values are: cloud, ldap.Optional
limitThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
Mimecast.Group.NameStringThe name of the group.
Mimecast.Group.SourceStringThe source of the group.
Mimecast.Group.IDStringThe Mimecast ID of the group.
Mimecast.Group.NumberOfUsersNumberThe number of members in the group.
Mimecast.Group.ParentIDStringThe Mimecast ID of the group's parent.
Mimecast.Group.NumberOfChildGroupsNumberThe number of child groups.

mimecast-get-group-members#

Returns the members list for the specified group.

Base Command#

mimecast-get-group-members

Input#

Argument NameDescriptionRequired
group_idThe Mimecast ID of the group to return.Required
limitThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
Mimecast.Group.Users.NameStringThe user's display name.
Mimecast.Group.Users.EmailAddressStringThe user's email address.
Mimecast.Group.Users.DomainStringThe domain name of the user's email address.
Mimecast.Group.Users.TypeStringThe user type.
Mimecast.Group.Users.InternalUserBooleanWhether the user is internal.
Mimecast.Group.Users.IsRemovedBooleanWhether the user is part of the group.
Mimecast.Group.Users.NotesunknownThe notes linked to the group.

mimecast-add-group-member#

Adds a user to a group. The email_address and domain_address arguments are optional, but one of them must be supplied.

Base Command#

mimecast-add-group-member

Input#

Argument NameDescriptionRequired
group_idThe Mimecast ID of the group to add the user to.Required
email_addressThe email address of the user to add to a group.Optional
domain_addressA domain to add to a group.Optional
notesThe notes for the entry.Optional

Context Output#

PathTypeDescription
Mimecast.Group.Users.EmailAddressStringThe user's email address.
Mimecast.Group.Users.IsRemovedBooleanWhether the user is part of the group.

mimecast-remove-group-member#

Removes a user from a group. The email_address and domain_address arguments are optional, but one of them must be supplied.

Base Command#

mimecast-remove-group-member

Input#

Argument NameDescriptionRequired
group_idThe Mimecast ID of the group from which to remove the user.Required
email_addressThe email address of the user to remove from the group.Optional
domain_addressA domain of the user to remove from a group.Optional

Context Output#

PathTypeDescription
Mimecast.Group.Users.EmailAddressStringThe user's email address.
Mimecast.Group.Users.IsRemovedBooleanWhether the user part of the group.

mimecast-create-group#

Creates a new Mimecast group.

Base Command#

mimecast-create-group

Input#

Argument NameDescriptionRequired
group_nameThe name of the new group.Required
parent_idThe Mimecast ID of the new group's parent. Default will be root level.Optional

Context Output#

PathTypeDescription
Mimecast.Group.NameStringThe name of the group.
Mimecast.Group.SourceStringThe source of the group.
Mimecast.Group.IDStringThe Mimecast ID of the group.
Mimecast.Group.NumberOfUsersNumberThe number of members in the group.
Mimecast.Group.ParentIDStringThe Mimecast ID of the group's parent.
Mimecast.Group.NumberOfChildGroupsNumberThe number of child groups.

mimecast-update-group#

Updates an existing Mimecast group.

Base Command#

mimecast-update-group

Input#

Argument NameDescriptionRequired
group_nameThe new name for the group.Optional
group_idThe Mimecast ID of the group to update.Required
parent_idThe new parent group.Optional

Context Output#

PathTypeDescription
Mimecast.Group.NameStringThe name of the group.
Mimecast.Group.IDStringThe Mimecast ID of the group.
Mimecast.Group.ParentIDStringThe Mimecast ID of the group's parent.

mimecast-create-remediation-incident#

Creates a new Mimecast remediation incident.

Base Command#

mimecast-create-remediation-incident

Input#

Argument NameDescriptionRequired
hash_message_idThe file hash or messageId value.Required
reasonThe reason for creating the remediation incident.Required
search_byThe message component by which to search. Default is "hash". Possible values are: hash, messageId.Optional
start_dateThe start date of messages to remediate. Default value is the previous month. (Format: yyyy-mm-ddThh:mm:ss+0000).Optional
end_dateThe end date of messages to remediate. Default value is the end of the current day. (Format: yyyy-mm-ddThh:mm:ss+0000).Optional

Context Output#

PathTypeDescription
Mimecast.Incident.IDStringThe secure Mimecast remediation ID.
Mimecast.Incident.CodeStringThe incident code generated at creation.
Mimecast.Incident.TypeStringThe incident type.
Mimecast.Incident.ReasonStringThe reason provided at the creation of the remediation incident.
Mimecast.Incident.IdentifiedMessagesNumberThe number of messages identified based on the search criteria.
Mimecast.Incident.SuccessfullyRemediatedMessagesNumberThe number successfully remediated messages.
Mimecast.Incident.FailedRemediatedMessagesNumberThe number of messages that failed to remediate.
Mimecast.Incident.MessagesRestoredNumberThe number of messages that were restored from the incident.
Mimecast.Incident.LastModifiedStringThe date and time that the incident was last modified.
Mimecast.Incident.SearchCriteria.FromStringThe sender email address or domain.
Mimecast.Incident.SearchCriteria.ToStringThe recipient email address or domain.
Mimecast.Incident.SearchCriteria.MessageIDStringThe message ID used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.FileHashStringThe file hash used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.StartDateStringThe start date of included messages.
Mimecast.Incident.SearchCriteria.EndDateStringThe end date of included messages.

mimecast-get-remediation-incident#

Returns a Mimecast remediation incident.

Base Command#

mimecast-get-remediation-incident

Input#

Argument NameDescriptionRequired
incident_idThe Mimecast ID for a remediation incident.Required

Context Output#

PathTypeDescription
Mimecast.Incident.IDStringThe secure Mimecast remediation ID.
Mimecast.Incident.CodeStringThe incident code generated at creation.
Mimecast.Incident.TypeStringThe incident type.
Mimecast.Incident.ReasonStringThe reason provided when the remediation incident was created.
Mimecast.Incident.IdentifiedMessagesNumberThe number of messages identified based on the search criteria.
Mimecast.Incident.SuccessfullyRemediatedMessagesNumberThe number of successfully remediated messages.
Mimecast.Incident.FailedRemediatedMessagesNumberThe number of messages that failed to remediate.
Mimecast.Incident.MessagesRestoredNumberThe number of messages that were restored from the incident.
Mimecast.Incident.LastModifiedStringThe date and time that the incident was last modified.
Mimecast.Incident.SearchCriteria.FromStringThe sender email address or domain.
Mimecast.Incident.SearchCriteria.ToStringThe recipient email address or domain.
Mimecast.Incident.SearchCriteria.MessageIDStringThe message ID used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.FileHashStringThe file hash used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.StartDateStringThe start date of included messages.
Mimecast.Incident.SearchCriteria.EndDateStringThe end date of included messages.

mimecast-search-file-hash#

Searches for one or more file hashes in the account. Maximum is 100.

Base Command#

mimecast-search-file-hash

Input#

Argument NameDescriptionRequired
hashes_to_searchList of file hashes to check if they were seen in an account.Required

Context Output#

PathTypeDescription
Mimecast.Hash.HashValueStringThe file hash value.
Mimecast.Hash.DetectedBooleanWhether the hash was found in the account.

mimecast-update-policy#

Updates the specified policy.

Base Command#

mimecast-update-policy

Input#

Argument NameDescriptionRequired
policy_idThe ID of the policy to update.Required
descriptionA new description for the policy.Optional
fromTypeThe sender type by which to block senders in the policy. This argument must match the fromValue argument. For example, if you specify email_domain, the fromValue must be an email domain. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address, free_mail_domains, header_display_name.Optional
toTypeThe blocked receiver type by which to block receivers in the policy. This argument must match the toValue argument. For example, if you specify email_domain, the fromType must be an email domain. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, individual_email_address.Optional
optionThe block action. Possible values are: no_action, block_sender.Optional
fromValueThe value of the fromType argument. For example, if you specify email_domain for fromType, the fromValue must be an email domain.Optional
toValueThe value of the toType argument. For example, if you specify email_domain for toType, the toValue must be an email domain.Optional
fromPartThe part from where addresses are pulled. Possible values are: envelope_from, header_from, both.Optional

Context Output#

PathTypeDescription
Mimecast.Policy.IDstringPolicy ID.
Mimecast.Policy.Sender.AddressstringBlock sender by email address value.
Mimecast.Policy.Sender.DomainstringBlock sender by domain value.
Mimecast.Policy.Sender.GroupstringBlock sender by group value.
Mimecast.Policy.BidirectionalbooleanWhether the blocked policy is bidirectional.
Mimecast.Policy.Receiver.AddressstringBlock emails to receiver type address.
Mimecast.Policy.Receiver.DomainstringBlock emails to receiver type domain.
Mimecast.Policy.Receiver.GroupstringBlock emails to receiver type group.
Mimecast.Policy.FromdatedateThe policy validation start date.
Mimecast.Policy.TodatedateThe policy expiration date.
Mimecast.Policy.Sender.TypeStringThe sender type.
Mimecast.Policy.Receiver.TypeStringThe receiver type.

mimecast-search-message#

Searches a message

Base Command#

mimecast-search-message

Input#

Argument NameDescriptionRequired
search_reasonReason for tracking the email. Possible values are: .Optional
from_dateAPI start parameter. Datetime format is ISO 8601. Possible values are: .Optional
to_dateAPI end parameter Datetime format ISO 8601. Possible values are: .Optional
message_idThe internet message id of the message to track. Possible values are: .Optional
fromPart of advancedTrackAndTraceOptions object: The sending email address or domain of the messages to track. Possible values are: .Optional
toPart of advancedTrackAndTraceOptions object: The recipient email address or domain of the messages to track. Possible values are: .Optional
subjectPart of advancedTrackAndTraceOptions object: The subject of the messages to track. Possible values are: .Optional
sender_IPPart of advancedTrackAndTraceOptions object: The source IP address of the messages to track. Possible values are: .Optional
routeAn array of routes to filter by. Possible values are internal, outbound and inbound. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.SearchMessage.infoStringInfo regarding the message.
Mimecast.SearchMessage.idStringThe Mimecast ID of the message. Used to load more information about the message.
Mimecast.SearchMessage.statusStringThe status of the message.
Mimecast.SearchMessage.fromEnv.emailAddressStringThe email address of the sender.
Mimecast.SearchMessage.fromHdr.displayableNameStringThe display name of the recipient.
Mimecast.SearchMessage.fromHdr.emailAddressStringThe email address of the recipient.
Mimecast.SearchMessage.to.displayableNameStringThe display name of the recipient.
Mimecast.SearchMessage.to.emailAddressStringThe email address of the recipient.
Mimecast.SearchMessage.receivedDateThe date and time the message was received by Mimecast.
Mimecast.SearchMessage.subjectStringThe subject of the message.
Mimecast.SearchMessage.senderIPStringThe source IP address of the message.
Mimecast.SearchMessage.attachmentsBooleanIf the message has attachments.
Mimecast.SearchMessage.routeStringThe route of the message.
Mimecast.SearchMessage.sentDateThe date and time that the message was sent / processed by Mimecast.
Mimecast.SearchMessage.spamScoreNumberSpam score of the email.
Mimecast.SearchMessage.detectionLevelStringDetection level of the email.

mimecast-get-message-info#

Retrieves detailed information about a specific message.

