Brand Exploit Protect - Integration With Mimecast

This guide describes how to integrate Brand Exploit Protect with your Mimecast account.

Brand Exploit Protect can be used without integrating with your Mimecast account. However, to get the best return on your investment, we recommend that it be integrated. This provides the ability to create policies to provide web and email protection from the Brand Exploit Protect dashboard.

Integration requires you to perform the following in the Mimecast Administration Console:

1. Create an API Application Record
2. Request the Access / Secret Key

Considerations

Before you start the integration, review the following considerations.

• It is best practice to create a dedicated Brand Exploit Protect user, and use it to generate keys. This avoids instances where an employee might leave the company or change roles, and having to assign a different user. See the Brand Exploit Protect: Managing Users page for further details..
• The "Admin IP Range" is currently incompatible with the BEP integration
• If you are using the "Admin IP Range", this is currently incompatible with the BEP integration, but is currently being considered. The best options would be to disable the IP range or continue to use the BEP service without the integration. The latter would only affect the ability to generate policies from the BEP dashboard.

Creating an API Application Record

To create an API Application record:

1. Log on to the Mimecast Administration Console.
2. Navigate to Services | API and Platform Integrations.
3. Click on the Add API Application button.
4. Complete the Application Details dialog as follows:

5. Click the Next button.
6. Complete the Application Settings dialog as follows:

7. Click the Next button.
8. Review all the information you've entered. Click the Previous button to go back to change any details.
9. Click the Add button.

Requesting the Access / Secret Keys

To request the private keys:

1. Log in to the Mimecast Administration Console.
2. Navigate to Services | API and Platform Integrations.
3. Click on the API Application.
4. In the slide out panel, click on the Create Keys button.
5. Enter the Email Address of a service account. You must know the account’s domain or cloud password.

6. Click the Next button.
7. Complete the Account Password dialog as follows:

8. Click the Next button. A verification code is sent to the user's email address.
9. Enter the Code to authenticate the request.
10. Click the Next button. The Access Key and Secret Key fields are displayed.
11. Either click the:
12. icon to reveal the keys.
13.  icon to copy the key to your clipboard.

14. Click the Close button.

Minimum Admin Rights Required

If you would like to give the Basic Admin dedicated user the minimum needed permissions please refer to the following list of end points that are being interacted with by the API integration:

• Create Block Sender Policy API: in order to successfully use this endpoint the logged-in user must be a Mimecast administrator with at least the Gateway | Policies | Edit permission.
• Create Managed URL API: In order to successfully use this endpoint the logged-in user must be a Mimecast administrator with at least the Services | Targeted Threat Protection – URL Protect | Edit permission.
• Get Managed URL API: To successfully use this endpoint the logged-in user must be a Mimecast administrator with at least the Services | Targeted Threat Protection – URL Protect | Edit permission.
• Create/Get/Update Group & Add Group Members APIs: in order to successfully use this endpoint the logged-in user must be a Mimecast administrator with at least the Directories | Groups | Edit permissions.

See Also...

• Brand Exploit Protect Guides
• Brand Exploit Protect: The Dashboard 
• Managing API Applications