API & Integrations - Event Push Integration - Nov 2025

Updated

Service Update

Availability November 18th, 2025
Product(s) Email Security Cloud Gateway (CG)
Who's affected Email Security Cloud Gateway, Administrators

Overview

Mimecast is pleased to announce enhancements to the Event Push integration, enabling organizations to automatically send security and operational events from Mimecast to external platforms in a variety of formats. This integration supports use cases such as pushing logs to SIEM, triggering SOAR workflows, and storing events in AWS S3 for long-term retention analytics.

What's changing

  • Multiple Event Push Types Supported:

    • HTTP Event Collector (HEC): Batch JSON payloads for high-volume SIEM ingestion (e.g., Splunk, CrowdStrike).

      NDJSON: Newline-delimited JSON for efficient bulk event delivery.

      Webhook: Single-event JSON payloads for real-time automation (note: not recommended for high-volume event types due to rate limiting).

      AWS S3 File: Uploads each event as a JSON file to a specified S3 bucket (note: subject to AWS PUT rate limits).

  • Expanded Event Types:
    • Now includes Attachment Protection, Impersonation Protection, URL Protection, DLP/Content Examination, Audit, Message Release, Archive View, Message Rejection, Email Queue Status, MTA, Threat, Remediation Incident, and Threat Feed events.
  • Flexible Authentication:
    • OAuth 2.0, static headers (with secret masking), and IP-based authentication options.
    • AWS S3 authentication via IAM Access/Secret Key and region.
  • Enhanced Security and Compliance:
    • All events must be sent over HTTPS (port 443) to endpoints with publicly valid certificates.
    • Ability to restrict API traffic to specific Mimecast IP addresses.
  • Improved Error Handling:
    • Automatic retries for temporary errors.
    • Email notifications for permanent errors to up to 5 configured recipients.
  • Replay and Fetch Controls:
    • Fetch from Duration setting to control historical event delivery on setup.
    • Token reset feature for replaying events as needed.

Recommended actions

  • Review your current Event Push configurations to ensure the selected push type matches your event volume and recipient platform's capabilities.
  • Update recipient platforms to accept connections from the listed Mimecast IP addresses.
  • Verify authentication settings (OAuth 2.0, static headers, or IAM credentials) and update secrets as needed.
  • Monitor for rate limiting if using Webhook or S3 push types with high event volumes; consider switching to HEC or NDJSON if necessary.
  • No immediate action is required if your current configuration meets your needs and is functioning as expected.

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.