Base Command#

mimecast-get-message-info

Input#

Argument NameDescriptionRequired
idsThe Mimecast ID of the message to load. This is returned by the /api/message-finder/search endpoint. (mimecast-search-message command). Possible values are: .Required
show_recipient_infoDefault value is true. When argument is true all data from recipientInfo object is presented at command response. Possible values are: true, false. Default is true.Optional
show_delivered_messagedefault value is false .When argument is true all data from deliveredMessage object is presented at command response. Possible values are: true, false. Default is false.Optional
show_retention_infoDefault value is true.When argument is true all data from retentionInfo object is presented at command response. Possible values are: true, false. Default is true.Optional
show_spam_infoDefault value is true.When argument is true all spamInfo block is presented at command response. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.extensionStringComponent extension type.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.hashStringComponent hash.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.mimeTypeStringComponent MIME type.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.nameStringComponent name.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.sizeNumberComponent size.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.typeStringComponent type.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.deliveryEventStringDescription of delivery event.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.emailAddressStringEmail address of recipient.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.encryptionInfoStringEncryption type.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.messageExpiresInNumberExpiration time of message.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.processingServerStringProcessing server address.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.receiptAcknowledgementStringRecipient acknowledgement.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.remoteHostStringRemote host address.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.remoteIpStringRemote IP address.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.remoteServerGreetingStringRemote server greeting.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.transmissionEndDateTransmission end date.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.transmissionSizeNumberTransmission size.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.transmissionStartDateTransmission start date.
Mimecast.MessageInfo.deliveredMessage.messageInfo.fromEnvelopeStringSender mail. (From envelope)
Mimecast.MessageInfo.deliveredMessage.messageInfo.fromHeaderStringSender mail. (From header)
Mimecast.MessageInfo.deliveredMessage.messageInfo.processedDateProcessed time and date.
Mimecast.MessageInfo.deliveredMessage.messageInfo.routeStringMessage route.
Mimecast.MessageInfo.deliveredMessage.messageInfo.sentDateMessage sent time and date.
Mimecast.MessageInfo.deliveredMessage.messageInfo.subjectStringMessage subject.
Mimecast.MessageInfo.deliveredMessage.messageInfo.toStringRecipients info.
Mimecast.MessageInfo.deliveredMessage.messageInfo.transmissionInfoStringTransmission info.
Mimecast.MessageInfo.deliveredMessage.policyInfo.inheritedBooleanWhether policy is inherited.
Mimecast.MessageInfo.deliveredMessage.policyInfo.policyNameStringPolicy name.
Mimecast.MessageInfo.deliveredMessage.policyInfo.policyTypeStringPolicy type.
Mimecast.MessageInfo.idStringMessage ID.
Mimecast.MessageInfo.recipientInfo.messageInfo.binaryEmailSizeNumberEmail size.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.extensionStringComponent extension type.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.hashStringComponent hash.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.mimeTypeStringComponent MIME type.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.nameStringComponent name.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.sizeNumberComponent size.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.typeStringComponent type.
Mimecast.MessageInfo.recipientInfo.messageInfo.encryptionInfoStringEncryption information.
Mimecast.MessageInfo.recipientInfo.messageInfo.fromEnvelopeStringThe routable email address (From envelope).
Mimecast.MessageInfo.recipientInfo.messageInfo.fromHeaderStringThe routable email address (From header).
Mimecast.MessageInfo.recipientInfo.messageInfo.messageExpiresInNumberExpiry time of message.
Mimecast.MessageInfo.recipientInfo.messageInfo.processedDateMessage processed time.
Mimecast.MessageInfo.recipientInfo.messageInfo.processingServerStringMessage processing server.
Mimecast.MessageInfo.recipientInfo.messageInfo.receiptAcknowledgementStringRecipient acknowledgement.
Mimecast.MessageInfo.recipientInfo.messageInfo.receiptEventStringReceipt event name.
Mimecast.MessageInfo.recipientInfo.messageInfo.remoteHostStringRemote host address.
Mimecast.MessageInfo.recipientInfo.messageInfo.remoteIpStringRemote IP address.
Mimecast.MessageInfo.recipientInfo.messageInfo.remoteServerGreetingStringRemote server greeting.
Mimecast.MessageInfo.recipientInfo.messageInfo.sentDateMessage send time and date.
Mimecast.MessageInfo.recipientInfo.messageInfo.spamEventStringSpam event name.
Mimecast.MessageInfo.recipientInfo.messageInfo.subjectStringMessage subject.
Mimecast.MessageInfo.recipientInfo.messageInfo.toStringRecipient info.
Mimecast.MessageInfo.recipientInfo.messageInfo.transmissionEndDateTransmission end date.
Mimecast.MessageInfo.recipientInfo.messageInfo.transmissionInfoStringTransmission info.
Mimecast.MessageInfo.recipientInfo.messageInfo.transmissionSizeNumberTransmission size.
Mimecast.MessageInfo.recipientInfo.messageInfo.transmissionStartDateTransmission start date.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.binaryEmailSizeNumberEmail size
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.extensionStringComponent extension type.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.hashStringComponent hash type.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.mimeTypeStringComponent MIME type.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.nameStringComponent name.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.sizeNumberComponent size.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.typeStringComponent type.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.encryptionInfoStringEncryption information.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.messageExpiresInNumberExpiration time of message.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.processingServerStringProcessing server address.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.receiptAcknowledgementStringRecipient acknowledgement.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.receiptEventStringReceipt event name.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.remoteHostStringRemote host address.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.remoteIpStringRemote IP address.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.remoteServerGreetingStringRemote server greeting.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.spamEventStringSpam event name.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.transmissionEndDateTransmission end date.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.transmissionSizeNumberTransmission size.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.transmissionStartDateTransmission start date.
Mimecast.MessageInfo.retentionInfo.currentPurgeDateDateCurrent purge date and time.
Mimecast.MessageInfo.retentionInfo.originalPurgeDateDateOriginal purge date and time.
Mimecast.MessageInfo.retentionInfo.purgeBasedOnStringValue that purge is based on.
Mimecast.MessageInfo.retentionInfo.retentionAdjustmentDaysNumberRetention adjustment days.
Mimecast.MessageInfo.spamInfo.detectionLevelStringSpam detection level.
Mimecast.MessageInfo.spamInfo.dkim.allowBooleanIs DomainKeys Identified Mail (DKIM) allowed.
Mimecast.MessageInfo.spamInfo.dkim.infoStringDKIM info.
Mimecast.MessageInfo.spamInfo.dmarc.allowBooleanIs Domain-based Message Authentication, Reporting & Conformance (DMARC) allowed.
Mimecast.MessageInfo.spamInfo.dmarc.infoStringDMARC info.
Mimecast.MessageInfo.spamInfo.greyEmailBooleanIs grey email allowed.
Mimecast.MessageInfo.spamInfo.managedSender.allowBooleanIs Managed Sender allowed.
Mimecast.MessageInfo.spamInfo.managedSender.infoStringManaged Sender info.
Mimecast.MessageInfo.spamInfo.permittedSender.allowBooleanIs Permitted Sender allowed.
Mimecast.MessageInfo.spamInfo.permittedSender.infoStringPermitted Sender info.
Mimecast.MessageInfo.spamInfo.rbl.allowBooleanIs Real-time blackhole list (RBL) allowed.
Mimecast.MessageInfo.spamInfo.rbl.infoStringRBL info.
Mimecast.MessageInfo.spamInfo.spamScoreNumberSpam score.
Mimecast.MessageInfo.spamInfo.spf.allowBooleanIs Sender Policy Framework (SPF) allowed.
Mimecast.MessageInfo.spamInfo.spf.infoStringSPF info.
Mimecast.MessageInfo.statusStringMessage status.

mimecast-list-held-message#

Get information about held messages, including the reason, hold level, sender and recipients

Base Command#

mimecast-list-held-message

Input#

Argument NameDescriptionRequired
adminWhether only results for the currently authenticated user will be returned. Possible values are: true, false. Default is false.Optional
from_dateDatetime format ISO 8601. Possible values are: .Optional
to_dateDatetime format ISO 8601. Possible values are: .Optional
valueFree text to filter results by. Possible values are: .Optional
field_nameMessage fields to filter based on. Possible values are: all, subject, sender, recipient, reason_code.Optional
page_sizeNumber of results per page to display. Possible values are: .Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size. Possible values are: .Optional
limitThe maximum number of results to return. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.HeldMessage.dateReceivedDateThe timestamp of the message transmission.
Mimecast.HeldMessage.from.displayableNameStringThe sender name.
Mimecast.HeldMessage.from.emailAddressStringThe sender email.
Mimecast.HeldMessage.fromHeader.displayableNameStringThe display name of the sender (From header).
Mimecast.HeldMessage.fromHeader.emailAddressStringThe email address of the sender (From header).
Mimecast.HeldMessage.hasAttachmentsBooleanReturns true if the message contains attachments. False indicates no attachments.
Mimecast.HeldMessage.idStringThe Mimecast secure ID for a message.
Mimecast.HeldMessage.policyInfoStringInformation or definition name triggering the message hold action.
Mimecast.HeldMessage.reasonStringThe summary reason for holding the message.
Mimecast.HeldMessage.reasonCodeStringReason code for holding the message.
Mimecast.HeldMessage.reasonIdStringMirrors the reason field, formatted without spaces. However, reasonCode should be used instead.
Mimecast.HeldMessage.routeStringDirection of message being held. Possible values are: INBOUND, OUTBOUND, INTERNAL, EXTERNAL.
Mimecast.HeldMessage.sizeNumberThe size of the message in bytes.
Mimecast.HeldMessage.subjectStringThe message subject.
Mimecast.HeldMessage.to.displayableNameStringThe display name of the recipient.
Mimecast.HeldMessage.to.emailAddressStringThe email address of the recipient.

mimecast-held-message-summary#

Get counts of currently held messages for each hold reason.

