This article provides information on integrating Mimecast with Incydr to enhance Human Risk scoring by analyzing sensitive data handling behaviors, configuring the integration, required permissions, and navigating the Human Risk Command Center.
Overview
To enhance the robustness of Human Risk scoring, Mimecast is integrating signals related to user interactions with sensitive data on devices.
The integration will periodically read alerts from Incydr via API, forwarding them to the Human Risk Platform, which will associate each alert with a user and update their sensitive data handling behavior score accordingly. This comprehensive approach aims to improve risk management strategies by providing a clearer understanding of human risk factors associated with sensitive data handling.
The integration is configured in the Integrations Hub, which at the time of launch should only be visible to users with Engage.
Historical events will not be pulled from Incydr – only events from the point of integration onward. This simplifies onboarding as Mimecast won’t change historical scores the user may have already seen at that point.
This integration can be accessed from the Human Risk Command Center, which is available to all
Mimecast Email Security Cloud Gateway customers.
Prerequisites
- Mimecast Engage Subscription.
- Incydr Subscription.
- Mimecast Administrator account.
Permissions
In order to add, edit, or delete the configuration, the user must have one of the following roles:
-
Global Sys Admin
-
Sys Admin - SD Full
-
Super Administrator
-
Full Administrator
-
Basic Administrator
-
Partner Administrator
-
Custom Role with Integrations Marketplace (Read/Write permissions must be enabled.
The user must have Read permissions on the Users and Alerts and Sessions APIs to generate the Client ID and Secret in Incydr.
Configuration
Alerts will appear in the Sensitive Data Handled section only if they are classified as critical alerts within Incydr.
Once an alert is designated as "Critical," it cannot be removed from the “Sensitive Data Handled” section. Therefore, if an alert is later determined to be a false positive, the “Sensitive Data Handled” section will not update to reflect this change retroactively.
The “Sensitive Data Handled” section is intended to display only active, critical alerts and does not adjust for alerts reclassified after their initial appearance.
- Navigate to Integrations | Integrations Hub.
- Click Configure New on Incydr.
- Populate all mandatory fields.
- Provide the Client ID and Secret provided by the Incydr for successful connection.
- Populate the Activate section with the Client ID and Secret, and provide the Base URL.
- Click Save and await the message pop-up that the integration has been added successfully.
- Ensure that the Status reflects as Connected.
- Navigate to Human Risk Command Center | Dashboard | Sensitive Data Handling. The integration is successful and you should now be able to receive the data from Incydr.
- Click View Details in the right-hand corner of the Sensitive Data Handling section to view Events Over Time, Individual Performance, Score Breakdown, and Latest Events.
- To view the score of an individual user, navigate to their Individual Risk Profile page by clicking on any of the usernames.
- To view the data for Sensitive Data Handling in the Events tab, Click Sensitive Data Handling.
- To view additional details, click any item in the Action Type column.
Comments
Please sign in to leave a comment.