ESS can be used to stream events generated by your subscribed products, i.e., Web Security Activity, and security events.
This service offers API integrations that integrate into your event management system.
Prerequisites
-
-
-
A Mimecast Web Security Subscription.
-
You must create a Mimecast API application; see Managing API Applications.
-
-
Now you can configure the Event Streaming Service and select the data type you want to consume by creating a channel for those events.
Creating a Channel
- Log on to the Mimecast Administration Console.
- Navigate to Services | API and Platform Integrations | Event Channels.
- Click on the Create Channel button.
- Complete the Channel Details dialog as follows:
| Field/Option | Description |
|---|---|
|
Name |
Enter a name for the channel. |
|
Description |
Add an optional description. |
|
Platform |
Select a platform; currently, only a SIEM is supported. |
- Click on the Next button.
- Select the Application, Web Security.
- Click on the Next button.
- Select the Events you want to consume.
| Type | Description |
|---|---|
| DNS Events | |
|
DNS Security |
Security events from the DNS service. These are similar to the DNS events you see in the security report. |
|
Block |
DNS Block events. |
|
Warning |
Warning events are generated by DNS because of advanced similarity detection. |
|
Inspect |
Events for DNS requests that are routed to the proxy for further inspection. |
|
Policy Allow |
All explicit DNS allows events due to a policy action. |
|
Safe Search |
DNS safe search events. |
|
Default Allow |
DNS requests that were allowed but not due to a policy action. |
|
Unfiltered |
There are DNS requests that were not filtered by the web security service, e.g., SRV, MX, TXT, etc., records. |
|
Error |
These are DNS error events. |
| HTTPS event | |
|
HTTP Security |
Security events from the webproxy service. These are similar to the webproxy events you see in the security report. |
|
Block |
Webproxy block events. |
|
Warning |
Warning events generated by webproxy because of advanced similarity detection. |
|
Isolate |
Isolate events generated for requests that were isolated into a BI session. |
|
Policy Allow |
All explicit webproxy allow events due to a policy action. |
|
Error |
These are web webproxy error events. |
- Click on the Next button.
- Review the Summary to ensure all details are correct.
- Click on the Create Channel button.
Channel Identifier for the API integration
From the list view, click on the newly created channel, and a slide-in panel will appear containing a unique identifier.
You can complete the integration by following the ESS steps on our API Portal.
Comments
Please sign in to leave a comment.