Base Command#

mimecast-held-message-summary

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
Mimecast.HeldMessageSummary.numberOfItemsNumberThe number of messages currently held for this reason.
Mimecast.HeldMessageSummary.policyInfoStringThe name of the policy or definition that held a message.

mimecast-reject-held-message#

Reject a currently held message.

Base Command#

mimecast-reject-held-message

Input#

Argument NameDescriptionRequired
idsAn array of Mimecast secure IDs IDs are extracted from the mimecast-list-held-message command. Possible values are: .Required
messageRejection message to be returned to the sender. Possible values are: .Optional
reason_typeUser can choose reason . Possible values are: MESSAGE CONTAINS UNDESIRABLE CONTENT,MESSAGE CONTAINS CONFIDENTIAL INFORMATION,REVIEWER DISAPPROVES OF CONTENT,, INAPPROPRIATE COMMUNICATIONMESSAGE GOES AGAINST EMAIL POLICIES, .Optional
notifyWhether to deliver rejection notificationd. Possible values are: true, false.Optional

Context Output#

There is no context output for this command.

Command example#

!mimecast-reject-emessage ids="1234" message="MESSAGE CONTAINS UNDESIRABLE CONTENT" reason_type="MESSAGE CONTAINS UNDESIRABLE CONTENT" notify="True"

Human Readable Output#

Held messages were rejected successfully

mimecast-release-held-message#

Release a currently held message.

Base Command#

mimecast-release-held-message

Input#

Argument NameDescriptionRequired
idMimecast secure id: ID can be extracted from following command : mimecast-list-held-message. Possible values are: .Required

Context Output#

There is no context output for this command.

Command example#

!mimecast-release-held-message id="1234-test""

Human Readable Output#

Held message with id 1234_test was released successfully

mimecast-search-processing-message#

Return messages currently being processed by Mimecast. Note that most of the time, no results are returned.

Base Command#

mimecast-search-processing-message

Input#

Argument NameDescriptionRequired
sort_orderThe method used to sort the messages. Possible values are: asc, desc.Optional
from_dateDatetime format ISO 8601. Possible values are: .Optional
to_dateDatetime format ISO 8601. Possible values are: .Optional
valueThe search value to be used. Possible values are: .Optional
field_nameThe field to be searched. Possible values are: ALL, fromAddress, toAddress, subject, info, remoteIp.Optional
attachmentsWhether there is an attachment in the message. Possible values are: .Optional
routeThe message route. Possible values are: all, internal, outbound, inbound, external.Optional
page_sizeNumber of results per page to display. Possible values are: .Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size. Possible values are: .Optional
limitThe maximum number of results to return. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.ProcessingMessage.messages.idStringThe Mimecast secure ID of the message.
Mimecast.ProcessingMessage.messages.fromEnv.emailAddressStringThe routable email address (From evelope).
Mimecast.ProcessingMessage.messages.fromHeader.emailAddressStringThe routable email address (From header).
Mimecast.ProcessingMessage.messages.to.emailAddressStringThe routable email address.
Mimecast.ProcessingMessage.messages.subjectStringThe message subject.
Mimecast.ProcessingMessage.messages.attachmentBooleanThe presence of an attachment in the message.
Mimecast.ProcessingMessage.messages.routingStringThe directional route of the message. Possible values are internal, outbound, inbound or external.
Mimecast.ProcessingMessage.messages.sizeNumberThe size of the message in bytes.
Mimecast.ProcessingMessage.messages.remoteIpStringThe connecting IP address.
Mimecast.ProcessingMessage.messages.attemptsNumberThe number of processing attempts of the message.
Mimecast.ProcessingMessage.messages.nextAttemptDateThe date of the next process attempt for the message.
Mimecast.ProcessingMessage.messages.createdDateThe date of the processing request creation.
Mimecast.ProcessingMessage.messages.infoStringCurrent processing status of the message.
Mimecast.ProcessingMessage.messages.priorityStringMessage proirity.

mimecast-list-email-queues#

Get the count of the inbound and outbound email queues at specified times.

Base Command#

mimecast-list-email-queues

Input#

Argument NameDescriptionRequired
from_dateDatetime format ISO 8601. Possible values are: .Required
to_dateDatetime format ISO 8601. Possible values are: .Required

Context Output#

PathTypeDescription
Mimecast.EmailQueue.inboundEmailQueue.countNumberThe number of inbound messages currently queued.
Mimecast.EmailQueue.inboundEmailQueue.dateDateThe date for the displayed number of messages.
Mimecast.EmailQueue.outboundEmailQueue.countNumberThe number of outbound messages currently queued.
Mimecast.EmailQueue.outboundEmailQueue.dateDateThe date for the displayed number of messages.

Command example#

!mimecast-list-email-queues from_date="2015-11-16T14:49:18+0000" to_date="2022-11-16T14:49:18+0000"

Context Example#

{
"Mimecast": {
"EmailQueue": [
{
"inboundEmailQueue": [
{
"count": 2,
"date": "2022-07-19T08:10:00+0000"
},
{
"count": 4,
"date": "2022-07-19T08:20:00+0000"
},
{
"count": 4,
"date": "2022-07-19T08:30:00+0000"
},
{
"count": 4,
"date": "2022-07-19T08:40:00+0000"
}
]
}
]
}
}

Human Readable Output#

Inbound Email Queue#

Inbound Email Queue CountInbound Email Queue Date
22022-07-19T08:10:00+0000
42022-07-19T08:20:00+0000
42022-07-19T08:30:00+0000
42022-07-19T08:40:00+0000

mimecast-get-archive-search-logs#

Retrieves archived search logs.

Base Command#

mimecast-get-archive-search-logs

Input#

Argument NameDescriptionRequired
queryText to search within the logs, which can contain email addresses.Optional
pagePage number for pagination.Optional
page_sizeNumber of items per page for pagination. Default value is '50'.Optional
limitThe maximum number of items to return. Default is 50.Optional

Context Output#

PathTypeDescription
Mimecast.ArchiveSearchLog.logs.createTimeDateThe time that the search was executed.
Mimecast.ArchiveSearchLog.logs.emailAddrStringThe email address of the user who performed the search.
Mimecast.ArchiveSearchLog.logs.sourceStringThe source of the search.
Mimecast.ArchiveSearchLog.logs.searchTextStringThe text used in the search.
Mimecast.ArchiveSearchLog.logs.searchReasonStringThe reason for the search.
Mimecast.ArchiveSearchLog.logs.descriptionStringThe description of the search if any.

Command example#

!mimecast-get-archive-search-logs query="Message Tracking Search" limit=1

Context Example#

{
"Mimecast": {
"ArchiveSearchLog": [
{
"createTime": "2024-03-20T11:39:36+0000",
"description": "Message Tracking Search",
"emailAddr": "integration.com",
"searchReason": "",
"searchText": "eNo1jrs12345",
"source": "archive"
}
]
}
}

Human Readable Output#

Results#

createTimedescriptionemailAddrsearchReasonsearchTextsource
2024-03-20T11:39:36+0000Message Tracking Searchexample@test.comeNo1jrs12345archive

mimecast-get-search-logs#

Retrieves the search logs.

Base Command#

mimecast-get-search-logs

Input#

Argument NameDescriptionRequired
queryText to search within the logs, which can contain email addresses.Optional
startThe earliest search log to return in the following format 2017-09-16T14:49:18+0000. Defaults to the start of the current day. Default is now.Optional
endThe latest search log to return in the following format 2017-09-16T14:49:18+0000. Defaults to the end of the current day. Default is now.Optional
pagePage number for pagination.Optional
page_sizeNumber of items per page for pagination. Default value is '50'.Optional
limitThe maximum number of items to return. Default is 50.Optional

Context Output#

PathTypeDescription
Mimecast.SearchLog.meta.pagination.pageSizeNumberThe number of results per page.
Mimecast.SearchLog.meta.pagination.totalCountNumberThe total number of search results.
Mimecast.SearchLog.meta.pagination.nextStringA link to the next page of search results.
Mimecast.SearchLog.meta.statusNumberThe status code of the search operation.
Mimecast.SearchLog.createTimeDateThe time that the search was executed.
Mimecast.SearchLog.emailAddrStringThe email address of the user who performed the search.
Mimecast.SearchLog.sourceStringThe source context of the search.
Mimecast.SearchLog.searchTextStringThe text used in the search.
Mimecast.SearchLog.searchPathStringThe search path used in the search.
Mimecast.SearchLog.searchReasonStringThe reason entered when the search was executed.
Mimecast.SearchLog.isAdminBooleanIndicates if the search was an admin search or not.
Mimecast.SearchLog.museQueryString(Deprecated) The Mimecast search query used, if any.
Mimecast.SearchLog.descriptionStringThe description of the search, if any.

