Skip to main content

Mimecast v2

This Integration is part of the Mimecast Pack.#

Mimecast unified email management offers cloud email services for email security, continuity and archiving emails. Please read detailed instructions in order to understand how to set the integration's parameters.

Configure Mimecast v2 on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Mimecast v2.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    BaseUrl - API url including region, For example https://eu-api.mimecast.comTrue
    App IDTrue
    User Email Address (Use for auto token refresh)False
    PasswordFalse
    App keyFalse
    AccessKeyFalse
    SecretKeyFalse
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Fetch incidentsFalse
    Fetch URL incidentsFalse
    Fetch attachment incidentsFalse
    Fetch impersonation incidentsFalse
    Incident typeFalse
    Hours before first fetch to retrieve incidentsFalse
    Incident typeFalse
    Fetch incidentsFalse
    Incident typeFalse
    Fetch incidentsFalse
    Incident typeFalse
    Fetch incidentsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

mimecast-query#


Query Mimecast emails. This is an archive search command.

Base Command#

mimecast-query

Input#

Argument NameDescriptionRequired
queryXmlThe query string xml for the search using Mimecast Unified Search Experience (MUSE) - read more on https://community.mimecast.com/docs/DOC-2262, using this will override other query arguments.Optional
textSearch for this text in messages.Optional
dryRunWill not execute the query, but just return the query string built. Possible values are: true, false. Default is false.Optional
dateSearch in specific dates only. Possible values are: today, yesterday, last_week, last_month, last_year.Optional
dateFromSearch emails from date, format YYYY-MM-DDTHH:MM:SZ (e.g. 2015-09-21T23:00:00Z).Optional
dateToSearch emails to date, format YYYY-MM-DDTHH:MM:SZ (e.g. 2015-09-21T23:00:00Z).Optional
sentToFilter on messages to a specific address.Optional
sentFromFilter on messages from a specific address.Optional
subjectSearch email by subject, will override the text argument.Optional
attachmentTypeThese are the attachment types available: optional - messages with and without attachments any - messages with any attachment documents - messages with doc, dot, docx, docm, dotx, dotm, pdf, rtf, html attachments spreadsheets - messages with xls, xlt, xlsx, xlsm, xltx, xltm, xlsb, xlam, csv attachments presentations - messages with ppt, pptx, pptm, potx, potm, ppam, ppsx, ppsm, sldx, sldm, thms, pps attachments text - messages with txt, text, html, log attachments images - messages with jpg, jpeg, png, bmp, gif, psd, tif, tiff attachments media - messages with mp3, mp4, m4a, mpg, mpeg, avi, wav, aac, wma, mov attachments zips - messages with zip, rar, cab, gz, gzip, 7z attachments none - No attachments are to be present in the results. Possible values are: optional, any, documents, spreadsheets, presentations, text, images, media, zips, none.Optional
attachmentTextSearch for text in attachments.Optional
bodySearch email by text in body, will override the text and subject arguments.Optional
page_sizeNumber of results per page to display. Possible values are: .Optional
startRowThis parameter is ignored, use the pagination parameters instead. Possible values are: .Optional
activeDefines if the search should query recently received messages that are not fully processed yet (default false). You can search by mailbox and date time across active messages. Possible values are: true, false. Default is false.Optional
limitThe maximum number of results to return. Possible values are: . Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.Message.IDstringMessage ID
Mimecast.Message.SubjectstringMessage subject
Mimecast.Message.SenderstringMessage sender address
Mimecast.Message.RecipientstringMessage recipient address
Mimecast.Message.RecievedDatedateMessage received date
Mimecast.Message.SizenumberThe size of the message in bytes
Mimecast.Message.AttachmentCountnumberMessage attachments count
Mimecast.Message.StatusstringMessage status

mimecast-list-blocked-sender-policies#


List all existing Mimecast blocked sender policies

Base Command#

mimecast-list-blocked-sender-policies

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
Mimecast.Policy.IDstringPolicy ID
Mimecast.Policy.Sender.AddressstringBlock Sender by email address
Mimecast.Policy.Sender.DomainstringBlock Sender by domain
Mimecast.Policy.Sender.GroupstringBlock Sender by group
Mimecast.Policy.BidirectionalbooleanBlocked policy is bidirectional or not
Mimecast.Policy.Receiver.AddressstringBlock emails to receiver type address
Mimecast.Policy.Receiver.DomainstringBlock emails to receiver type domain
Mimecast.Policy.Receiver.GroupstringBlock emails to receiver type group
Mimecast.Policy.FromDatedatePolicy validation start date
Mimecast.Policy.ToDatedatePolicy expiration date
Mimecast.Policy.Sender.TypestringBlock emails to sender type
Mimecast.Policy.Receiver.TypestringBlock emails to receiver type

mimecast-get-policy#


Get a blocked sender policy by ID

Base Command#

mimecast-get-policy

Input#

Argument NameDescriptionRequired
policyIDFilter by policy ID.Required

Context Output#

PathTypeDescription
Mimecast.Policy.IDstringPolicy ID
Mimecast.Policy.Sender.AddressstringBlock Sender by email address
Mimecast.Policy.Sender.DomainstringBlock Sender by domain
Mimecast.Policy.Sender.GroupstringBlock Sender by group
Mimecast.Policy.BidirectionalbooleanBlocked policy is bidirectional or not
Mimecast.Policy.Receiver.AddressstringBlock emails to receiver type address
Mimecast.Policy.Receiver.DomainstringBlock emails to receiver type domain
Mimecast.Policy.Receiver.GroupstringBlock emails to receiver type group
Mimecast.Policy.FromdatedatePolicy validation start date
Mimecast.Policy.TodatedatePolicy expiration date

mimecast-create-policy#


Create a Blocked Sender Policy

Base Command#

mimecast-create-policy

Input#

Argument NameDescriptionRequired
descriptionPolicy description.Required
fromPartAddresses based on. Possible values are: envelope_from, header_from, both. Default is envelope_from.Optional
fromTypeBlocked Sender type. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, individual_email_address.Required
fromValueRequired if fromType is one of email domain, profile group, individual email address. Expected values: If fromType is email_domain, a domain name without the @ symbol. If fromType is profile_group, the ID of the profile group. If fromType is individual_email_address, an email address.Optional
toTypeReceiver type. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address, free_mail_domains, header_display_name.Required
toValueRequired if fromType is one of email domain, profile group, individual email address. Expected values: If toType is email_domain, a domain name without the @ symbol. If toType is profile_group, the ID of the profile group. If toType is individual_email_address, an email address.Optional
optionThe block option, must be one of: no_action, block_sender. Possible values are: no_action, block_sender.Required

