How to - Configure Mimecast Secure Email Gateway - EventTracker v9.2 and later Publication Date: February 18, 2021 - Netsurion
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
How to- Configure Mimecast Secure Email Gateway EventTracker v9.2 and later Publication Date: February 18, 2021
How to - Configure Mimecast Secure Email
Gateway
Abstract
This guide provides instructions to retrieve the Mimecast events via REST API and configure log reports,
dashboards, alerts and saved searches in EventTracker.
Scope
The configuration details in this guide are consistent with EventTracker version 9.2 or above and Mimecast.
Audience
Administrators who are assigned the task to monitor Mimecast events using EventTracker.
The information contained in this document represents the current view of Netsurion on the issues
discussed as of the date of publication. Because Netsurion must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Netsurion, and Netsurion
cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS OR
IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright Zyxel firewall is the responsibility of the user. Without
limiting the rights under copyright, this paper may be freely distributed without permission from
Netsurion, if its content is unaltered, nothing is added to the content and credit to Netsurion is
provided.
Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Netsurion, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The example companies, organizations, products, people and events depicted herein are fictitious.
No association with any real company, organization, product, person or event is intended or should
be inferred.
© 2021 Netsurion. All rights reserved. The names of actual companies and products mentioned
herein may be the trademarks of their respective owners.
1
How to - Configure Mimecast Secure Email
Gateway
Table of Contents
1. Overview........................................................................................................................................................ 3
2. Prerequisites .................................................................................................................................................. 3
3. Configure logging in Mimecast Secure Email Gateway ................................................................................. 3
3.1 Enable logging for your account ............................................................................................................. 3
3.2 Get authentication token ....................................................................................................................... 4
3.2.1 Creating an API Key in Mimecast .................................................................................................... 4
3.2.2 Creating User Association Keys ....................................................................................................... 6
3.2.3 Creating Python Script ..................................................................................................................... 7
3.3 Scheduling a Windows task .................................................................................................................... 7
2
How to - Configure Mimecast Secure Email
Gateway
1. Overview
Mimecast Secure Email Gateway is a cloud-based email management software. It helps stop email borne
threats from attacking the networks and keeps sophisticated attackers out. It protects organizations, and
employees from spear-phishing, and provides anti-malware protection, anti-spam protection and zero-
hour protection with multiple detection engines and intelligence feeds.
Mimecast Secure Email Gateway sends events to EventTracker by using API. Mimecast sends security
events like email inbound and outbound events, malicious activities events, etc. EventTracker generates
detailed reports like virus signature detected, rejected emails, and email traffic. It shows graphical
representation of malicious file names, email ids of sender and recipients, rejected unknown sender
emails, etc. It will generate alerts on detecting malicious files and URL, virus signature, username name
impersonation, and quarantined email.
2. Prerequisites
• EventTracker should installed.
• Mimecast Secure Email Gateway latest version installed.
• Python 3.0 and above installed.
3. Configure logging in Mimecast Secure Email Gateway
3.1 Enable logging for your account
1. Log into the Mimecast Administration Console and navigate to the Administration -> Account ->
Account Settings, the Account Settings page opens.
2. Select the Enhanced Logging section.
3. Select the types of logs you want to enable.
a. Inbound - Logs for messages from external senders to internal recipients.
b. Outbound - Logs for messages from internal senders to external recipients.
c. Internal - Logs for messages between internal domains.
4. Select Save to apply the changes.
The Mimecast MTA starts logging data and logs and are available for download up to 30 minutes.
3
How to - Configure Mimecast Secure Email
Gateway
3.2 Get authentication token
3.2.1 Creating an API Key in Mimecast
1. Go to Administration > Services API > Applications.
Figure 1
2. Create a new API application.
Figure 2
3. Provide the following information:
a. Application name
b. Category
c. Enable service application
d. Description
4
How to - Configure Mimecast Secure Email
Gateway
Figure 3
4. Provide developer name and email address.
Note: It is advised to provide any service account.
