Mimecast v2

Mimecast unified email management offers cloud email services for email security, continuity and archiving emails. Please read detailed instructions in order to understand how to set the integration's parameters.

Use Cases

  • Mimecast account administration.

Detailed Description

  • 1. In order to refresh token / discover auth types of the account / create new access & secret keys, you are required to provide: App ID, Account email address & password. These parameters support the following integration commands: mimecast-login -> fetches new access key & secret key mimecast-discover -> lists supported auth types of user mimecast-refresh-token -> refreshes the validity duration of access key & secret key (3 days)
  • 2. In order to use the rest of the commands, you are required to provide: App ID, App Key, Access Key & Secret Key.
  • 3. Fetch Incidents - the integration has the ability to fetch 3 types of incidents: url, attachment & impersonation. In order to activate them first tick "fetch incidents" box, then tick the relevant boxes for each fetch type you want.

Fetch Incidents

Populate this section with Fetch incidents data

Configure MimecastV2 on Demisto

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for MimecastV2.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance.
    • BaseUrl - API url including region, For example https://eu-api.mimecast.com
    • App ID
    • User Email Address (Use for auto token refresh)
    • Password
    • App key
    • AccessKey
    • SecretKey
    • Trust any certificate (not secure)
    • Use system proxy settings
    • Fetch incidents
    • Fetch URL incidents
    • Fetch attachment incidents
    • Fetch impersonation incidents
    • Incident type
    • Hours before first fetch to retrieve incidents
  4. Click Test to validate the new instance.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Query mimecast emails: mimecast-query
  2. List all existing mimecast blocked sender policies: mimecast-list-blocked-sender-policies
  3. Get a blocked sender policy by ID: mimecast-get-policy
  4. Create a Blocked Sender Policy: mimecast-create-policy
  5. Delete a Blocked Sender Policy: mimecast-delete-policy
  6. Permit or block a specific sender: mimecast-manage-sender
  7. Get a list of all managed URLs: mimecast-list-managed-url
  8. Create a managed URL on Mimecast: mimecast-create-managed-url
  9. Get a list of messages for a given user: mimecast-list-messages
  10. Returns Attachment Protect logs for a Mimecast customer account: mimecast-get-attachment-logs
  11. Returns URL protect logs for a Mimecast customer account: mimecast-get-url-logs
  12. Returns Impersonation Protect logs for a Mimecast customer account: mimecast-get-impersonation-logs
  13. Decodes a given url from mimecast: mimecast-url-decode
  14. discover authentication types that are supported for your account and which base URL to use for the requesting user: mimecast-discover
  15. Refresh access key validity: mimecast-refresh-token
  16. Login to generate Access Key and Secret Key: mimecast-login
  17. Get the contents or metadata of a given message: mimecast-get-message
  18. Download attachments from a specified message: mimecast-download-attachments
  19. Returns the list of groups according to the specified query: mimecast-find-groups
  20. Returns the members list for the specified group: mimecast-get-group-members
  21. Adds a user to a group. The email_address and domain_adddress arguments are optional, but one of them must be supplied: mimecast-add-group-member
  22. Removes a user from a group. The email_address and domain_adddress arguments are optional, but one of them must be supplied: mimecast-remove-group-member
  23. Creates a new Mimecast group: mimecast-create-group
  24. Updates an existing Mimecast group: mimecast-update-group
  25. Creates a new Mimecast remediation incident: mimecast-create-remediation-incident
  26. Returns a Mimecast remediation incident: mimecast-get-remediation-incident
  27. Searches for one or more file hashes in the account. Maximum is 100: mimecast-search-file-hash
  28. Update a Blocked Sender Policy: mimecast-update-policy