Context Output#

PathTypeDescription
Mimecast.Policy.IDstringPolicy ID
Mimecast.Policy.Sender.AddressstringBlock Sender by email address
Mimecast.Policy.Sender.DomainstringBlock Sender by domain
Mimecast.Policy.Sender.GroupstringBlock Sender by group
Mimecast.Policy.BidirectionalbooleanBlocked policy is Bidirectional or not
Mimecast.Policy.Receiver.AddressstringBlock emails to receiver type address
Mimecast.Policy.Receiver.DomainstringBlock emails to receiver type domain
Mimecast.Policy.Receiver.GroupstringBlock emails to receiver type group
Mimecast.Policy.FromdatedatePolicy validation start date
Mimecast.Policy.TodatedatePolicy expiration date
Mimecast.Policy.Sender.TypeStringThe sender type
Mimecast.Policy.Receiver.TypeStringThe receiver type

mimecast-delete-policy#


Delete a Blocked Sender Policy

Base Command#

mimecast-delete-policy

Input#

Argument NameDescriptionRequired
policyIDPolicy ID.Required

Context Output#

PathTypeDescription
Mimecast.Policy.IDstringPolicy ID

mimecast-manage-sender#


Permit or block a specific sender

Base Command#

mimecast-manage-sender

Input#

Argument NameDescriptionRequired
senderThe email address of sender to permit or block.Required
recipientThe email address of recipient to permit or block.Required
actionChoose to either "permit" (to bypass spam checks) or "block" (to reject the email). Possible values are: permit, block.Required
limitThe maximum number of results to return. Possible values are: . Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size. Possible values are: .Optional
page_sizeNumber of results per page to display. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.Managed.SenderstringThe email address of the sender
Mimecast.Managed.RecipientstringThe email address of the recipient
Mimecast.Managed.ActionstringChosen action
Mimecast.Managed.IDstringThe Mimecast secure ID of the managed sender object.

mimecast-list-managed-url#


Get a list of all managed URLs

Base Command#

mimecast-list-managed-url

Input#

Argument NameDescriptionRequired
urlFilter results by specific URL.Optional

Context Output#

PathTypeDescription
Mimecast.URL.DomainstringThe managed domain
Mimecast.URL.DisablelogclickbooleanIf logging of user clicks on the URL is disabled
Mimecast.URL.ActionstringEither block of permit
Mimecast.URL.PathstringThe path of the managed URL
Mimecast.URL.matchTypestringEither explicit - applies to the full URL or domain - applies to all URL values in the domain
Mimecast.URL.IDstringThe Mimecast secure ID of the managed URL
Mimecast.URL.disableRewritebooleanIf rewriting of this URL in emails is disabled

mimecast-create-managed-url#


Create a managed URL on Mimecast

Base Command#

mimecast-create-managed-url

Input#

Argument NameDescriptionRequired
urlThe URL to block or permit. Do not include a fragment (#).Required
actionSet to "block" to block list the URL, "permit" to add to allow list. Possible values are: block, permit.Required
matchTypeSet to "explicit" to block or permit only instances of the full URL. Set to "domain" to block or permit any URL with the same domain. Possible values are: explicit, domain. Default is explicit.Optional
disableRewriteDisable rewriting of this URL in emails. Applies only if action = "permit". Default false. Possible values are: true, false. Default is false.Optional
commentAdd a comment about the managed URL.Optional
disableUserAwarenessDisable User Awareness challenges for this URL. Applies only if action = "permit". Default false. Possible values are: true, false. Default is false.Optional
disableLogClickDisable logging of user clicks on the URL. Default is false. Possible values are: true, false. Default is false.Optional

Context Output#

PathTypeDescription
Mimecast.URL.DomainstringThe managed domain
Mimecast.URL.ActionstringEither block of permit
Mimecast.URL.disableLogClickstringIf logging of user clicks on the URL is disabled
Mimecast.URL.matchTypestringEither explicit - applies to the full URL or domain - applies to all URL values in the domain
Mimecast.URL.IDstringThe Mimecast secure ID of the managed URL
Mimecast.URL.disableRewritebooleanIf rewriting of this URL in emails is disabled

mimecast-list-messages#


Get a list of messages for a given user. This is an archive search command. Required Permissions The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Archive/Search/Read.
  • or Mimecast user with delegate permissions to address or user.

Base Command#

mimecast-list-messages

Input#

Argument NameDescriptionRequired
mailboxThe email address to return the message list forOptional
startTimeThe start date of messages to return, in the following format, 2015-11-16T14:49:18+0000. Default is the last calendar monthOptional
endTimeThe end date of messages to return, in the following format, 2015-11-16T14:49:18+0000. Default is the end of the current dayOptional
viewThe message list type, must be one of: inbox or sent, default is inboxOptional
subjectFilter by message subjectOptional
limitThe maximum number of results to return. Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional

Context Output#

PathTypeDescription
Mimecast.Message.SubjectstringMessage Subject
Mimecast.Message.IDstringMessage ID
Mimecast.Message.SizenumberThe size of the message in bytes
Mimecast.Message.RecievedDatedateThe date the message was received
Mimecast.Message.FromstringThe mail Sender
Mimecast.Message.AttachmentCountstringThe number of attachments on the message

mimecast-get-attachment-logs#


Returns Attachment Protect logs for a Mimecast customer account

Base Command#

mimecast-get-attachment-logs

Input#

Argument NameDescriptionRequired
resultsNumberThis parameter is ignored, use the 'limit' parameter instead. Possible values are: .Optional
fromDateStart date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is the start of the current day.Optional
toDateEnd date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is time of request.Optional
resultTypeFilters logs by scan result, default is malicious. Possible values are: safe, malicious, timeout, error, unsafe, all. Default is malicious.Optional
limitThe maximum number of results to return. Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional

Context Output#

PathTypeDescription
Mimecast.AttachmentLog.ResultstringThe result of the attachment analysis: clean, malicious, unknown, or timeout
Mimecast.AttachmentLog.DatedateThe time at which the attachment was released from the sandbox
Mimecast.AttachmentLog.SenderstringThe sender of the attachment
Mimecast.AttachmentLog.FileNamestringThe file name of the original attachment
Mimecast.AttachmentLog.ActionstringThe action triggered for the attachment
Mimecast.AttachmentLog.RecipientstringThe address of the user that received the attachment
Mimecast.AttachmentLog.FileTypestringThe file type of the attachment
Mimecast.AttachmentLog.RoutestringThe route of the original email containing the attachment, either: inbound, outbound, internal, or external

mimecast-get-url-logs#


Returns URL protect logs for a Mimecast customer account. Default value of scanResult as malicious

Base Command#

mimecast-get-url-logs

Input#

Argument NameDescriptionRequired
resultsNumberThe number of results to request. Default is allOptional
fromDateStart date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is the start of the current day.Optional
toDateEnd date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is time of request.Optional
resultTypeFilters logs by scan result, default is allOptional
limitThe maximum number of results to return. Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional

Context Output#

PathTypeDescription
Mimecast.UrlLog.CategorystringThe category of the URL clicked
Mimecast.UrlLog.UserAddressstringThe email address of the user who clicked the link
Mimecast.UrlLog.URLstringThe url clicked
Mimecast.UrlLog.AwarenessstringThe action taken by the user if user awareness was applied
Mimecast.UrlLog.AdminOverridestringThe action defined by the administrator for the URL
Mimecast.UrlLog.DatedateThe date that the URL was clicked
Mimecast.UrlLog.ResultstringThe result of the URL scan
Mimecast.UrlLog.ActionstringThe action that was taken for the click
Mimecast.UrlLog.RoutestringThe route of the original email containing the attachment, either: inbound, outbound, internal, or external
Mimecast.UrlLog. userOverridestringThe action requested by the user.

mimecast-get-impersonation-logs#


Returns Impersonation Protect logs for a Mimecast customer account

Base Command#

mimecast-get-impersonation-logs

Input#

Argument NameDescriptionRequired
resultsNumberThis parameter is ignored, use the 'limit' parameter instead. Possible values are: .Optional
taggedMaliciousFilters for messages tagged malicious (true) or not tagged malicious (false). Omit for no tag filtering. Default is true. Possible values are: true, false. Default is true.Optional
searchFieldThe field to search,Defaults is all (meaning all of the preceding fields). Possible values are: senderAddress, recipientAddress, subject, policy, all.Optional
queryRequired if searchField exists. A character string to search for in the logs.Optional
identifiersFilters logs by identifiers, can include any of newly_observed_domain, internal_user_name, repy_address_mismatch, and targeted_threat_dictionary. you can choose more then one identifier separated by comma. Possible values are: newly_observed_domain, internal_user_name, repy_address_mismatch, targeted_threat_dictionary.Optional
fromDateStart date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is the start of the current day.Optional
toDateEnd date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is time of request.Optional
actionsFilters logs by action, you can choose more then one action separated by comma. Possible values are: delete, hold, bounce, smart_folder, disable_smart_folder, content_expire, meta_expire, stationery, gcc, secure_delivery, delivery_route, document_policy, disable_document_policy, attach_set_policy, remove_email.Optional
limitThe maximum number of results to return. Default is 100.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size. Possible values are: .Optional
page_sizeNumber of results per page to display. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.Impersonation.ResultCountnumberThe total number of IMPERSONATION log lines found for the request
Mimecast.Impersonation.HitsnumberThe number of identifiers that the message triggered
Mimecast.Impersonation.MaliciousbooleanWhether the message was tagged as malicious
Mimecast.Impersonation.SenderIPstringThe source IP address of the message
Mimecast.Impersonation.SenderAddressstringThe email address of the sender of the message
Mimecast.Impersonation.SubjectstringThe subject of the email
Mimecast.Impersonation.IdentifiersstringThe properties of the message that triggered the action: similar_internal_domain, newly_observed_domain, internal_user_name, reply_address_mismatch, and/or targeted_threat_dictionary
Mimecast.Impersonation.DatedateThe time at which the log was recorded
Mimecast.Impersonation.ActionstringThe action triggered by the email
Mimecast.Impersonation.PolicystringThe name of the policy definition that triggered the log
Mimecast.Impersonation.IDstringImpersonation Log ID
Mimecast.Impersonation.RecipientAddressstringThe email address of the recipient of the email
Mimecast.Impersonation.ExternalbooleanWhether the message was tagged as coming from an external address

mimecast-url-decode#


Decodes a given url from mimecast

Base Command#

mimecast-url-decode

Input#

Argument NameDescriptionRequired
urlURL to decode.Required

Context Output#

PathTypeDescription
URL.DatastringThe encoded url to parse
URL.Mimecast.DecodedURLstringParsed url

mimecast-discover#


discover authentication types that are supported for your account and which base URL to use for the requesting user.

Base Command#

mimecast-discover

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Mimecast.Authentication.AuthenticationTypesstringList of authentication types available to the user
Mimecast.Authentication.EmailAddressstringEmail address of the request sender
Mimecast.Authentication.EmailTokenstringEmail token of the request sender

mimecast-refresh-token#


Refresh access key validity

Base Command#

mimecast-refresh-token

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

mimecast-login#


Login to generate Access Key and Secret Key

Base Command#

mimecast-login

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

mimecast-get-message#


Get the contents or metadata of a given message. This is an archive search command.

Required Permissions#

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Archive/Search Content View.
  • or Mimecast user with delegate permissions to address or user.

