Email Security Cloud Integrated - Threats, Security Events & Data API Endpoints - Aug 2023

Updated

Service Update

Availability August 2nd, 2023
Product(s) Email Security Cloud Integrated (CI)
Who's affected Email Security Cloud Integrated (CI), Administrators

Overview

Mimecast is pleased to announce new Threats, Security Events, and Data APIs for Email Security Cloud Integrated.
These APIs will be accessible via the API 2.0 Applications menu option and offer the same events and fields as the existing SIEM (Security Information Event Management) API provides today.
Email Security Cloud Integrated customers can receive threat events in their SIEM using the new API 2.0 Applications feature. Managing API 2.0 for Cloud Integrated provides further information on creating an API 2.0 Application.

What's changing

There will be changes to available API types:

  • Stream SIEM API: This API has several export and filtering options to request only the required data. Data is available in CIM, CEF, CSV, JSON formats. The number of events that can be returned in a single call is limited to 100 events per page, and the frequency of calls is limited to 300 calls/hour. The Batch SIEM API is recommended for clients receiving all events without filtering.  
  • Batch SIEM API: This API will return a pre-signed URL, allowing customers to access batched SIEM events. This is best used for clients who need to receive all SIEM events in batches and require a separate call per event type. This API will allow filtering by event only and returns events in JSON format.

Recommended actions 

You will find these endpoints under the following tile:

Documentation drop-down | API 2.0 Reference in the API 2.0 Portal.

CI tile-200-s.jpg
Portal 700-s.jpg

For further technical documentation, please refer to the Mimecast API 2.0 references for Stream SIEM and Batch SIEM, respectively:

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.