1. mimecast-query


Query mimecast emails

Base Command

mimecast-query

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Archive/Search/Read.
  • or Mimecast user with delegate permissions to address or user.
Input
Argument Name Description Required
queryXml The query string xml for the search using Mimecast Unified Search Experience (MUSE) - read more on https://community.mimecast.com/docs/DOC-2262, using this will override other query arguments Optional
text Search for this text in messages Optional
dryRun Will not execute the query, but just return the query string built Optional
date Search in specific dates only (default is all mails fomr) Optional
dateFrom Search emails from date, format YYYY-MM-DDTHH:MM:SZ (e.g. 2015-09-21T23:00:00Z) Optional
dateTo Search emails to date, format YYYY-MM-DDTHH:MM:SZ (e.g. 2015-09-21T23:00:00Z) Optional
sentTo Filter on messages to a specific address Optional
sentFrom Filter on messages from a specific address Optional
subject Search email by subject, will override the text argument Optional
attachmentType These are the attachment types available: optional - messages with and without attachments any - messages with any attachment documents - messages with doc, dot, docx, docm, dotx, dotm, pdf, rtf, html attachments spreadsheets - messages with xls, xlt, xlsx, xlsm, xltx, xltm, xlsb, xlam, csv attachments presentations - messages with ppt, pptx, pptm, potx, potm, ppam, ppsx, ppsm, sldx, sldm, thms, pps attachments text - messages with txt, text, html, log attachments images - messages with jpg, jpeg, png, bmp, gif, psd, tif, tiff attachments media - messages with mp3, mp4, m4a, mpg, mpeg, avi, wav, aac, wma, mov attachments zips - messages with zip, rar, cab, gz, gzip, 7z attachments none - No attachments are to be present in the results Optional
attachmentText Search for text in attachments Optional
body Search email by text in body, will override the text and subject arguments Optional
pageSize Sets the number of results to return per page (default 25) Optional
startRow Sets the result to start returning results (default 0) Optional
active Defines if the search should query recently received messages that are not fully processed yet (default false). You can search by mailbox and date time across active messages Optional

Context Output
Path Type Description
Mimecast.Message.ID string Message ID
Mimecast.Message.Subject string Message subject
Mimecast.Message.Sender string Message sender address
Mimecast.Message.Recipient string Message recipient address
Mimecast.Message.RecievedDate date Message received date
Mimecast.Message.Size number The size of the message in bytes
Mimecast.Message.AttachmentCount number Message attachments count
Mimecast.Message.Status string Message status

Command Example

!mimecast-query

Human Readable Output

2. mimecast-list-blocked-sender-policies


List all existing mimecast blocked sender policies

Base Command

mimecast-list-blocked-sender-policies

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Gateway/Policies/Read.
Input
There are no input arguments for this command.

Context Output
Path Type Description
Mimecast.Policy.ID string Policy ID
Mimecast.Policy.Sender.Address string Block Sender by email address
Mimecast.Policy.Sender.Domain string Block Sender by domain
Mimecast.Policy.Sender.Group string Block Sender by group
Mimecast.Policy.Bidirectional boolean Blocked policy is Bidirectional or not
Mimecast.Policy.Receiver.Address string Block emails to Receiver type address
Mimecast.Policy.Receiver.Domain string Block emails to Receiver type domain
Mimecast.Policy.Receiver.Group string Block emails to Receiver type group
Mimecast.Policy.FromDate date Policy validation start date
Mimecast.Policy.ToDate date Policy expiration date
Mimecast.Policy.Sender.Type string Block emails to Sender type
Mimecast.Policy.Receiver.Type string Block emails to Receiver type

Command Example

!mimecast-list-blocked-sender-policies

Human Readable Output

3. mimecast-get-policy


Get a blocked sender policy by ID

Base Command

mimecast-get-policy

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Gateway/Policies/Read.
Input
Argument Name Description Required
policyID Filter by policy ID Required

Context Output
Path Type Description
Mimecast.Policy.ID string Policy ID
Mimecast.Policy.Sender.Address string Block Sender by email address
Mimecast.Policy.Sender.Domain string Block Sender by domain
Mimecast.Policy.Sender.Group string Block Sender by group
Mimecast.Policy.Bidirectional boolean Blocked policy is Bidirectional or not
Mimecast.Policy.Receiver.Address string Block emails to Receiver type address
Mimecast.Policy.Receiver.Domain string Block emails to Receiver type domain
Mimecast.Policy.Receiver.Group string Block emails to Receiver type group
Mimecast.Policy.Fromdate date Policy validation start date
Mimecast.Policy.Todate date Policy expiration date