Base Command#

mimecast-get-message

Input#

Argument NameDescriptionRequired
messageIDMessage IDRequired
contextDefines which copy of the message part to return, must be one of: "delivered" the copy that has been processed by the Mimecast MTA with policies such as URL rewriting applied, OR "received" - the copy of the message that Mimecast originally received. (Only relevant for part argument = message or all)Required
typeThe message type to return. (Only relevant for part argument = message or all)Optional
partDefine what message part to return - download message, get metadata or both.Optional

Context Output#

PathTypeDescription
Mimecast.Message.IDstringMessage ID
Mimecast.Message.SubjectstringThe message subject.
Mimecast.Message.HeaderDatedateThe date of the message as defined in the message headers.
Mimecast.Message.SizenumberThe message size.
Mimecast.Message.FromstringSender of the message as defined in the message header.
Mimecast.Message.To.EmailAddressstringRecipient of the message.
Mimecast.Message.ReplyTostringThe value of the Reply-To header.
Mimecast.Message.CC.EmailAddressstringEach CC recipient of the message.
Mimecast.Message.EnvelopeFromstringSender of the message as defined in the message envelope.
Mimecast.Message.Headers.NamestringHeader's name.
Mimecast.Message.Headers.ValuesstringHeader's value.
Mimecast.Message.Attachments.FileNamestringMessage attachment's file name.
Mimecast.Message.Attachments.SHA256stringMessage attachment's SHA256.
Mimecast.Message.Attachments.IDstringMessage attachment's ID.
Mimecast.Message.Attachments.SizenumberMessage attachment's file size.
Mimecast.Message.ProcesseddateThe date the message was processed by Mimecast in ISO 8601 format.
Mimecast.Message.HasHtmlBodybooleanIf the message has an HTML body part.
File.SizenumberFile size
File.SHA1stringSHA1 hash of the file
File.SHA256stringSHA256 hash of the file
File.NamestringThe sample name
File.SSDeepstringSSDeep hash of the file
File.EntryIDstringWar-Room Entry ID of the file
File.InfostringBasic information of the file
File.TypestringFile type e.g. "PE"
File.MD5stringMD5 hash of the file

mimecast-download-attachments#


Download attachments from a specified message. This is an archive search command.

Required Permissions#

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Archive/Search Content View.
  • or Mimecast user with delegate permissions to address or user.

Base Command#

mimecast-download-attachments

Input#

Argument NameDescriptionRequired
attachmentIDThe Mimecast ID of the message attachment to return. (Can be retrieved from mimecast-get-message)Required

Context Output#

PathTypeDescription
File.SizenumberFile Size
File.SHA1stringSHA1 hash of the file
File.SHA256stringSHA256 hash of the file
File.NamestringThe sample name
File.SSDeepstringSSDeep hash of the file
File.EntryIDstringWar-Room Entry ID of the file
File.InfostringBasic information of the file
File.TypestringFile type e.g., "PE"
File.MD5stringMD5 hash of the file

mimecast-find-groups#


Returns the list of groups according to the specified query.

Base Command#

mimecast-find-groups

Input#

Argument NameDescriptionRequired
query_stringThe string to query.Optional
query_sourceThe group source by which to filter. Possible values are: cloud, ldap.Optional
limitThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
Mimecast.Group.NameStringThe name of the group.
Mimecast.Group.SourceStringThe source of the group.
Mimecast.Group.IDStringThe Mimecast ID of the group.
Mimecast.Group.NumberOfUsersNumberThe number of members in the group.
Mimecast.Group.ParentIDStringThe Mimecast ID of the group's parent.
Mimecast.Group.NumberOfChildGroupsNumberThe number of child groups.

mimecast-get-group-members#


Returns the members list for the specified group.

Base Command#

mimecast-get-group-members

Input#

Argument NameDescriptionRequired
group_idThe Mimecast ID of the group to return.Required
limitThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
Mimecast.Group.Users.NameStringThe user's display name.
Mimecast.Group.Users.EmailAddressStringThe user's email address.
Mimecast.Group.Users.DomainStringThe domain name of the user's email address.
Mimecast.Group.Users.TypeStringThe user type.
Mimecast.Group.Users.InternalUserBooleanWhether the user is internal.
Mimecast.Group.Users.IsRemovedBooleanWhether the user is part of the group.

mimecast-add-group-member#


Adds a user to a group. The email_address and domain_address arguments are optional, but one of them must be supplied.

Base Command#

mimecast-add-group-member

Input#

Argument NameDescriptionRequired
group_idThe Mimecast ID of the group to add the user to.Required
email_addressThe email address of the user to add to a group.Optional
domain_addressA domain to add to a group.Optional

Context Output#

PathTypeDescription
Mimecast.Group.Users.EmailAddressStringThe user's email address.
Mimecast.Group.Users.IsRemovedBooleanWhether the user is part of the group.

mimecast-remove-group-member#


Removes a user from a group. The email_address and domain_address arguments are optional, but one of them must be supplied.

Base Command#

mimecast-remove-group-member

Input#

Argument NameDescriptionRequired
group_idThe Mimecast ID of the group from which to remove the user.Required
email_addressThe email address of the user to remove from the group.Optional
domain_addressA domain of the user to remove from a group.Optional

Context Output#

PathTypeDescription
Mimecast.Group.Users.EmailAddressStringThe user's email address.
Mimecast.Group.Users.IsRemovedBooleanWhether the user part of the group.

mimecast-create-group#


Creates a new Mimecast group.

Base Command#

mimecast-create-group

Input#

Argument NameDescriptionRequired
group_nameThe name of the new group.Required
parent_idThe Mimecast ID of the new group's parent. Default will be root level.Optional

Context Output#

PathTypeDescription
Mimecast.Group.NameStringThe name of the group.
Mimecast.Group.SourceStringThe source of the group.
Mimecast.Group.IDStringThe Mimecast ID of the group.
Mimecast.Group.NumberOfUsersNumberThe number of members in the group.
Mimecast.Group.ParentIDStringThe Mimecast ID of the group's parent.
Mimecast.Group.NumberOfChildGroupsNumberThe number of child groups.

mimecast-update-group#


Updates an existing Mimecast group.