Command example#

!mimecast-get-search-logs start="1 year" limit=1 end=now query="Message Tracking Search"

Context Example#

{
"Mimecast": {
"SearchLog": {
"createTime": "2024-03-20T11:39:36+0000",
"description": "Message Tracking Search",
"emailAddr": "integration.com",
"searchReason": "",
"searchText": "eNo1jrs12345",
"source": "archive"
}
}
}

Human Readable Output#

Results#

createTimedescriptionemailAddrsearchReasonsearchTextsource
2024-03-20T11:39:36+0000Message Tracking Searchmime.integration.comeNo1jrs12345archive

mimecast-get-view-logs#

Retrieves the email view logs.

Base Command#

mimecast-get-view-logs

Input#

Argument NameDescriptionRequired
queryText to search within the logs, which can contain email addresses.Optional
startThe earliest search log to return in the following format 2017-09-16T14:49:18+0000. Defaults to the start of the current day. Default is now.Optional
endThe latest search log to return in the following format 2017-09-16T14:49:18+0000. Defaults to the end of the current day. Default is now.Optional
pagePage number for pagination.Optional
page_sizeNumber of items per page for pagination. Default value is '50'.Optional
limitThe maximum number of items to return. Default is 50.Optional

Context Output#

PathTypeDescription
Mimecast.ViewLog.viewerStringThe email address of the user who viewed the message.
Mimecast.ViewLog.sourceStringThe source of the message.
Mimecast.ViewLog.viewedDateThe date and time that the message was viewed.
Mimecast.ViewLog.fromStringThe sender of the viewed message.
Mimecast.ViewLog.toStringThe recipient of the viewed message.
Mimecast.ViewLog.subjectStringThe subject of the viewed message.
Mimecast.ViewLog.messageDateDateThe date and time that the message was received.
Mimecast.ViewLog.contentViewedBooleanIndicates if the message content was viewed or not.
Mimecast.ViewLog.discoveryCaseBooleanIndicates if the viewed message is a part of an existing discovery case.

Command example#

!mimecast-get-view-logs limit=1 start="1 year" end=now

Context Example#

{
"Mimecast": {
"ViewLog": [
{
"contentViewed": false,
"discoveryCase": false,
"from": "example@test.com",
"messageDate": "2023-08-03T10:59:31+0000",
"source": "Message Tracking",
"subject": "Re",
"to": ".integration.com",
"viewed": "2023-08-03T12:06:01+0000",
"viewer": "example@test.com"
}
]
}
}

Human Readable Output#

Results#

contentVieweddiscoveryCasefrommessageDatesourcesubjecttoviewedviewer
falsefalseexample@test.com2023-08-03T10:59:31+0000Message TrackingReexample@test.com.mime.integration.com2023-08-03T12:06:01+0000example@test.com

mimecast-list-account#

This endpoint returns the summary details for an account in Mimecast.

Base Command#

mimecast-list-account

Input#

Argument NameDescriptionRequired
account_nameThe account name.Optional
account_codeThe unique Mimecast account code for the customer.Optional
admin_emailThe email address of the first administrator created on the account.Optional
regionThe region where the account is hosted.Optional
user_countThe number of user licenses on the account.Optional
pagePage number for pagination.Optional
page_sizeNumber of items per page for pagination. Default value is '50'.Optional
limitThe maximum number of items to return. Default is 50.Optional

Context Output#

PathTypeDescription
Mimecast.Account.regionStringThe region where the account is hosted.
Mimecast.Account.archiveBooleanIf archiving features are enabled on the account.
Mimecast.Account.gatewayBooleanIf gateway features are enabled on the account.
Mimecast.Account.passphraseStringThe passphrase set on the account, used by Mimecast Support when verifying callers during support calls.
Mimecast.Account.supportCodeStringThe support code.
Mimecast.Account.maxRetentionNumberThe maximum retention in days configured for the account.
Mimecast.Account.maxRetentionConfirmedBooleanIf the maximum retention value on the account has been confirmed.
Mimecast.Account.minRetentionEnabledBooleanIf minimum retention is enabled on the account.
Mimecast.Account.automatedSegmentPurgeBooleanIf purging of expired storage segments is enabled on the account.
Mimecast.Account.typeStringThe type of account.
Mimecast.Account.policyInheritanceBooleanIf policy inheritance is enabled on the account.
Mimecast.Account.databaseCodeStringThe database code.
Mimecast.Account.searchReasonBooleanThe search reason.
Mimecast.Account.contentAdministratorDefaultViewStringThe content administrator default view.
Mimecast.Account.adminSessionTimeoutNumberThe admin session timeout.
Mimecast.Account.exportApiBooleanIf the export API is enabled.
Mimecast.Account.exgestAllowQueryBooleanIf the exgest allows queries.
Mimecast.Account.exgestAllowExtractionBooleanIf the exgest allows extraction.
Mimecast.Account.expressAccountBooleanIf the account is an express account.
Mimecast.Account.cybergraphV2EnabledBooleanIf Cybergraph v2 is enabled.
Mimecast.Account.accountCodeStringThe unique Mimecast account code for the customer.
Mimecast.Account.accountNameStringThe account name.
Mimecast.Account.adminEmailStringThe email address of the first administrator created on the account.
Mimecast.Account.contactEmailStringThe contact email address.
Mimecast.Account.domainStringThe temporary domain name added to the account. This name is generated by Mimecast and is only used for initial access to the account. It should not be used for email routing.
Mimecast.Account.userCountNumberThe number of user licenses on the account.
Mimecast.Account.mimecastIdStringThe unique Mimecast ID of the account.
Mimecast.Account.contactNameStringThe contact name.
Mimecast.Account.telephoneDateThe telephone number.
Mimecast.Account.packagesStringAn array of packages enabled on the customer account.

Command example#

!mimecast-list-account limit=1

Context Example#

{
"Mimecast": {
"Account": [
{
"accountCode": "CUSA102A236",
"accountName": "API Alliance - Palo Alto Networks",
"adminEmail": "",
"adminSessionTimeout": 60,
"archive": false,
"automatedSegmentPurge": true,
"contactEmail": "example@test.com.com",
"contactName": "Adnan Kharuf",
"contentAdministratorDefaultView": "Metadata",
"cybergraphV2Enabled": false,
"databaseCode": "usterm13",
"domain": "",
"exgestAllowExtraction": true,
"exgestAllowQuery": false,
"exportApi": false,
"expressAccount": false,
"gateway": true,
"maxRetention": 30,
"maxRetentionConfirmed": true,
"mimecastId": "01-0102-00236",
"minRetentionEnabled": false,
"packages": [
"Attachment Management (Site) [1004]",
"Attachment Protection (Site) [1056]",
"Threat Remediation [1075]",
"Journal Services [1053]",
"Mimecast Platform [1033]",
"Internal Email Protect [1064]",
"Desktop Apps - Outlook (Pro) [1016]",
"Desktop Apps - Mac (Pro) [1051]",
"BYO: Threat Intelligence [1089]",
"Enhanced Logging [1061]",
"Message Recovery Service - User [1058]",
"Branding [1003]",
"Mobile Apps (Pro) [1036]",
"Content Control and Data Leak Prevention (Site) [1013]",
"Advanced MTA (Site) [1002]",
"Email Encryption and Privacy (Site) [1023]",
"Metadata Track and Trace (Site) [1032]",
"Configuration Backup & Restore [1106]",
"Attachment Protection (Pro) [1059]",
"Stationery 1.0 (Site) [1042]",
"URL Protection (Site) [1043]",
"Secure Email Gateway (Site) [1039]",
"Content Control and Data Leak Prevention (Pro) [1015]",
"Impersonation Protection [1060]",
"Auto Responders (Site) [1005]",
"Message Recovery Service (Site) [1031]",
"Mimecast Mobile Pro (Pro) [1055]",
"Analysis and Response [1110]"
],
"passphrase": "",
"policyInheritance": false,
"region": "us",
"searchReason": false,
"supportCode": "D7F8",
"telephone": "4088307584",
"type": "full",
"userCount": 10
}
]
}
}

Human Readable Output#

Results#

accountCodeaccountNameadminEmailadminSessionTimeoutarchiveautomatedSegmentPurgecontactEmailcontactNamecontentAdministratorDefaultViewcybergraphV2EnableddatabaseCodedomainexgestAllowExtractionexgestAllowQueryexportApiexpressAccountgatewaymaxRetentionmaxRetentionConfirmedmimecastIdminRetentionEnabledpackagespassphrasepolicyInheritanceregionsearchReasonsupportCodetelephonetypeuserCount
CUSA102A236API Alliance - Palo Alto Networks60falsetrueexample@test.com.comAdnan KharufMetadatafalseusterm13truefalsefalsefalsetrue30true01-0102-00236falseAttachment Management (Site) [1004],
Attachment Protection (Site) [1056],
Threat Remediation [1075],
Journal Services [1053],
Mimecast Platform [1033],
Internal Email Protect [1064],
Desktop Apps - Outlook (Pro) [1016],
Desktop Apps - Mac (Pro) [1051],
BYO: Threat Intelligence [1089],
Enhanced Logging [1061],
Message Recovery Service - User [1058],
Branding [1003],
Mobile Apps (Pro) [1036],
Content Control and Data Leak Prevention (Site) [1013],
Advanced MTA (Site) [1002],
Email Encryption and Privacy (Site) [1023],
Metadata Track and Trace (Site) [1032],
Configuration Backup & Restore [1106],
Attachment Protection (Pro) [1059],
Stationery 1.0 (Site) [1042],
URL Protection (Site) [1043],
Secure Email Gateway (Site) [1039],
Content Control and Data Leak Prevention (Pro) [1015],
Impersonation Protection [1060],
Auto Responders (Site) [1005],
Message Recovery Service (Site) [1031],
Mimecast Mobile Pro (Pro) [1055],
Analysis and Response [1110]		falseusfalseD7F84088307584full10

mimecast-list-policies#

List all existing Mimecast blocked sender policies.