Command Example

!mimecast-get-policy policyID=XXXX

Human Readable Output

4. mimecast-create-policy


Create a Blocked Sender Policy

Base Command

mimecast-create-policy

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Gateway/Policies/Edit.
Input
Argument Name Description Required
description Policy description Required
fromPart Addresses based on Optional
fromType Blocked Sender type Required
fromValue Required if fromType is one of email domain, profile group, individual email address. Expected values: If fromType is email_domain, a domain name without the @ symbol. If fromType is profile_group, the ID of the profile group. If fromType is individual_email_address, an email address. Optional
toType Receiver type Required
toValue Required if fromType is one of email domain, profile group, individual email address. Expected values: If toType is email_domain, a domain name without the @ symbol. If toType is profile_group, the ID of the profile group. If toType is individual_email_address, an email address. Optional
option The block option, must be one of: no_action, block_sender. Required

Context Output
Path Type Description
Mimecast.Policy.ID string Policy ID
Mimecast.Policy.Sender.Address string Block Sender by email address
Mimecast.Policy.Sender.Domain string Block Sender by domain
Mimecast.Policy.Sender.Group string Block Sender by group
Mimecast.Policy.Bidirectional boolean Blocked policy is Bidirectional or not
Mimecast.Policy.Receiver.Address string Block emails to Receiver type address
Mimecast.Policy.Receiver.Domain string Block emails to Receiver type domain
Mimecast.Policy.Receiver.Group string Block emails to Receiver type group
Mimecast.Policy.Fromdate date Policy validation start date
Mimecast.Policy.Todate date Policy expiration date

Command Example

!mimecast-create-policy fromType=email_domain description="Description for group" option=block_sender toType=address_attribute_value

Human Readable Output

5. mimecast-delete-policy


Delete a Blocked Sender Policy

Base Command

mimecast-delete-policy

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Gateway/Policies/Edit.
Input
Argument Name Description Required
policyID Policy ID Required

Context Output
Path Type Description
Mimecast.Policy.ID string Policy ID

Command Example

!mimecast-delete-policy policyID=XXXX

Human Readable Output

6. mimecast-manage-sender


Permit or block a specific sender

Base Command

mimecast-manage-sender

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Gateway/Managed Senders/Edit.
Input
Argument Name Description Required
sender The email address of sender to permit or block Required
recipient The email address of recipient to permit or block Required
action Choose to either "permit" (to bypass spam checks) or "block" (to reject the email) Required

Context Output
Path Type Description
Mimecast.Managed.Sender string The email address of the sender
Mimecast.Managed.Recipient string The email address of the recipient
Mimecast.Managed.Action string Chosen action
Mimecast.Managed.ID string The Mimecast secure ID of the managed sender object.

Command Example

!mimecast-manage-sender action=block recipient=recipient@demisto.com sender=sender@demisto.com

Human Readable Output

7. mimecast-list-managed-url


Get a list of all managed URLs

Base Command

mimecast-list-managed-url

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Services/ Targeted Threat Protection - URL Protect /Edit.
Input
Argument Name Description Required
url Filter results by specific URL Optional

Context Output
Path Type Description
Mimecast.URL.Domain string The managed domain
Mimecast.URL.Disablelogclick boolean If logging of user clicks on the URL is disabled
Mimecast.URL.Action string Either block of permit
Mimecast.URL.Path string The path of the managed URL
Mimecast.URL.matchType string Either explicit - applies to the full URL or domain - applies to all URL values in the domain
Mimecast.URL.ID string The Mimecast secure ID of the managed URL
Mimecast.URL.disableRewrite boolean If rewriting of this URL in emails is disabled

Command Example

!mimecast-list-managed-url

Human Readable Output

8. mimecast-create-managed-url


Create a managed URL on Mimecast

Base Command

mimecast-create-managed-url

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Services/ Targeted Threat Protection - URL Protect /Edit.
Input
Argument Name Description Required
url The URL to block or permit. Do not include a fragment (#). Required
action Set to "block" to blacklist the URL, "permit" to whitelist it Required
matchType Set to "explicit" to block or permit only instances of the full URL. Set to "domain" to block or permit any URL with the same domain Optional
disableRewrite Disable rewriting of this URL in emails. Applies only if action = "permit". Default false Optional
comment Add a comment about the managed URL Optional
disableUserAwareness Disable User Awareness challenges for this URL. Applies only if action = "permit". Default false Optional
disableLogClick Disable logging of user clicks on the URL. Default is false Optional

