Service Update
| Availability | November 6th, 2024 |
| Product(s) | API & Integrations |
| Who's affected | IBM Qradar Administrators |
Overview
Mimecast is pleased to announce the release of the latest version of Mimecast v3 integration for IBM QRadar SIEM. This update migrates the integration to our new API 2.0 gateway, enabling QRadar administrators to efficiently process Mimecast's SIEM, Audit, Data Leak Protection, and Targeted Threat Protection event data through IBM QRadar SIEM.
What's changing
The new version v3.0.0 supports the following compatibility:
- IBM QRadar v7.5.0 Update Package 4 and subsequent.
- IBM QRadar v7.4.3 Fix Pack 8 and subsequent.
Release Notes
v3.0.0
- Revamped the existing configuration page.
- Added support for a proxy.
- Added enable/disable functionality to collect each data separately.
- Migrated API endpoints from v1 to v2.
- Removed the Mimecast Region field from the event and added Account Name in every event payload.
- Added below data collections:
- Data Leak Prevention.
- Targeted Threat Protection URL.
- Targeted Threat Protection Attachment Protect.
From version 3.0.0, the audit event name mc_event audit auth login failed, mc_event audit auth other, mc_event audit auth user logon will not be visible. The audit events will be parsed based on the audit category.
Recommended actions
To be able to use this feature, and upgrade from v2.x.x to 3.0.0, the user has to uninstall the App and then follow the installation steps to install the 3.0.0 version. For more information on how to do this, see App Installation & Configuration.
Comments
Please sign in to leave a comment.