Base Command#

mimecast-list-policies

Input#

Argument NameDescriptionRequired
policyTypeAccording to this argument an endpoint is selected. Possible values are: blockedsenders, antispoofing-bypass, address-alteration. Default is blockedsenders.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeSets the result to start returning results. Default value is '50'.Optional
limitThe maximum number of results to return. Default is 50.Optional

Context Output#

PathTypeDescription
Mimecast.AddressAlterationPolicy.IDstringPolicy ID.
Mimecast.AddressAlterationPolicy.meta.statusNumberThe status of the Address Alteration policy.
Mimecast.AddressAlterationPolicy.addressAlterationSetIdStringThe Mimecast secure ID of the Address Alteration Set (folder) that will be applied by this policy.
Mimecast.AddressAlterationPolicy.idStringThe Mimecast secure ID of the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.descriptionStringThe description for the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.fromPartStringShould the sender address be considered based on the envelope, header, or either address.
Mimecast.AddressAlterationPolicy.policy.from.typeStringThe type of sender address considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.to.typeStringThe type of recipient address considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.fromTypeStringThe sender address type considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.toTypeStringThe recipient address type considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.fromEternalBooleanShould the policy start to apply, regardless of the current date and time, for the sender address.
Mimecast.AddressAlterationPolicy.policy.toEternalBooleanShould the policy start to apply, regardless of the current date and time, for the recipient address.
Mimecast.AddressAlterationPolicy.policy.fromDateStringThe start date that the policy should begin to apply.
Mimecast.AddressAlterationPolicy.policy.toDateStringThe end date that the policy should cease to apply.
Mimecast.AddressAlterationPolicy.policy.overrideBooleanShould the policy be considered for application, and apply if conditions are met, prior to other policies of the same type.
Mimecast.AddressAlterationPolicy.policy.bidirectionalBooleanShould the policy also apply in reverse email flow.
Mimecast.AddressAlterationPolicy.policy.conditionsUnknownConditions of the sending platform to determine if the policy should be considered.
Mimecast.AddressAlterationPolicy.policy.enabledBooleanShould the policy be considered for emails processing through Mimecast.
Mimecast.AddressAlterationPolicy.policy.enforcedBooleanIs the policy enforced.
Mimecast.AddressAlterationPolicy.policy.createTimeStringThe creation timestamp of the policy.
Mimecast.AddressAlterationPolicy.policy.lastUpdatedstringBlock emails to receiver type.
Mimecast.BlockedSendersPolicy.optionStringThe option for the blocked sender policy.
Mimecast.BlockedSendersPolicy.idStringThe unique identifier for the blocked sender policy.
Mimecast.BlockedSendersPolicy.policy.descriptionStringA description of the blocked sender policy.
Mimecast.BlockedSendersPolicy.policy.fromPartStringThe part of the email address or domain from which the policy is applied.
Mimecast.BlockedSendersPolicy.policy.from.typeStringThe type of sender address or domain for the policy.
Mimecast.BlockedSendersPolicy.policy.to.typeStringThe type of recipient address or domain for the policy.
Mimecast.BlockedSendersPolicy.policy.fromTypeStringThe type of sender for the policy.
Mimecast.BlockedSendersPolicy.policy.toTypeStringThe type of recipient for the policy.
Mimecast.BlockedSendersPolicy.policy.fromEternalBooleanIndicates whether the policy applies indefinitely to the sender.
Mimecast.BlockedSendersPolicy.policy.toEternalBooleanIndicates whether the policy applies indefinitely to the recipient.
Mimecast.BlockedSendersPolicy.policy.fromDateDateThe start date from which the policy is effective.
Mimecast.BlockedSendersPolicy.policy.toDateDateThe end date until which the policy is effective.
Mimecast.BlockedSendersPolicy.policy.overrideBooleanIndicates whether the policy overrides other policies.
Mimecast.BlockedSendersPolicy.policy.bidirectionalBooleanIndicates whether the policy applies in both directions.
Mimecast.BlockedSendersPolicy.policy.conditionsUnknownThe conditions under which the policy is applied.
Mimecast.BlockedSendersPolicy.policy.enabledBooleanIndicates whether the policy is enabled.
Mimecast.BlockedSendersPolicy.policy.enforcedBooleanIndicates whether the policy is enforced.
Mimecast.BlockedSendersPolicy.policy.createTimeDateThe date and time when the policy was created.
Mimecast.BlockedSendersPolicy.policy.lastUpdatedDateThe date and time when the policy was last updated.
Mimecast.AntispoofingBypassPolicy.optionStringThe option for the antispoofing bypass policy.
Mimecast.AntispoofingBypassPolicy.idStringThe unique identifier for the antispoofing bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.descriptionStringA description of the antispoofing bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.fromPartStringThe part of the email address or domain from which the policy is applied.
Mimecast.AntispoofingBypassPolicy.policy.from.typeStringThe type of sender address or domain for the policy.
Mimecast.AntispoofingBypassPolicy.policy.from.emailDomainStringThe email domain of the sender for the policy.
Mimecast.AntispoofingBypassPolicy.policy.to.typeStringThe type of recipient address or domain for the policy.
Mimecast.AntispoofingBypassPolicy.policy.to.emailDomainStringThe email domain of the recipient for the policy.
Mimecast.AntispoofingBypassPolicy.policy.fromTypeStringThe type of sender for the policy.
Mimecast.AntispoofingBypassPolicy.policy.fromValueStringThe value of the sender for the policy.
Mimecast.AntispoofingBypassPolicy.policy.toTypeStringThe type of recipient for the policy.
Mimecast.AntispoofingBypassPolicy.policy.toValueStringThe value of the recipient for the policy.
Mimecast.AntispoofingBypassPolicy.policy.fromEternalBooleanIndicates whether the policy applies indefinitely to the sender.
Mimecast.AntispoofingBypassPolicy.policy.toEternalBooleanIndicates whether the policy applies indefinitely to the recipient.
Mimecast.AntispoofingBypassPolicy.policy.fromDateDateThe start date from which the policy is effective.
Mimecast.AntispoofingBypassPolicy.policy.toDateDateThe end date until which the policy is effective.
Mimecast.AntispoofingBypassPolicy.policy.overrideBooleanIndicates whether the policy overrides other policies.
Mimecast.AntispoofingBypassPolicy.policy.bidirectionalBooleanIndicates whether the policy applies in both directions.
Mimecast.AntispoofingBypassPolicy.policy.conditions.spfDomainsStringThe SPF domains condition for the policy.
Mimecast.AntispoofingBypassPolicy.policy.enabledBooleanIndicates whether the policy is enabled.
Mimecast.AntispoofingBypassPolicy.policy.enforcedBooleanIndicates whether the policy is enforced.
Mimecast.AntispoofingBypassPolicy.policy.createTimeDateThe date and time when the policy was created.
Mimecast.AntispoofingBypassPolicy.policy.lastUpdatedDateThe date and time when the policy was last updated.

Command example#

!mimecast-list-policies policyType=blockedsenders limit=1

Context Example#

{
"Mimecast": {
"Policies": [
{
"addressAlterationSetId": "eNoVjr0OgjA111111",
"id": "eNo1jsESgU121111",
"policy": {
"bidirectional": false,
"conditions": {},
"createTime": "2024-05-07T14:24:06+0000",
"description": "שש",
"enabled": true,
"enforced": false,
"from": {
"type": "everyone"
},
"fromDate": "1900-01-01T00:00:00+0000",
"fromEternal": true,
"fromPart": "envelope_from",
"fromType": "everyone",
"lastUpdated": "2024-05-07T14:24:06+0000",
"override": false,
"to": {
"type": "everyone"
},
"toDate": "2100-01-01T23:59:59+0000",
"toEternal": true,
"toType": "everyone"
}
}
]
}
}

Human Readable Output#

Mimecast list antispoofing-bypass policies:#

These are the existing antispoofing-bypass Policies: |Policy ID|Sender|Reciever|Bidirectional|Start|End| |---|---|---|---|---|---| | eNo1jksOgjAUAO_SNYmFFn-JCyN-iEJERNS4wfKEIlAsIEHj3cWF-5nMvFEJrJbAQzRGR4OAHvEmcy89C-w4SZzn5uQ7PjP1ZNB4FdlK3SgZ3nrGwZ-bVxF56zygQ01NZRafSXCKYP8QK92vuBMUzWhJ8oRaD0pvO1Lbhzs_zl_hbrGR1gQpqBApZ-0vrVKCiYJYXVYiA8lECN3PzHOnKtamGul39BNkyUXewX9z3xZg_myMsfr5AuuvQdE | Group: null
Email Address: null
Domain: google.com
Type: email_domain | Group: null
Email Address: null
Domain: amazon.com
Type: email_domain | false | 1900-01-01T00:00:00+0000 | 2100-01-01T23:59:59+0000 |