Context Output
Path Type Description
Mimecast.URL.Domain string The managed domain
Mimecast.URL.Action string Either block of permit
Mimecast.URL.disableLogClick string If logging of user clicks on the URL is disabled
Mimecast.URL.matchType string Either explicit - applies to the full URL or domain - applies to all URL values in the domain
Mimecast.URL.ID string The Mimecast secure ID of the managed URL
Mimecast.URL.disableRewrite boolean If rewriting of this URL in emails is disabled

Command Example

!mimecast-create-managed-url action=block url="www.not-demisto.com"

Human Readable Output

9. mimecast-list-messages


Get a list of messages for a given user

Base Command

mimecast-list-messages

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Archive/Search/Read.
  • or Mimecast user with delegate permissions to address or user.
Input
Argument Name Description Required
mailbox The email address to return the message list for Optional
startTime The start date of messages to return, in the following format, 2015-11-16T14:49:18+0000. Default is the last calendar month Optional
endTime The end date of messages to return, in the following format, 2015-11-16T14:49:18+0000. Default is the end of the current day Optional
view The message list type, must be one of: inbox or sent, default is inbox Optional
subject Filter by message subject Optional

Context Output
Path Type Description
Mimecast.Message.Subject string Message Subject
Mimecast.Message.ID string Message ID
Mimecast.Message.Size number The size of the message in bytes
Mimecast.Message.RecievedDate date The date the message was received
Mimecast.Message.From string The mail Sender
Mimecast.Message.AttachmentCount string The number of attachments on the message

Command Example

!mimecast-list-messages

Human Readable Output

10. mimecast-get-attachment-logs


Returns Attachment Protect logs for a Mimecast customer account

Base Command

mimecast-get-attachment-logs

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Monitoring/Attachment Protection/Read.
Input
Argument Name Description Required
resultsNumber The number of results to request. Default is all Optional
fromDate Start date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is the start of the current day Optional
toDate End date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is time of request Optional
resultType Filters logs by scan result, default is malicious Optional
limit The maximum number of results to return. Optional

Context Output
Path Type Description
Mimecast.AttachmentLog.Result string The result of the attachment analysis: clean, malicious, unknown, or timeout
Mimecast.AttachmentLog.Date date The time at which the attachment was released from the sandbox
Mimecast.AttachmentLog.Sender string The sender of the attachment
Mimecast.AttachmentLog.FileName string The file name of the original attachment
Mimecast.AttachmentLog.Action string The action triggered for the attachment
Mimecast.AttachmentLog.Recipient string The address of the user that received the attachment
Mimecast.AttachmentLog.FileType string The file type of the attachment
Mimecast.AttachmentLog.Route string The route of the original email containing the attachment, either: inbound, outbound, internal, or external

Command Example

!mimecast-get-attachment-logs

Human Readable Output

11. mimecast-get-url-logs


Returns URL protect logs for a Mimecast customer account

Base Command

mimecast-get-url-logs

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Monitoring/URL Protection/Read.
Input
Argument Name Description Required
resultsNumber The number of results to request. Default is all Optional
fromDate Start date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is the start of the current day Optional
toDate End date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is time of request Optional
resultType Filters logs by scan result, default is all Optional
limit The maximum number of results to return. Optional

Context Output
Path Type Description
Mimecast.UrlLog.Category string The category of the URL clicked
Mimecast.UrlLog.UserAddress string The email address of the user who clicked the link
Mimecast.UrlLog.URL string The url clicked
Mimecast.UrlLog.Awareness string The action taken by the user if user awareness was applied
Mimecast.UrlLog.AdminOverride string The action defined by the administrator for the URL
Mimecast.UrlLog.Date date The date that the URL was clicked
Mimecast.UrlLog.Result string The result of the URL scan
Mimecast.UrlLog.Action string The action that was taken for the click
Mimecast.UrlLog.Route string The route of the original email containing the attachment, either: inbound, outbound, internal, or external
Mimecast.UrlLog. userOverride string The action requested by the user.