Figure 4
5. Click Next. Review the Summary page to ensure all details are correct.
6. Click Add. The application details display in slide panel.
Note: A confirmation displays with the Application Name, the Application ID, and Application Key. These
keys identify the application added.
5How to - Configure Mimecast Secure Email
Gateway
Figure 5
7. Save the Application ID and Application Key for later use.
Note: Wait for 30 minutes before creating an API access and secret key.
3.2.2 Creating User Association Keys
After creating the application, create its user associated keys.
1. Click on the API Application from the application list.
2. Click on the Create Keys button. A Create Keys wizard opens with the Account tab selected.
Field / Option Description
Email Address Displays the service account email specified in the Account tab.
Type Select the service account's password type (e.g. domain or cloud).
Password Enter the service account's password.
Figure 6
6How to - Configure Mimecast Secure Email
Gateway
3. Click Next. The Verification tab displays, and a verification code is sent by SMS.
4. Click Next. The Keys tab displays with the generated keys hidden by default.
a. Click on the icon to display a key.
b. Click on the icon to copy the key to the clipboard.
5. Copy and save the accessKey and secretKey values for later use.
3.2.3 Creating Python Script
1. Download the python script from Mimecast and save it with a .py extension.
2. Open the python script in a python editor such as IDLE.
3. Edit the #Set up variables section.
Note: Ensure the user running this script has permission to write to the folder.
The highlighted fields are required with adequate credentials as shown below:
o APP_ID = "YOUR DEVELOPER APPLICATION ID"
o APP_KEY = "YOUR DEVELOPER APPLICATION KEY"
o EMAIL_ADDRESS = 'EMAIL ADDRESS OF YOUR ADMINISTRATOR'
o ACCESS_KEY = 'ACCESS KEY FOR YOUR ADMINISTRATOR'
o SECRET_KEY = 'SECRET KEY FOR YOUR ADMINISTRATOR'
o LOG_FILE_PATH = "FULLY QUALIFIED PATH TO FOLDER TO WRITE LOGS"
o CHK_POINT_DIR = 'FULLY QUALIFIED PATH TO FOLDER TO WRITE PAGE TOKEN'
o Syslog_Server = ‘EventTracker Manager IP Address’
o Syslog_port = 514
4. Save and run the file.
The script is ready to connect to Mimecast API.
3.3 Scheduling a Windows task
1. Use the Search option to search for Schedule and choose Task Scheduler.
7How to - Configure Mimecast Secure Email
Gateway
Figure 7
2. Click the Create Task link, to open the wizard bearing the same name.
Figure 8
3. In the Create Task wizard General tab provides,
a. Name to the task such as, Mimecast API.
b. Description of the task.
c. Click on the Change User or Group button, to change the user account to SYSTEM.
d. Select Run with highest privileges checkbox.
8How to - Configure Mimecast Secure Email
Gateway
Figure 9
4. Click the Trigger tab and click New.
Figure 10
9How to - Configure Mimecast Secure Email
Gateway
5. Configure settings based on the following image and click OK.
Figure 11
6. Click the Actions tab and click New.
Figure 12
10How to - Configure Mimecast Secure Email
Gateway
7. In the Program/Script field, browse the Python Executable File.
e.g. C:\Users\akash.g\AppData\Local\Programs\Python\Python38-32\python.exe.
In the Add arguments (optional) box, add the python file name.
e.g. Mimecast.py
In the Start in (optional) box, add the python file location.
e.g. D:\NetS_Projects\Products\Mimecast\Integration\Integrator.
Figure 13
Alternatively, create a batch script and place it in the Program/script:
a. Open a notepad and type the configurations as below:
Path where your Python exe is stored\python.exe" "Path where your Python script is stored\script name.py
e.g.
b. Save file as MimecastPython.bat.
c. In the Action tab in task scheduler, provide the batch file path.
11How to - Configure Mimecast Secure Email
Gateway
e.g. D:\NetS_Projects\Products\Mimecast\Integration\Integrator\MimecastPython.bat.
8. Click OK.
Figure 14
9. Click the Settings tab ensure configuration matches the below image.
Figure 15
10. Click OK.
12You can also read