Base Command#

mimecast-update-group

Input#

Argument NameDescriptionRequired
group_nameThe new name for the group.Optional
group_idThe Mimecast ID of the group to update.Required
parent_idThe new parent group.Optional

Context Output#

PathTypeDescription
Mimecast.Group.NameStringThe name of the group.
Mimecast.Group.IDStringThe Mimecast ID of the group.
Mimecast.Group.ParentIDStringThe Mimecast ID of the group's parent.

mimecast-create-remediation-incident#


Creates a new Mimecast remediation incident.

Base Command#

mimecast-create-remediation-incident

Input#

Argument NameDescriptionRequired
hash_message_idThe file hash or messageId value.Required
reasonThe reason for creating the remediation incident.Required
search_byThe message component by which to search. Default is "hash". Possible values are: hash, messageId.Optional
start_dateThe start date of messages to remediate. Default value is the previous month. (Format: yyyy-mm-ddThh:mm:ss+0000).Optional
end_dateThe end date of messages to remediate. Default value is the end of the current day. (Format: yyyy-mm-ddThh:mm:ss+0000).Optional

Context Output#

PathTypeDescription
Mimecast.Incident.IDStringThe secure Mimecast remediation ID.
Mimecast.Incident.CodeStringThe incident code generated at creation.
Mimecast.Incident.TypeStringThe incident type.
Mimecast.Incident.ReasonStringThe reason provided at the creation of the remediation incident.
Mimecast.Incident.IdentifiedMessagesNumberThe number of messages identified based on the search criteria.
Mimecast.Incident.SuccessfullyRemediatedMessagesNumberThe number successfully remediated messages.
Mimecast.Incident.FailedRemediatedMessagesNumberThe number of messages that failed to remediate.
Mimecast.Incident.MessagesRestoredNumberThe number of messages that were restored from the incident.
Mimecast.Incident.LastModifiedStringThe date and time that the incident was last modified.
Mimecast.Incident.SearchCriteria.FromStringThe sender email address or domain.
Mimecast.Incident.SearchCriteria.ToStringThe recipient email address or domain.
Mimecast.Incident.SearchCriteria.MessageIDStringThe message ID used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.FileHashStringThe file hash used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.StartDateStringThe start date of included messages.
Mimecast.Incident.SearchCriteria.EndDateStringThe end date of included messages.

mimecast-get-remediation-incident#


Returns a Mimecast remediation incident.

Base Command#

mimecast-get-remediation-incident

Input#

Argument NameDescriptionRequired
incident_idThe Mimecast ID for a remediation incident.Required

Context Output#

PathTypeDescription
Mimecast.Incident.IDStringThe secure Mimecast remediation ID.
Mimecast.Incident.CodeStringThe incident code generated at creation.
Mimecast.Incident.TypeStringThe incident type.
Mimecast.Incident.ReasonStringThe reason provided when the remediation incident was created.
Mimecast.Incident.IdentifiedMessagesNumberThe number of messages identified based on the search criteria.
Mimecast.Incident.SuccessfullyRemediatedMessagesNumberThe number of successfully remediated messages.
Mimecast.Incident.FailedRemediatedMessagesNumberThe number of messages that failed to remediate.
Mimecast.Incident.MessagesRestoredNumberThe number of messages that were restored from the incident.
Mimecast.Incident.LastModifiedStringThe date and time that the incident was last modified.
Mimecast.Incident.SearchCriteria.FromStringThe sender email address or domain.
Mimecast.Incident.SearchCriteria.ToStringThe recipient email address or domain.
Mimecast.Incident.SearchCriteria.MessageIDStringThe message ID used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.FileHashStringThe file hash used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.StartDateStringThe start date of included messages.
Mimecast.Incident.SearchCriteria.EndDateStringThe end date of included messages.

mimecast-search-file-hash#


Searches for one or more file hashes in the account. Maximum is 100.

Base Command#

mimecast-search-file-hash

Input#

Argument NameDescriptionRequired
hashes_to_searchList of file hashes to check if they were seen in an account.Required

Context Output#

PathTypeDescription
Mimecast.Hash.HashValueStringThe file hash value.
Mimecast.Hash.DetectedBooleanWhether the hash was found in the account.

mimecast-update-policy#


Updates the specified policy.

Base Command#

mimecast-update-policy

Input#

Argument NameDescriptionRequired
policy_idThe ID of the policy to update.Required
descriptionA new description for the policy.Optional
fromTypeThe sender type by which to block senders in the policy. This argument must match the fromValue argument. For example, if you specify email_domain, the fromValue must be an email domain. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address, free_mail_domains, header_display_name.Optional
toTypeThe blocked receiver type by which to block receivers in the policy. This argument must match the toValue argument. For example, if you specify email_domain, the fromType must be an email domain. Possible values are: everyone, internal_addresses, external_addresses, email_domain, profile_group, individual_email_address.Optional
optionThe block action. Possible values are: no_action, block_sender.Optional
fromValueThe value of the fromType argument. For example, if you specify email_domain for fromType, the fromValue must be an email domain.Optional
toValueThe value of the toType argument. For example, if you specify email_domain for toType, the toValue must be an email domain.Optional
fromPartThe part from where addresses are pulled. Possible values are: envelope_from, header_from, both.Optional

Context Output#

PathTypeDescription
Mimecast.Policy.IDstringPolicy ID.
Mimecast.Policy.Sender.AddressstringBlock sender by email address value.
Mimecast.Policy.Sender.DomainstringBlock sender by domain value.
Mimecast.Policy.Sender.GroupstringBlock sender by group value.
Mimecast.Policy.BidirectionalbooleanWhether the blocked policy is bidirectional.
Mimecast.Policy.Receiver.AddressstringBlock emails to receiver type address.
Mimecast.Policy.Receiver.DomainstringBlock emails to receiver type domain.
Mimecast.Policy.Receiver.GroupstringBlock emails to receiver type group.
Mimecast.Policy.FromdatedateThe policy validation start date.
Mimecast.Policy.TodatedateThe policy expiration date.
Mimecast.Policy.Sender.TypeStringThe sender type.
Mimecast.Policy.Receiver.TypeStringThe receiver type.