Command Example

!mimecast-get-url-logs

Human Readable Output

12. mimecast-get-impersonation-logs


Returns Impersonation Protect logs for a Mimecast customer account

Base Command

mimecast-get-impersonation-logs

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Monitoring/Impersonation Protection/Read.
Input
Argument Name Description Required
resultsNumber The number of results to request. Default is all Optional
taggedMalicious Filters for messages tagged malicious (true) or not tagged malicious (false). Omit for no tag filtering. default is true Optional
searchField The field to search,Defaults to all (meaning all of the preceding fields) Optional
query Required if searchField exists. A character string to search for in the logs. Optional
identifiers Filters logs by identifiers, can include any of newly_observed_domain, internal_user_name, repy_address_mismatch, and targeted_threat_dictionary. you can choose more then one identifier separated by comma. Optional
fromDate Start date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is the start of the current day Optional
toDate End date of logs to return in the following format 2015-11-16T14:49:18+0000. Default is time of request Optional
actions Filters logs by action, you can choose more then one action separated by comma. Optional
limit The maximum number of results to return. Optional

Context Output
Path Type Description
Mimecast.Impersonation.ResultCount number The total number of IMPERSONATION log lines found for the request
Mimecast.Impersonation.Hits number The number of identifiers that the message triggered
Mimecast.Impersonation.Malicious boolean Whether the message was tagged as malicious
Mimecast.Impersonation.SenderIP string The source IP address of the message
Mimecast.Impersonation.SenderAddress string The email address of the sender of the message
Mimecast.Impersonation.Subject string The subject of the email
Mimecast.Impersonation.Identifiers string The properties of the message that triggered the action: similar_internal_domain, newly_observed_domain, internal_user_name, reply_address_mismatch, and/or targeted_threat_dictionary
Mimecast.Impersonation.Date date The time at which the log was recorded
Mimecast.Impersonation.Action string The action triggered by the email
Mimecast.Impersonation.Policy string The name of the policy definition that triggered the log
Mimecast.Impersonation.ID string Impersonation Log ID
Mimecast.Impersonation.RecipientAddress string The email address of the recipient of the email
Mimecast.Impersonation.External boolean Whether the message was tagged as coming from an external address

Command Example

!mimecast-get-impersonation-logs

Human Readable Output

13. mimecast-url-decode


Decodes a given url from mimecast

Base Command

mimecast-url-decode

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Account/Dashboard/Read.
Input
Argument Name Description Required
url URL to decode Required

Context Output
Path Type Description
URL.Data string The encoded url to parse
URL.Mimecast.DecodedURL string Parsed url

Command Example

!mimecast-url-decode url=XXXX

Human Readable Output

14. mimecast-discover


discover authentication types that are supported for your account and which base URL to use for the requesting user.

Base Command

mimecast-discover

Input
There are no input arguments for this command.

Context Output
Path Type Description
Mimecast.Authentication.AuthenticationTypes string List of authentication types available to the user
Mimecast.Authentication.EmailAddress string Email address of the request sender
Mimecast.Authentication.EmailToken string Email token of the request sender

Command Example

!mimecast-discover

Human Readable Output

15. mimecast-refresh-token


Refresh access key validity

Base Command

mimecast-refresh-token

Input
There are no input arguments for this command.

Context Output
There are no context output for this command.

Command Example

!mimecast-refresh-token

Human Readable Output

16. mimecast-login


Login to generate Access Key and Secret Key

Base Command

mimecast-login

Input
There are no input arguments for this command.

Context Output
There are no context output for this command.