Command example#

!mimecast-list-policies policyType="address-alteration" limit=1

Context Example#

{
"Mimecast": {
"AddressAlterationPolicy": {
"addressAlterationSetId": "eNoVjr0OgjAYAN-lKw5QoAqJQ5H4AwZQUBM2hKJV5IutFcX47uJ8yd19kGSlEoxXyEXqLNMl8frQfnVci4Mrk8XFwunCq09G3h5MvVknETV4crYK_6htaTaZZw7gFXO4jTecxHcVBTYmmh4WqnprPQ1Fv4jpdkxMv4Z83wDsu3QGUzRCpZIPuDFRQsWG-myXUkPHFJtkgE8mJIcWucYI1dBUTPwXiWUN9u8P87s5UQ",
"id": "eNo1jk0TgUAAQP_Lns3Y2l1hxsEo5CPCCuOSbWWptrbSxPjvcnB_b957g5yzUnERgD6gzsyI2crn1ITntnMIXTuLUOx6zCZ3o6IFWiti5gyuqbn3LPsiQzpPfNzVtUjFtxPyjyHfZXJKvEK4flr1Jii542WG8XWDSmf_EAfrFWzGC7UcgBZIZSRY_UtrGBPSAqzMCxlzxWTAm58R3Q41qA911GnoJ1e5kEkD_81dnXL7Z0Mdws8XmjlBYQ",
"policy": {
"bidirectional": true,
"conditions": {
"sourceIPs": [
"8.8.8.8/24"
]
},
"createTime": "2024-05-28T10:01:06+0000",
"description": "test_update",
"enabled": true,
"enforced": false,
"from": {
"emailDomain": "google.com",
"type": "email_domain"
},
"fromDate": "1900-01-01T00:00:00+0000",
"fromEternal": true,
"fromPart": "header_from",
"fromType": "email_domain",
"fromValue": "google.com",
"lastUpdated": "2024-05-28T10:01:07+0000",
"override": true,
"to": {
"emailDomain": "google.com",
"type": "email_domain"
},
"toDate": "2100-01-01T23:59:59+0000",
"toEternal": true,
"toType": "email_domain",
"toValue": "google.com"
}
}
}
}

Human Readable Output#

Mimecast list address-alteration policies:#

These are the existing address-alteration Policies: |Policy ID|Sender|Reciever|Bidirectional|Start|End| |---|---|---|---|---|---| | eNo1jk0TgUAAQP_Lns3Y2l1hxsEo5CPCCuOSbWWptrbSxPjvcnB_b957g5yzUnERgD6gzsyI2crn1ITntnMIXTuLUOx6zCZ3o6IFWiti5gyuqbn3LPsiQzpPfNzVtUjFtxPyjyHfZXJKvEK4flr1Jii542WG8XWDSmf_EAfrFWzGC7UcgBZIZSRY_UtrGBPSAqzMCxlzxWTAm58R3Q41qA911GnoJ1e5kEkD_81dnXL7Z0Mdws8XmjlBYQ | Group: null
Email Address: null
Domain: google.com
Type: email_domain | Group: null
Email Address: null
Domain: google.com
Type: email_domain | true | 1900-01-01T00:00:00+0000 | 2100-01-01T23:59:59+0000 |

mimecast-create-block-sender-policy#

Create a Blocked Sender Policy.

Base Command#

mimecast-create-block-sender-policy

Input#

Argument NameDescriptionRequired
descriptionPolicy description.Required
fromPartAddresses based on. Possible values are: envelope_from, header_from, both. Default is envelope_from.Optional
fromTypeBlocked sender type. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, individual_email_address.Required
fromValueRequired if fromType is one of email_domain, profile_group, individual_email_address. Expected values: If fromType is email_domain, a domain name without the @ symbol. If fromType is profile_group, the ID of the profile group. If fromType is individual_email_address, an email address.Optional
toTypeReceiver type. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address, free_mail_domains, header_display_name.Required
toValueRequired if fromType is one of email_domain, profile_group, individual_email_address. Expected values: If toType is email_domain, a domain name without the @ symbol. If toType is profile_group, the ID of the profile group. If toType is individual_email_address, an email address.Optional
optionThe block option. Possible values are: no_action, block_sender.Required

Context Output#

PathTypeDescription
Mimecast.BlockedSendersPolicy.IDstringPolicy ID.
Mimecast.BlockedSendersPolicy.Sender.AddressstringBlock sender by email address.
Mimecast.BlockedSendersPolicy.Sender.DomainstringBlock sender by domain.
Mimecast.BlockedSendersPolicy.Sender.GroupstringBlock sender by group.
Mimecast.BlockedSendersPolicy.BidirectionalbooleanBlocked policy is bidirectional or not.
Mimecast.BlockedSendersPolicy.Receiver.AddressstringBlock emails to receiver type address.
Mimecast.BlockedSendersPolicy.Receiver.DomainstringBlock emails to receiver type domain.
Mimecast.BlockedSendersPolicy.Receiver.GroupstringBlock emails to receiver type group.
Mimecast.BlockedSendersPolicy.FromdatedatePolicy validation start date.
Mimecast.BlockedSendersPolicy.TodatedatePolicy expiration date.
Mimecast.BlockedSendersPolicy.Sender.TypeStringThe sender type.
Mimecast.BlockedSendersPolicy.Receiver.TypeStringThe receiver type.

Command example#

!mimecast-create-block-sender-policy description=test fromType=everyone option=block_sender toType=everyone

Context Example#

{
"Mimecast": {
"BlockedSendersPolicy": {
"Bidirectional": false,
"Description": "test",
"FromDate": "1900-01-01T00:00:00+0000",
"ID": "eNo1jrsOgjAAAP1234",
"Receiver": {
"Address": null,
"Domain": null,
"Group": null,
"Type": "everyone"
},
"Reciever": {
"Domain": null,
"Email Address": null,
"Group": null,
"Type": "everyone"
},
"Sender": {
"Address": null,
"Domain": null,
"Group": null,
"Type": "everyone"
},
"ToDate": "2100-01-01T23:59:59+0000"
}
}
}

Human Readable Output#

Mimecast Create block sender Policy:#

Policy Was Created Successfully! |Policy ID|Description|Sender|Receiver|Bidirectional|Start|End| |---|---|---|---|---|---|---| | eNo1jrsOgjAAAP-l1234 | test | Group: null
Email Address: null
Domain: null
Type: everyone | Group: null
Email Address: null
Domain: null
Type: everyone | false | 1900-01-01T00:00:00+0000 | 2100-01-01T23:59:59+0000 |

mimecast-update-block-sender-policy#

Updates the specified policy.

Base Command#

mimecast-update-block-sender-policy

Input#

Argument NameDescriptionRequired
policy_idThe ID of the policy to update.Required
descriptionA new description for the policy.Optional
fromTypeThe sender type by which to block senders in the policy. This argument must match the fromValue argument. For example, if you specify email_domain, the fromValue must be an email_domain. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address, free_mail_domains, header_display_name.Optional
toTypeThe blocked receiver type by which to block receivers in the policy. This argument must match the toValue argument. For example, if you specify email_domain, the fromType must be an email_domain. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, individual_email_address.Optional
optionThe block action. Possible values are: no_action, block_sender.Optional
fromValueThe value of the fromType argument. For example, if you specify email_domain for fromType, the fromValue must be an email_domain.Optional
toValueThe value of the toType argument. For example, if you specify email_domain for toType, the toValue must be an email_domain.Optional
fromPartThe part from where addresses are pulled. Possible values are: envelope_from, header_from, both.Optional

Context Output#

PathTypeDescription
Mimecast.BlockedSendersPolicy.IDstringPolicy ID.
Mimecast.BlockedSendersPolicy.Sender.AddressstringBlock sender by email address value.
Mimecast.BlockedSendersPolicy.Sender.DomainstringBlock sender by domain value.
Mimecast.BlockedSendersPolicy.Sender.GroupstringBlock sender by group value.
Mimecast.BlockedSendersPolicy.BidirectionalbooleanWhether the blocked policy is bidirectional.
Mimecast.BlockedSendersPolicy.Receiver.AddressstringBlock emails to receiver type address.
Mimecast.BlockedSendersPolicy.Receiver.DomainstringBlock emails to receiver type domain.
Mimecast.BlockedSendersPolicy.Receiver.GroupstringBlock emails to receiver type group.
Mimecast.BlockedSendersPolicy.FromdatedateThe policy validation start date.
Mimecast.BlockedSendersPolicy.TodatedateThe policy expiration date.
Mimecast.BlockedSendersPolicy.Sender.TypeStringThe sender type.
Mimecast.BlockedSendersPolicy.Receiver.TypeStringThe receiver type.

Command example#

!mimecast-update-block-sender-policy policy_id=eNo1jrsOgjAAAP-1234 description=test fromPart=both fromType=email_domain fromValue=google.com option=block_sender toType=everyone

Context Example#

{
"Mimecast": {
"BlockedSendersPolicy": {
"Bidirectional": false,
"Description": "test",
"FromDate": "1900-01-01T00:00:00+0000",
"ID": "eNo1jrsOgjAAAP-1234",
"Receiver": {
"Address": null,
"Domain": null,
"Group": null,
"Type": "everyone"
},
"Sender": {
"Address": null,
"Domain": "google.com",
"Group": null,
"Type": "email_domain"
},
"ToDate": "2100-01-01T23:59:59+0000"
}
}
}

Human Readable Output#

Mimecast Update Policy:#

Policy Was Updated Successfully! |Policy ID|Description|Sender|Receiver|Bidirectional|Start|End| |---|---|---|---|---|---|---| | eNo1jrsOgjAAAP-1234 | test | Group: null
Email Address: null
Domain: google.com
Type: email_domain | Group: null
Email Address: null
Domain: null
Type: everyone | false | 1900-01-01T00:00:00+0000 | 2100-01-01T23:59:59+0000 |

mimecast-create-antispoofing-bypass-policy#

Create a new Anti-Spoofing SPF based Bypass policy.