mimecast-search-message#


Searches a message

Base Command#

mimecast-search-message

Input#

Argument NameDescriptionRequired
search_reasonReason for tracking the email. Possible values are: .Optional
from_dateAPI start parameter. Datetime format is ISO 8601. Possible values are: .Optional
to_dateAPI end parameter Datetime format ISO 8601. Possible values are: .Optional
message_idThe internet message id of the message to track. Possible values are: .Optional
fromPart of advancedTrackAndTraceOptions object: The sending email address or domain of the messages to track. Possible values are: .Optional
toPart of advancedTrackAndTraceOptions object: The recipient email address or domain of the messages to track. Possible values are: .Optional
subjectPart of advancedTrackAndTraceOptions object: The subject of the messages to track. Possible values are: .Optional
sender_IPPart of advancedTrackAndTraceOptions object: The source IP address of the messages to track. Possible values are: .Optional
routeAn array of routes to filter by. Possible values are internal, outbound and inbound. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.SearchMessage.infoStringInfo regarding the message.
Mimecast.SearchMessage.idStringThe Mimecast ID of the message. Used to load more information about the message.
Mimecast.SearchMessage.statusStringThe status of the message.
Mimecast.SearchMessage.fromEnv.emailAddressStringThe email address of the sender.
Mimecast.SearchMessage.fromHdr.displayableNameStringThe display name of the recipient.
Mimecast.SearchMessage.fromHdr.emailAddressStringThe email address of the recipient.
Mimecast.SearchMessage.to.displayableNameStringThe display name of the recipient.
Mimecast.SearchMessage.to.emailAddressStringThe email address of the recipient.
Mimecast.SearchMessage.receivedDateThe date and time the message was received by Mimecast.
Mimecast.SearchMessage.subjectStringThe subject of the message.
Mimecast.SearchMessage.senderIPStringThe source IP address of the message.
Mimecast.SearchMessage.attachmentsBooleanIf the message has attachments.
Mimecast.SearchMessage.routeStringThe route of the message.
Mimecast.SearchMessage.sentDateThe date and time that the message was sent / processed by Mimecast.
Mimecast.SearchMessage.spamScoreNumberSpam score of the email.
Mimecast.SearchMessage.detectionLevelStringDetection level of the email.

mimecast-get-message-info#


Retrieves detailed information about a specific message.