Command Example

!mimecast-login

Human Readable Output

17. mimecast-get-message


Get the contents or metadata of a given message

Base Command

mimecast-get-message

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Archive/Search Content View.
  • or Mimecast user with delegate permissions to address or user.
Input
Argument Name Description Required
messageID Message ID Required
context Defines which copy of the message part to return, must be one of: "delievered" the copy that has been processed by the Mimecast MTA with policies such as URL rewriting applied, OR "received" - the copy of the message that Mimecast originally received. (Only relevant for part argument = message or all) Required
type The message type to return. (Only relevant for part argument = message or all) Optional
part Define what message part to return - download message, get metadata or both. Optional

Context Output
Path Type Description
Mimecast.Message.ID string Message ID
Mimecast.Message.Subject string The message subject.
Mimecast.Message.HeaderDate date The date of the message as defined in the message headers.
Mimecast.Message.Size number The message size.
Mimecast.Message.From string Sender of the message as defined in the message header.
Mimecast.Message.To.EmailAddress string Recipient of the message.
Mimecast.Message.ReplyTo string The value of the Reply-To header.
Mimecast.Message.CC.EmailAddress string Each CC recipient of the message.
Mimecast.Message.EnvelopeFrom string Sender of the message as defined in the message envelope.
Mimecast.Message.Headers.Name string Header's name.
Mimecast.Message.Headers.Values string Header's value.
Mimecast.Message.Attachments.FileName string Message attachment's file name.
Mimecast.Message.Attachments.SHA256 string Message attachment's SHA256.
Mimecast.Message.Attachments.ID string Message attachment's ID.
Mimecast.Message.Attachments.Size number Message attachment's file size.
Mimecast.Message.Processed date The date the message was processed by Mimecast in ISO 8601 format.
Mimecast.Message.HasHtmlBody boolean If the message has an HTML body part.
File.Size number File Size
File.SHA1 string SHA1 hash of the file
File.SHA256 string SHA256 hash of the file
File.Name string The sample name
File.SSDeep string SSDeep hash of the file
File.EntryID string War-Room Entry ID of the file
File.Info string Basic information of the file
File.Type string File type e.g. "PE"
File.MD5 string MD5 hash of the file

Command Example

!mimecast-get-message context=DELIVERED messageID=XXXX

Human Readable Output

18. mimecast-download-attachments


Download attachments from a specified message

Base Command

mimecast-download-attachments

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Archive/Search Content View.
  • or Mimecast user with delegate permissions to address or user.
Input
Argument Name Description Required
attachmentID The Mimecast ID of the message attachment to return. (Can be retrieved from mimecast-get-message) Required

Context Output
Path Type Description
File.Size number File Size
File.SHA1 string SHA1 hash of the file
File.SHA256 string SHA256 hash of the file
File.Name string The sample name
File.SSDeep string SSDeep hash of the file
File.EntryID string War-Room Entry ID of the file
File.Info string Basic information of the file
File.Type string File type e.g. "PE"
File.MD5 string MD5 hash of the file

Command Example

!mimecast-download-attachments attachmentID=XXXX

Human Readable Output

19. mimecast-find-groups


Returns the list of groups according to the specified query.

Base Command

mimecast-find-groups

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Directories/Groups/Edit.
Input
Argument Name Description Required
query_string The string to query. Optional
query_source The group source by which to filter. Can be "cloud" or "ldap". Optional
limit The maximum number of results to return. Optional

Context Output
Path Type Description
Mimecast.Group.Name String The name of the group.
Mimecast.Group.Source String The source of the group.
Mimecast.Group.ID String The Mimecast ID of the group.
Mimecast.Group.NumberOfUsers Number The number of members in the group.
Mimecast.Group.ParentID String The Mimecast ID of the group's parent.
Mimecast.Group.NumberOfChildGroups Number The number of child groups.

Command Example

!mimecast-find-groups

Human Readable Output

20. mimecast-get-group-members


Returns the members list for the specified group.

Base Command

mimecast-get-group-members

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Directories/Groups/Read.
Input
Argument Name Description Required
group_id The Mimecast ID of the group to return. Required
limit The maximum number of results to return. Optional

Context Output
Path Type Description
Mimecast.Group.Users.Name String The user's display name.
Mimecast.Group.Users.EmailAddress String The user's email address.
Mimecast.Group.Users.Domain String The domain name of the user's email address.
Mimecast.Group.Users.Type String The user type.
Mimecast.Group.Users.InternalUser Boolean Whether the user is internal.
Mimecast.Group.Users.IsRemoved Boolean Whether the user is part of the group.

