API & Integrations - URL & Attachment Protection Data Logging API

New API Feature Release

Mimecast is pleased to announce that additional email security information for Targeted Threat Protection has been added to the Data Logging API. For customers subscribing to our Targeted Threat Protection URL Protection and / or Attachment Protection features, additional information is available for malicious activity detected by Mimecast.

• For URL Protection, all links scanned by Mimecast that are found to be malicious will be logged.
  • The data logs include the malicious URL clicked and the transmission details of the original email containing the URL:
    • from address
    • recipient address
    • source IP address
• For Attachment Protection, all files found to be malicious when processed by the sandbox will be logged.
  • The data logs include comprehensive details about the malicious file:
    • md5, sha1, sha256 hashes
    • name
    • extension
    • MIME type
    • size
  • as well as the transmission details of the original email that the file was attached to:
    • from address,
    • recipient address
    • source IP address

This new data about malicious URLs and attachments detected can be used for a number of use cases, for example:

• As a data source for SIEM systems to:
  • Alert on malicious events,
  • Aid in incident response investigations,
  • And to demonstrate the value of the TTP service internally,
• As a data source for analytics applications,
• As a data source to update other gateway security appliances and intrusion detection systems.