Base Command#

mimecast-get-message-info

Input#

Argument NameDescriptionRequired
idsThe Mimecast ID of the message to load. This is returned by the /api/message-finder/search endpoint. (mimecast-search-message command). Possible values are: .Required
show_recipient_infoDefault value is true. When argument is true all data from recipientInfo object is presented at command response. Possible values are: true, false. Default is true.Optional
show_delivered_messagedefault value is false .When argument is true all data from deliveredMessage object is presented at command response. Possible values are: true, false. Default is false.Optional
show_retention_infoDefault value is true.When argument is true all data from retentionInfo object is presented at command response. Possible values are: true, false. Default is true.Optional
show_spam_infoDefault value is true.When argument is true all spamInfo block is presented at command response. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.extensionStringComponent extension type.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.hashStringComponent hash.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.mimeTypeStringComponent MIME type.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.nameStringComponent name.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.sizeNumberComponent size.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.components.typeStringComponent type.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.deliveryEventStringDescription of delivery event.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.emailAddressStringEmail address of recipient.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.encryptionInfoStringEncryption type.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.messageExpiresInNumberExpiration time of message.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.processingServerStringProcessing server address.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.receiptAcknowledgementStringRecipient acknowledgement.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.remoteHostStringRemote host address.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.remoteIpStringRemote IP address.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.remoteServerGreetingStringRemote server greeting.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.transmissionEndDateTransmission end date.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.transmissionSizeNumberTransmission size.
Mimecast.MessageInfo.deliveredMessage.deliveryMetaInfo.transmissionStartDateTransmission start date.
Mimecast.MessageInfo.deliveredMessage.messageInfo.fromEnvelopeStringSender mail. (From envelope)
Mimecast.MessageInfo.deliveredMessage.messageInfo.fromHeaderStringSender mail. (From header)
Mimecast.MessageInfo.deliveredMessage.messageInfo.processedDateProcessed time and date.
Mimecast.MessageInfo.deliveredMessage.messageInfo.routeStringMessage route.
Mimecast.MessageInfo.deliveredMessage.messageInfo.sentDateMessage sent time and date.
Mimecast.MessageInfo.deliveredMessage.messageInfo.subjectStringMessage subject.
Mimecast.MessageInfo.deliveredMessage.messageInfo.toStringRecipients info.
Mimecast.MessageInfo.deliveredMessage.messageInfo.transmissionInfoStringTransmission info.
Mimecast.MessageInfo.deliveredMessage.policyInfo.inheritedBooleanWhether policy is inherited.
Mimecast.MessageInfo.deliveredMessage.policyInfo.policyNameStringPolicy name.
Mimecast.MessageInfo.deliveredMessage.policyInfo.policyTypeStringPolicy type.
Mimecast.MessageInfo.idStringMessage ID.
Mimecast.MessageInfo.recipientInfo.messageInfo.binaryEmailSizeNumberEmail size.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.extensionStringComponent extension type.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.hashStringComponent hash.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.mimeTypeStringComponent MIME type.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.nameStringComponent name.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.sizeNumberComponent size.
Mimecast.MessageInfo.recipientInfo.messageInfo.components.typeStringComponent type.
Mimecast.MessageInfo.recipientInfo.messageInfo.encryptionInfoStringEncryption information.
Mimecast.MessageInfo.recipientInfo.messageInfo.fromEnvelopeStringThe routable email address (From envelope).
Mimecast.MessageInfo.recipientInfo.messageInfo.fromHeaderStringThe routable email address (From header).
Mimecast.MessageInfo.recipientInfo.messageInfo.messageExpiresInNumberExpiry time of message.
Mimecast.MessageInfo.recipientInfo.messageInfo.processedDateMessage processed time.
Mimecast.MessageInfo.recipientInfo.messageInfo.processingServerStringMessage processing server.
Mimecast.MessageInfo.recipientInfo.messageInfo.receiptAcknowledgementStringRecipient acknowledgement.
Mimecast.MessageInfo.recipientInfo.messageInfo.receiptEventStringReceipt event name.
Mimecast.MessageInfo.recipientInfo.messageInfo.remoteHostStringRemote host address.
Mimecast.MessageInfo.recipientInfo.messageInfo.remoteIpStringRemote IP address.
Mimecast.MessageInfo.recipientInfo.messageInfo.remoteServerGreetingStringRemote server greeting.
Mimecast.MessageInfo.recipientInfo.messageInfo.sentDateMessage send time and date.
Mimecast.MessageInfo.recipientInfo.messageInfo.spamEventStringSpam event name.
Mimecast.MessageInfo.recipientInfo.messageInfo.subjectStringMessage subject.
Mimecast.MessageInfo.recipientInfo.messageInfo.toStringRecipient info.
Mimecast.MessageInfo.recipientInfo.messageInfo.transmissionEndDateTransmission end date.
Mimecast.MessageInfo.recipientInfo.messageInfo.transmissionInfoStringTransmission info.
Mimecast.MessageInfo.recipientInfo.messageInfo.transmissionSizeNumberTransmission size.
Mimecast.MessageInfo.recipientInfo.messageInfo.transmissionStartDateTransmission start date.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.binaryEmailSizeNumberEmail size
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.extensionStringComponent extension type.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.hashStringComponent hash type.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.mimeTypeStringComponent MIME type.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.nameStringComponent name.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.sizeNumberComponent size.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.components.typeStringComponent type.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.encryptionInfoStringEncryption information.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.messageExpiresInNumberExpiration time of message.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.processingServerStringProcessing server address.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.receiptAcknowledgementStringRecipient acknowledgement.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.receiptEventStringReceipt event name.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.remoteHostStringRemote host address.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.remoteIpStringRemote IP address.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.remoteServerGreetingStringRemote server greeting.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.spamEventStringSpam event name.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.transmissionEndDateTransmission end date.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.transmissionSizeNumberTransmission size.
Mimecast.MessageInfo.recipientInfo.recipientMetaInfo.transmissionStartDateTransmission start date.
Mimecast.MessageInfo.retentionInfo.currentPurgeDateDateCurrent purge date and time.
Mimecast.MessageInfo.retentionInfo.originalPurgeDateDateOriginal purge date and time.
Mimecast.MessageInfo.retentionInfo.purgeBasedOnStringValue that purge is based on.
Mimecast.MessageInfo.retentionInfo.retentionAdjustmentDaysNumberRetention adjustment days.
Mimecast.MessageInfo.spamInfo.detectionLevelStringSpam detection level.
Mimecast.MessageInfo.spamInfo.dkim.allowBooleanIs DomainKeys Identified Mail (DKIM) allowed.
Mimecast.MessageInfo.spamInfo.dkim.infoStringDKIM info.
Mimecast.MessageInfo.spamInfo.dmarc.allowBooleanIs Domain-based Message Authentication, Reporting & Conformance (DMARC) allowed.
Mimecast.MessageInfo.spamInfo.dmarc.infoStringDMARC info.
Mimecast.MessageInfo.spamInfo.greyEmailBooleanIs grey email allowed.
Mimecast.MessageInfo.spamInfo.managedSender.allowBooleanIs Managed Sender allowed.
Mimecast.MessageInfo.spamInfo.managedSender.infoStringManaged Sender info.
Mimecast.MessageInfo.spamInfo.permittedSender.allowBooleanIs Permitted Sender allowed.
Mimecast.MessageInfo.spamInfo.permittedSender.infoStringPermitted Sender info.
Mimecast.MessageInfo.spamInfo.rbl.allowBooleanIs Real-time blackhole list (RBL) allowed.
Mimecast.MessageInfo.spamInfo.rbl.infoStringRBL info.
Mimecast.MessageInfo.spamInfo.spamScoreNumberSpam score.
Mimecast.MessageInfo.spamInfo.spf.allowBooleanIs Sender Policy Framework (SPF) allowed.
Mimecast.MessageInfo.spamInfo.spf.infoStringSPF info.
Mimecast.MessageInfo.statusStringMessage status.

mimecast-list-held-message#


Get information about held messages, including the reason, hold level, sender and recipients

Base Command#

mimecast-list-held-message

Input#

Argument NameDescriptionRequired
adminWhether only results for the currently authenticated user will be returned. Possible values are: true, false. Default is false.Optional
from_dateDatetime format ISO 8601. Possible values are: .Optional
to_dateDatetime format ISO 8601. Possible values are: .Optional
valueFree text to filter results by. Possible values are: .Optional
field_nameMessage fields to filter based on. Possible values are: all, subject, sender, recipient, reason_code.Optional
page_sizeNumber of results per page to display. Possible values are: .Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size. Possible values are: .Optional
limitThe maximum number of results to return. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.HeldMessage.dateReceivedDateThe timestamp of the message transmission.
Mimecast.HeldMessage.from.displayableNameStringThe sender name.
Mimecast.HeldMessage.from.emailAddressStringThe sender email.
Mimecast.HeldMessage.fromHeader.displayableNameStringThe display name of the sender (From header).
Mimecast.HeldMessage.fromHeader.emailAddressStringThe email address of the sender (From header).
Mimecast.HeldMessage.hasAttachmentsBooleanReturns true if the message contains attachments. False indicates no attachments.
Mimecast.HeldMessage.idStringThe Mimecast secure ID for a message.
Mimecast.HeldMessage.policyInfoStringInformation or definition name triggering the message hold action.
Mimecast.HeldMessage.reasonStringThe summary reason for holding the message.
Mimecast.HeldMessage.reasonCodeStringReason code for holding the message.
Mimecast.HeldMessage.reasonIdStringMirrors the reason field, formatted without spaces. However, reasonCode should be used instead.
Mimecast.HeldMessage.routeStringDirection of message being held. Possible values are: INBOUND, OUTBOUND, INTERNAL, EXTERNAL.
Mimecast.HeldMessage.sizeNumberThe size of the message in bytes.
Mimecast.HeldMessage.subjectStringThe message subject.
Mimecast.HeldMessage.to.displayableNameStringThe display name of the recipient.
Mimecast.HeldMessage.to.emailAddressStringThe email address of the recipient.

mimecast-held-message-summary#


Get counts of currently held messages for each hold reason.