Command Example

!mimecast-get-group-members group_id=XXXX

Human Readable Output

21. mimecast-add-group-member


Adds a user to a group. The email_address and domain_adddress arguments are optional, but one of them must be supplied.

Base Command

mimecast-add-group-member

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Directories/Groups/Edit.
Input
Argument Name Description Required
group_id The Mimecast ID of the group to add the user to. Required
email_address The email address of the user to add to a group. Optional
domain_address A domain to add to a group. Optional

Context Output
Path Type Description
Mimecast.Group.Users.EmailAddress String The user's email address.
Mimecast.Group.Users.IsRemoved Boolean Whether the user is part of the group.

Command Example

!mimecast-add-group-member group_id=XXXX domain_address=YYYY

Human Readable Output

22. mimecast-remove-group-member


Removes a user from a group. The email_address and domain_adddress arguments are optional, but one of them must be supplied.

Base Command

mimecast-remove-group-member

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Directories/Groups/Edit.
Input
Argument Name Description Required
group_id The Mimecast ID of the group from which to remove the user. Required
email_address The email address of the user to remove from the group. Optional
domain_address A domain of the user to remove from a group. Optional

Context Output
Path Type Description
Mimecast.Group.Users.EmailAddress String The user's email address.
Mimecast.Group.Users.IsRemoved Boolean Whether the user part of the group.

Command Example

!mimecast-remove-group-member group_id=XXXX domain_address=YYYY

Human Readable Output

23. mimecast-create-group


Creates a new Mimecast group.

Base Command

mimecast-create-group

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Directories/Groups/Edit.
Input
Argument Name Description Required
group_name The name of the new group. Required
parent_id The Mimecast ID of the new group's parent. Default will be root level. Optional

Context Output
Path Type Description
Mimecast.Group.Name String The name of the group.
Mimecast.Group.Source String The source of the group.
Mimecast.Group.ID String The Mimecast ID of the group.
Mimecast.Group.NumberOfUsers Number The number of members in the group.
Mimecast.Group.ParentID String The Mimecast ID of the group's parent.
Mimecast.Group.NumberOfChildGroups Number The number of child groups.

Command Example

!mimecast-create-group group_name=TTTT parent_id=XXXX

Human Readable Output

24. mimecast-update-group


Updates an existing Mimecast group.

Base Command

mimecast-update-group

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Directories/Groups/Edit.
Input
Argument Name Description Required
group_name The new name for the group. Optional
group_id The Mimecast ID of the group to update. Required
parent_id The new parent group. Optional

Context Output
Path Type Description
Mimecast.Group.Name String The name of the group.
Mimecast.Group.ID String The Mimecast ID of the group.
Mimecast.Group.ParentID String The Mimecast ID of the group's parent.

Command Example

!mimecast-update-group group_id=XXXX group_name=ZZZZ

Human Readable Output

25. mimecast-create-remediation-incident


Creates a new Mimecast remediation incident.

Base Command

mimecast-create-remediation-incident

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Services/Threat Remediation/Edit.
Input
Argument Name Description Required
hash_message_id The file hash or messageId value. Required
reason The reason for creating the remediation incident. Required
search_by The message component by which to search. Can be "hash" or "messagId". Default is "hash". Optional
start_date The startt date of messages to remediate. Default value is the previous month. (Format: yyyy-mm-ddThh:mm:ss+0000) Optional
end_date Theend date of messages to remediate. Default value is the end of the current day. (Format: yyyy-mm-ddThh:mm:ss+0000) Optional

Context Output
Path Type Description
Mimecast.Incident.ID String The secure Mimecast remediation ID.
Mimecast.Incident.Code String The incident code generated at creation.
Mimecast.Incident.Type String The incident type.
Mimecast.Incident.Reason String The reason provided at the creation of the remediation incident.
Mimecast.Incident.IdentifiedMessages Number The number of messages identified based on the search criteria.
Mimecast.Incident.SuccessfullyRemediatedMessages Number The number successfully remediated messages.
Mimecast.Incident.FailedRemediatedMessages Number The number of messages that failed to remediate.
Mimecast.Incident.MessagesRestored Number The number of messages that were restored from the incident.
Mimecast.Incident.LastModified String The date and time that the incident was last modified.
Mimecast.Incident.SearchCriteria.From String The sender email address or domain.
Mimecast.Incident.SearchCriteria.To String The recipient email address or domain.
Mimecast.Incident.SearchCriteria.MessageID String The message ID used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.FileHash String The file hash used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.StartDate String The start date of included messages.
Mimecast.Incident.SearchCriteria.EndDate String The end date of included messages.