Base Command#

mimecast-create-antispoofing-bypass-policy

Input#

Argument NameDescriptionRequired
optionThe policy action to be taken. Possible values are: disable_bypass, enable_bypass.Required
bidirectionalDetermines if the policy should apply in both email directions, where the sender and recipient configurations are reversed. Possible values are: yes, no.Optional
commentComment about the policy. This field is not visible within the Administration Console.Optional
spf_domainSource IP ranges for a policy. It will only apply when the source IP address used to transmit the email data falls inside/matches the range(s) configured. IP ranges should be entered in CIDR notation.Required
descriptionNarrative to describe the policy for future reference.Required
enabledDetermines if the policy should be enabled to process messages. Possible values are: yes, no. Default is yes.Optional
enforcedDetermines if the policy enforcement option is enabled. Possible values are: yes, no. Default is no.Optional
from_attribute_idThe secure ID of the address attribute.Optional
from_attribute_nameName of address attribute.Optional
from_attribute_valueValue to which the address attribute is equal to.Optional
from_dateSpecifies the date a policy should go into effect, in ISO 8601 format (e.g., 2015-11-16T14:49:18+0000) or a relative time such as "3 days ago". When specified, this will override the fromEternal value to false.Optional
from_eternalSpecifies if the policy should have no start date. Possible values are: yes, no. Default is yes.Optional
from_partPolicy from part. Possible values are: envelope_from, header_from, both.Optional
to_dateSpecifies the expiration date of a policy in ISO 8601 format (e.g., 2015-11-16T14:49:18+0000) or a relative time such as "3 days". When specified, this will override the toEternal value to false.Optional
to_eternalSpecifies if the policy should have no expiration date. Possible values are: yes, no. Default is yes.Optional
overrideSpecifies if the policy should be set as an override. To be considered prior to equally-specific policies. Possible values are: yes, no.Optional
from_typeThe scope for which the policy should should be applied. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address.Required
from_valueRequired if fromType is one of email_domain, profile_group, individual_email_address. Expected values: If toType is email_domain, a domain name without the @ symbol. If toType is profile_group, the ID of the profile group. If toType is individual_email_address, an email address.Optional
to_typeThe type of applies on. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address.Required
to_valueRequired if fromType is one of email_domain, profile_group, individual_email_address. Expected values :If toType is email_domain, a domain name without the @ symbol. If toType is profile_group, the ID of the profile group. If toType is individual_email_address, an email address.Optional

Context Output#

PathTypeDescription
Mimecast.AntispoofingBypassPolicy.data.optionStringThe action taken by the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.idStringThe ID of the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.descriptionStringThe description of the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.fromPartStringThe part of the email message considered for the sender address by the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.from.typeStringThe type of the sender address considered by the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.to.typeStringThe type of the recipient address considered by the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.fromTypeStringThe sender address type considered by the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.toTypeStringThe recipient address type considered by the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.fromEternalBooleanIndicates if the sender address should always be considered, regardless of the current date and time, by the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.toEternalBooleanIndicates if the recipient address should always be considered, regardless of the current date and time, by the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.fromDateStringThe start date from which the Antispoofing Bypass policy should begin to apply.
Mimecast.AntispoofingBypassPolicy.policy.toDateStringThe end date until which the Antispoofing Bypass policy should apply.
Mimecast.AntispoofingBypassPolicy.policy.overrideBooleanIndicates if the Antispoofing Bypass policy should be applied prior to other policies of the same type, if conditions are met.
Mimecast.AntispoofingBypassPolicy.policy.bidirectionalBooleanIndicates if the Antispoofing Bypass policy should also apply in reverse email flow.
Mimecast.AntispoofingBypassPolicy.policy.conditions.spfDomainsStringThe SPF domains considered by the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.enabledBooleanIndicates if the Antispoofing Bypass policy should be considered for emails processing through Mimecast.
Mimecast.AntispoofingBypassPolicy.policy.enforcedBooleanIndicates if the Antispoofing Bypass policy is enforced.
Mimecast.AntispoofingBypassPolicy.policy.createTimeStringThe creation timestamp of the Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.lastUpdatedStringThe most recent modification timestamp of the Antispoofing Bypass policy.

Command example#

!mimecast-create-antispoofing-bypass-policy description=test from_type=email_domain from_value=mail.google.com option=disable_bypass to_type=everyone spf_domain=google.com bidirectional=no comment=test

Context Example#

{
"Mimecast": {
"AntispoofingBypassPolicy": {
"id": "eNo1jjEOgjAAAP_1234",
"option": "disable_bypass",
"policy": {
"bidirectional": false,
"conditions": {
"spfDomains": [
"google.com"
]
},
"createTime": "2024-05-29T11:07:20+0000",
"description": "test",
"enabled": true,
"enforced": false,
"from": {
"emailDomain": "mail.google.com",
"type": "email_domain"
},
"fromDate": "1900-01-01T00:00:00+0000",
"fromEternal": true,
"fromPart": "envelope_from",
"fromType": "email_domain",
"fromValue": "mail.google.com",
"lastUpdated": "2024-05-29T11:07:20+0000",
"override": false,
"to": {
"type": "everyone"
},
"toDate": "2100-01-01T23:59:59+0000",
"toEternal": true,
"toType": "everyone"
}
}
}
}

Human Readable Output#

Anti-Spoofing Bypass policy eNo1jjEOgjAAAP_SVYa12345 was created successfully

mimecast-update-antispoofing-bypass-policy#

Update an existing Anti-Spoofing SPF based Bypass policy.

Base Command#

mimecast-update-antispoofing-bypass-policy

Input#

Argument NameDescriptionRequired
descriptionNarrative to describe the policy for future reference.Optional
policy_idThe Mimecast secure ID of an existing policy. Use /api/policy/antispoofing-bypass/get-policy to obtain the ID.Required
enabledDetermines if the policy should be enabled to process messages. Possible values are: yes, no. Default is yes.Optional
from_date(yyyy-MM-dd'T'HH:mm:ssZ) Specifies the date a policy should go into effect, in ISO 8601 format (e.g., 2015-11-16T14:49:18+0000) or a relative time such as "3 days". When specified, this will override the fromEternal value to false.Optional
from_eternalSpecifies if the policy should have no start date. Possible values are: yes, no. Default is yes.Optional
from_partPolicy from part. Possible values are: envelope_from, header_from, both.Optional
to_dateSpecifies the expiration date of a policy in ISO 8601 format (e.g., 2015-11-16T14:49:18+0000) or a relative time such as "3 days ago". When specified, this will override the toEternal value to false.Optional
to_eternalSpecifies if the policy should have no expiration date. Possible values are: yes, no. Default is yes.Optional
bidirectionalDetermines if the policy should apply in both email directions, where the sender and recipient configurations are reversed. Possible values are: yes, no.Optional
optionThe policy action to be taken. Possible values are: disable_bypass, enable_bypass.Required

Context Output#

PathTypeDescription
Mimecast.AntispoofingBypassPolicy.meta.statusNumberThe status of the Mimecast Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.data.optionStringThe action taken by the Mimecast Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.idStringThe Mimecast secure ID of the Address Alteration Set (folder) applied by the policy.
Mimecast.AntispoofingBypassPolicy.policy.descriptionStringThe description for the Mimecast Antispoofing Bypass policy.
Mimecast.AntispoofingBypassPolicy.policy.fromPartStringThe part of the sender's address considered by the policy.
Mimecast.AntispoofingBypassPolicy.policy.from.typeStringThe sender address type (envelope or header).
Mimecast.AntispoofingBypassPolicy.policy.to.typeStringThe recipient address type (envelope or header).
Mimecast.AntispoofingBypassPolicy.policy.fromTypeStringThe sender address type used by the policy (envelope_from, header_from, or both).
Mimecast.AntispoofingBypassPolicy.policy.toTypeStringThe recipient address component scoped by the policy.
Mimecast.AntispoofingBypassPolicy.policy.fromEternalBooleanDetermines if the policy applies regardless of the current date and time.
Mimecast.AntispoofingBypassPolicy.policy.toEternalBooleanDetermines if the policy continues to apply regardless of the current date and time.
Mimecast.AntispoofingBypassPolicy.policy.fromDateDateThe start date for the policy to apply.
Mimecast.AntispoofingBypassPolicy.policy.toDateDateThe end date for the policy to cease application.
Mimecast.AntispoofingBypassPolicy.policy.overrideBooleanDetermines if the policy applies and takes precedence over other policies of the same type.
Mimecast.AntispoofingBypassPolicy.policy.bidirectionalBooleanDetermines if the policy applies to reverse email flow.
Mimecast.AntispoofingBypassPolicy.policy.conditionsUnknownConditions used to determine if the policy should be considered.
Mimecast.AntispoofingBypassPolicy.policy.enabledBooleanDetermines if the policy is considered for emails processing through Mimecast.
Mimecast.AntispoofingBypassPolicy.policy.enforcedBooleanDetermines if the policy is enforced.
Mimecast.AntispoofingBypassPolicy.policy.createTimeDateThe creation timestamp of the policy.
Mimecast.AntispoofingBypassPolicy.policy.lastUpdatedDateThe most recent modification timestamp of the policy.

Command example#

!mimecast-update-antispoofing-bypass-policy option=disable_bypass policy_id=eNo1jrs12345 bidirectional=no description=test enabled=no from_date="3 year" from_eternal=no from_part=both to_date=now to_eternal=no

Context Example#

{
"Mimecast": {
"AntispoofingBypassPolicy": {
"id": "eNo1jrs12345",
"option": "disable_bypass",
"policy": {
"bidirectional": false,
"conditions": {
"spfDomains": [
"amazon.com"
]
},
"createTime": "2024-05-20T09:11:54+0000",
"description": "test",
"enabled": false,
"enforced": false,
"from": {
"type": "everyone"
},
"fromDate": "2021-05-29T11:07:29+0000",
"fromPart": "both",
"fromType": "everyone",
"lastUpdated": "2024-05-29T11:07:29+0000",
"override": false,
"to": {
"type": "everyone"
},
"toDate": "2024-05-29T11:07:29+0000",
"toType": "everyone"
}
}
}
}

Human Readable Output#

Policy ID- eNo1jrs12345 has been updated successfully.

mimecast-create-address-alteration-policy#

This API endpoint can be used to create a new Address Alteration policy to apply an alteration definition based on sender and recipient values.