Base Command#

mimecast-held-message-summary

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
Mimecast.HeldMessageSummary.numberOfItemsNumberThe number of messages currently held for this reason.
Mimecast.HeldMessageSummary.policyInfoStringThe name of the policy or definition that held a message.

mimecast-reject-held-message#


Reject a currently held message.

Base Command#

mimecast-reject-held-message

Input#

Argument NameDescriptionRequired
idsAn array of Mimecast secure IDs IDs are extracted from the mimecast-list-held-message command. Possible values are: .Required
messageRejection message to be returned to the sender. Possible values are: .Optional
reason_typeUser can choose reason . Possible values are: MESSAGE CONTAINS UNDESIRABLE CONTENT,MESSAGE CONTAINS CONFIDENTIAL INFORMATION,REVIEWER DISAPPROVES OF CONTENT,, INAPPROPRIATE COMMUNICATIONMESSAGE GOES AGAINST EMAIL POLICIES, .Optional
notifyWhether to deliver rejection notificationd. Possible values are: true, false.Optional

Context Output#

There is no context output for this command.

Command example#

!mimecast-reject-emessage ids="1234" message="MESSAGE CONTAINS UNDESIRABLE CONTENT" reason_type="MESSAGE CONTAINS UNDESIRABLE CONTENT" notify="True"

Human Readable Output#

Held messages were rejected successfully

mimecast-release-held-message#


Release a currently held message.

Base Command#

mimecast-release-held-message

Input#

Argument NameDescriptionRequired
idMimecast secure id: ID can be extracted from following command : mimecast-list-held-message. Possible values are: .Required

Context Output#

There is no context output for this command.

Command example#

!mimecast-release-held-message id="1234-test""

Human Readable Output#

Held message with id 1234_test was released successfully

mimecast-search-processing-message#


Return messages currently being processed by Mimecast. Note that most of the time, no results are returned.

Base Command#

mimecast-search-processing-message

Input#

Argument NameDescriptionRequired
sort_orderThe method used to sort the messages. Possible values are: asc, desc.Optional
from_dateDatetime format ISO 8601. Possible values are: .Optional
to_dateDatetime format ISO 8601. Possible values are: .Optional
valueThe search value to be used. Possible values are: .Optional
field_nameThe field to be searched. Possible values are: ALL, fromAddress, toAddress, subject, info, remoteIp.Optional
attachmentsWhether there is an attachment in the message. Possible values are: .Optional
routeThe message route. Possible values are: all, internal, outbound, inbound, external.Optional
page_sizeNumber of results per page to display. Possible values are: .Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size. Possible values are: .Optional
limitThe maximum number of results to return. Possible values are: .Optional

Context Output#

PathTypeDescription
Mimecast.ProcessingMessage.messages.idStringThe Mimecast secure ID of the message.
Mimecast.ProcessingMessage.messages.fromEnv.emailAddressStringThe routable email address (From evelope).
Mimecast.ProcessingMessage.messages.fromHeader.emailAddressStringThe routable email address (From header).
Mimecast.ProcessingMessage.messages.to.emailAddressStringThe routable email address.
Mimecast.ProcessingMessage.messages.subjectStringThe message subject.
Mimecast.ProcessingMessage.messages.attachmentBooleanThe presence of an attachment in the message.
Mimecast.ProcessingMessage.messages.routingStringThe directional route of the message. Possible values are internal, outbound, inbound or external.
Mimecast.ProcessingMessage.messages.sizeNumberThe size of the message in bytes.
Mimecast.ProcessingMessage.messages.remoteIpStringThe connecting IP address.
Mimecast.ProcessingMessage.messages.attemptsNumberThe number of processing attempts of the message.
Mimecast.ProcessingMessage.messages.nextAttemptDateThe date of the next process attempt for the message.
Mimecast.ProcessingMessage.messages.createdDateThe date of the processing request creation.
Mimecast.ProcessingMessage.messages.infoStringCurrent processing status of the message.
Mimecast.ProcessingMessage.messages.priorityStringMessage proirity.

mimecast-list-email-queues#


Get the count of the inbound and outbound email queues at specified times.

Base Command#

mimecast-list-email-queues

Input#

Argument NameDescriptionRequired
from_dateDatetime format ISO 8601. Possible values are: .Required
to_dateDatetime format ISO 8601. Possible values are: .Required

Context Output#

PathTypeDescription
Mimecast.EmailQueue.inboundEmailQueue.countNumberThe number of inbound messages currently queued.
Mimecast.EmailQueue.inboundEmailQueue.dateDateThe date for the displayed number of messages.
Mimecast.EmailQueue.outboundEmailQueue.countNumberThe number of outbound messages currently queued.
Mimecast.EmailQueue.outboundEmailQueue.dateDateThe date for the displayed number of messages.

Command example#

!mimecast-list-email-queues from_date="2015-11-16T14:49:18+0000" to_date="2022-11-16T14:49:18+0000"

Context Example#

{
"Mimecast": {
"EmailQueue": [
{
"inboundEmailQueue": [
{
"count": 2,
"date": "2022-07-19T08:10:00+0000"
},
{
"count": 4,
"date": "2022-07-19T08:20:00+0000"
},
{
"count": 4,
"date": "2022-07-19T08:30:00+0000"
},
{
"count": 4,
"date": "2022-07-19T08:40:00+0000"
}
]
}
]
}
}

Human Readable Output#

Inbound Email Queue#

Inbound Email Queue CountInbound Email Queue Date
22022-07-19T08:10:00+0000
42022-07-19T08:20:00+0000
42022-07-19T08:30:00+0000
42022-07-19T08:40:00+0000