Command Example

!mimecast-create-remediation-incident hash_message_id=XXXX reason=YYYY

Human Readable Output

26. mimecast-get-remediation-incident


Returns a Mimecast remediation incident.

Base Command

mimecast-get-remediation-incident

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Services/Threat Remediation/Read.
Input
Argument Name Description Required
incident_id The Mimecast ID for a remediation incident. Required

Context Output
Path Type Description
Mimecast.Incident.ID String The secure Mimecast remediation ID.
Mimecast.Incident.Code String The incident code generated at creation.
Mimecast.Incident.Type String The incident type.
Mimecast.Incident.Reason String The reason provided when the remediation incident was created.
Mimecast.Incident.IdentifiedMessages Number The number of messages identified based on the search criteria.
Mimecast.Incident.SuccessfullyRemediatedMessages Number The number of successfully remediated messages.
Mimecast.Incident.FailedRemediatedMessages Number The number of messages that failed to remediate.
Mimecast.Incident.MessagesRestored Number The number of messages that were restored from the incident.
Mimecast.Incident.LastModified String The date and time that the incident was last modified.
Mimecast.Incident.SearchCriteria.From String The sender email address or domain.
Mimecast.Incident.SearchCriteria.To String The recipient email address or domain.
Mimecast.Incident.SearchCriteria.MessageID String The message ID used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.FileHash String The file hash used when creating the remediation incident.
Mimecast.Incident.SearchCriteria.StartDate String The start date of included messages.
Mimecast.Incident.SearchCriteria.EndDate String The end date of included messages.

Command Example

!mimecast-get-remediation-incident incident_id=XXXX

Human Readable Output

27. mimecast-search-file-hash


Searches for one or more file hashes in the account. Maximum is 100.

Base Command

mimecast-search-file-hash

Required Permissions

The following permissions are required for this command.

  • Mimecast administrator with at least one of the following permissions: Services/Threat Remediation/Read.
Input
Argument Name Description Required
hashes_to_search List of file hashes to check if they have been seen within an account. Required

Context Output
Path Type Description
Mimecast.Hash.HashValue String The file hash value.
Mimecast.Hash.Detected Boolean Whether the hash was found in the account.

Command Example

!mimecast-search-file-hash hashes_to_search=XXXX

Human Readable Output

28. mimecast-update-policy


update policy

Base Command

mimecast-update-policy

Input
Argument Name Description Required
policy_id Policy id Required
description Policy description Optional
fromType Blocked Sender type. Most times you will have to change fromValue according to fromType Optional
toType Blocked Receiver type. Most times you will have to change fromValue according to fromType Optional
option The block option, must be one of: no_action, block_sender. Optional
fromValue Blocked Sender value. FromValue depends on fromType Optional
toValue Blocked Receiver value. ToValue depends on toType Optional
fromPart Addresses based on Optional

Context Output
Path Type Description
Mimecast.Policy.ID string Policy ID
Mimecast.Policy.Sender.Address string Block Sender by email address
Mimecast.Policy.Sender.Domain string Block Sender by domain
Mimecast.Policy.Sender.Group string Block Sender by group
Mimecast.Policy.Bidirectional boolean Blocked policy is Bidirectional or not
Mimecast.Policy.Receiver.Address string Block emails to Receiver type address
Mimecast.Policy.Receiver.Domain string Block emails to Receiver type domain
Mimecast.Policy.Receiver.Group string Block emails to Receiver type group
Mimecast.Policy.Fromdate date Policy validation start date
Mimecast.Policy.Todate date Policy expiration date
Mimecast.Policy.Sender.Type String The sender type
Mimecast.Policy.Receiver.Type String The Receiver type

Command Example

!mimecast-update-policy policyID=XXXX toType=address_attribute_value

Human Readable Output
image