Base Command#

mimecast-create-address-alteration-policy

Input#

Argument NameDescriptionRequired
folder_idThe Mimecast secure ID of the Address Alteration Set (folder) that will be applied by this policy. To provide this, run the mimecast-list-policies command and use the value from the Mimecast.Policies.addressAlterationSetId field.Required
policy_descriptionA description of the policies for future reference.Required
bidirectionalDetermines if the policy should apply in both directions, where the from and to configurations are reversed. Possible values are: yes, no.Optional
commentComment about the policy. This field is not visible within the Administration Console.Optional
conditionsSource IP ranges for a policy. It will only apply when the source IP address used to transmit the email data falls inside/matches the range(s) configured. IP ranges should be entered in CIDR notation.Optional
enabledDetermines if the policy should be enabled to process messages. Possible values are: yes, no. Default is yes.Optional
enforcedDetermines if the policy enforcement option is enabled. Possible values are: yes, no. Default is no.Optional
from_datestring (yyyy-MM-dd'T'HH:mm:ssZ) Specifies the date a policy should go into effect, in ISO 8601 format (e.g., 2015-11-16T14:49:18+0000) or a relative time such as "3 days". When specified, this will override the fromEternal value to false.Optional
from_eternalSpecifies if the policy should have no start date. Possible values are: yes, no. Default is yes.Optional
from_partPolicy from part. Possible values are: envelope_from, header_from, both.Optional
to_dateSpecifies the expiration date of a policy in ISO 8601 format (e.g., 2015-11-16T14:49:18+0000) or a relative time such as "3 days". When specified, this will override the toEternal value to false.Optional
to_eternalSpecifies if the policy should have no expiration date. Possible values are: yes, no. Default is yes.Optional
overrideSpecifies if the policy should be set as an override. To be considered prior to equally-specific policies. Possible values are: yes, no.Optional
from_typeThe type of applies on. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address.Required
to_typeThe type of applies on. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address.Required
from_valueRequired if fromType is one of email_domain, profile_group, individual_email_address. Expected values: If fromType is email_domain, a domain name without the @ symbol. If fromType is profile_group, the ID of the profile group. If fromType is individual_email_address, an email address.Optional
to_valueRequired if toType is one of email_domain, profile_group, individual_email_address. Expected values: If toType is email_domain, a domain name without the @ symbol. If toType is profile_group, the ID of the profile group. If toType is individual_email_address, an email address.Optional

Context Output#

PathTypeDescription
Mimecast.AddressAlterationPolicy.meta.statusNumberThe status of the Address Alteration policy.
Mimecast.AddressAlterationPolicy.addressAlterationSetIdStringThe Mimecast secure ID of the Address Alteration Set (folder) that will be applied by this policy.
Mimecast.AddressAlterationPolicy.idStringThe Mimecast secure ID of the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.descriptionStringThe description for the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.fromPartStringShould the sender address be considered based on the envelope, header, or either address.
Mimecast.AddressAlterationPolicy.policy.from.typeStringThe type of sender address considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.to.typeStringThe type of recipient address considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.fromTypeStringThe sender address type considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.toTypeStringThe recipient address type considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.fromEternalBooleanShould the policy start to apply, regardless of the current date and time, for the sender address.
Mimecast.AddressAlterationPolicy.policy.toEternalBooleanShould the policy start to apply, regardless of the current date and time, for the recipient address.
Mimecast.AddressAlterationPolicy.policy.fromDateStringThe start date that the policy should begin to apply.
Mimecast.AddressAlterationPolicy.policy.toDateStringThe end date that the policy should cease to apply.
Mimecast.AddressAlterationPolicy.policy.overrideBooleanShould the policy be considered for application, and apply if conditions are met, prior to other policies of the same type.
Mimecast.AddressAlterationPolicy.policy.bidirectionalBooleanShould the policy also apply in reverse email flow.
Mimecast.AddressAlterationPolicy.policy.conditionsUnknownConditions of the sending platform to determine if the policy should be considered.
Mimecast.AddressAlterationPolicy.policy.enabledBooleanShould the policy be considered for emails processing through Mimecast.
Mimecast.AddressAlterationPolicy.policy.enforcedBooleanIs the policy enforced.
Mimecast.AddressAlterationPolicy.policy.createTimeStringThe creation timestamp of the policy.
Mimecast.AddressAlterationPolicy.policy.lastUpdatedStringThe most recent modification timestamp of the policy.

Command example#

!mimecast-create-address-alteration-policy folder_id=eNo1jrs12345 from_type=everyone to_type=everyone policy_description=test

Context Example#

{
"Mimecast": {
"AddressAlterationPolicy": {
"addressAlterationSetId": "eNo1jrs12345",
"id": "1234",
"policy": {
"bidirectional": false,
"conditions": {},
"createTime": "2024-05-29T11:07:23+0000",
"description": "test",
"enabled": true,
"enforced": false,
"from": {
"type": "everyone"
},
"fromDate": "1900-01-01T00:00:00+0000",
"fromEternal": true,
"fromPart": "envelope_from",
"fromType": "everyone",
"lastUpdated": "2024-05-29T11:07:23+0000",
"override": false,
"to": {
"type": "everyone"
},
"toDate": "2100-01-01T23:59:59+0000",
"toEternal": true,
"toType": "everyone"
}
}
}
}

Human Readable Output#

Address Alteration policy was created successfully

mimecast-update-address-alteration-policy#

Update an existing Address Alteration policy.

Base Command#

mimecast-update-address-alteration-policy

Input#

Argument NameDescriptionRequired
policy_idThe Mimecast secure ID of the Address Alteration policy to be modified.Required
policy_descriptionA description of the policies for future reference.Optional
bidirectionalDetermines if the policy should apply in both directions, where the from and to configurations are reversed. Possible values are: yes, no.Optional
commentComment about the policy. This field is not visible within the Administration Console.Optional
conditionsSource IP ranges for a policy. It will only apply when the source IP address used to transmit the email data falls inside/matches the range(s) configured. IP ranges should be entered in CIDR notation.Optional
enabledDetermines if the policy should be enabled to process messages. Possible values are: yes, no. Default is yes.Optional
enforcedDetermines if the policy enforcement option is enabled. Possible values are: yes, no. Default is no.Optional
from_datestring (yyyy-MM-dd'T'HH:mm:ssZ) Specifies the date a policy should go into effect, in ISO 8601 format (e.g., 2015-11-16T14:49:18+0000) or a relative time such as "3 days ago". When specified, this will override the fromEternal value to false.Optional
from_eternalSpecifies if the policy should have no start date. Possible values are: yes, no. Default is yes.Optional
from_partPolicy from part. Possible values are: envelope_from, header_from, both.Optional
to_dateSpecifies the expiration date of a policy in ISO 8601 format (e.g., 2015-11-16T14:49:18+0000) or a relative time such as "3 days ago". When specified, this will override the toEternal value to false.Optional
to_eternalSpecifies if the policy should have no expiration date. Possible values are: yes, no. Default is yes.Optional
overrideSpecifies if the policy should be set as an override. To be considered prior to equally-specific policies. Possible values are: yes, no.Optional

Context Output#

PathTypeDescription
Mimecast.AddressAlterationPolicy.meta.statusNumberThe status of the Address Alteration policy.
Mimecast.AddressAlterationPolicy.idStringThe Mimecast secure ID of the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.descriptionStringThe description for the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.fromPartStringShould the sender address be considered based on the envelope, header, or either address.
Mimecast.AddressAlterationPolicy.policy.from.typeStringThe type of sender address considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.to.typeStringThe type of recipient address considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.fromTypeStringThe sender address type considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.toTypeStringThe recipient address type considered by the Address Alteration policy.
Mimecast.AddressAlterationPolicy.policy.fromEternalBooleanShould the policy start to apply, regardless of the current date and time, for the sender address.
Mimecast.AddressAlterationPolicy.policy.toEternalBooleanShould the policy start to apply, regardless of the current date and time, for the recipient address.
Mimecast.AddressAlterationPolicy.policy.fromDateStringThe start date that the policy should begin to apply.
Mimecast.AddressAlterationPolicy.policy.toDateStringThe end date that the policy should cease to apply.
Mimecast.AddressAlterationPolicy.policy.overrideBooleanShould the policy be considered for application, and apply if conditions are met, prior to other policies of the same type.
Mimecast.AddressAlterationPolicy.policy.bidirectionalBooleanShould the policy also apply in reverse email flow.
Mimecast.AddressAlterationPolicy.policy.conditionsUnknownConditions of the sending platform to determine if the policy should be considered.
Mimecast.AddressAlterationPolicy.policy.enabledBooleanShould the policy be considered for emails processing through Mimecast.
Mimecast.AddressAlterationPolicy.policy.enforcedBooleanIs the policy enforced.
Mimecast.AddressAlterationPolicy.policy.createTimeStringThe creation timestamp of the policy.
Mimecast.AddressAlterationPolicy.policy.lastUpdatedStringThe most recent modification timestamp of the policy.

Command example#

!mimecast-update-address-alteration-policy policy_id=eNo1jrs12345 bidirectional=no comment=test conditions=8.8.8.8/24 enabled=no enforced=no from_date="3 year" from_eternal=no from_part=both override=no policy_description=test to_date=now to_eternal=no

Context Example#

{
"Mimecast": {
"AddressAlterationPolicy": {
"id": "eNo1jrs12345",
"policy": {
"bidirectional": false,
"conditions": {
"sourceIPs": [
"8.8.8.8/24"
]
},
"createTime": "2024-05-26T06:38:11+0000",
"description": "test",
"enabled": false,
"enforced": false,
"from": {
"type": "everyone"
},
"fromDate": "2021-05-29T11:07:32+0000",
"fromPart": "both",
"fromType": "everyone",
"lastUpdated": "2024-05-29T11:07:32+0000",
"override": false,
"to": {
"type": "everyone"
},
"toDate": "2024-05-29T11:07:32+0000",
"toType": "everyone"
}
}
}
}

Human Readable Output#

eNo1jrs12345 has been updated successfully

Edit this page
Report an Issue