API & Integrations - Event Push Integration - Nov 2025

Updated

Service Update

Availability November 18th, 2025
Product(s) Email Security - MX
Who's affected Administrators

Overview

Mimecast is pleased to announce enhancements to the Event Push integration, enabling organizations to automatically send security and operational events from Mimecast to external platforms in a variety of formats. This integration supports use cases such as pushing logs to SIEM, triggering SOAR workflows, and storing events in AWS S3 for long-term retention analytics.

What's changing

  • Multiple Event Push Types Supported:

    • HTTP Event Collector (HEC): Batch JSON payloads for high-volume SIEM ingestion (e.g., Splunk, CrowdStrike).

      NDJSON: Newline-delimited JSON for efficient bulk event delivery.

      Webhook: Single-event JSON payloads for real-time automation (note: not recommended for high-volume event types due to rate limiting).

      AWS S3 File: Uploads each event as a JSON file to a specified S3 bucket (note: subject to AWS PUT rate limits).

  • Expanded Event Types:
    • Now includes Attachment Protection, Impersonation Protection, URL Protection, DLP/Content Examination, Audit, Message Release, Archive View, Message Rejection, Email Queue Status, MTA, Threat, Remediation Incident, and Threat Feed events.
  • Flexible Authentication:
    • OAuth 2.0, static headers (with secret masking), and IP-based authentication options.
    • AWS S3 authentication via IAM Access/Secret Key and region.
  • Enhanced Security and Compliance:
    • All events must be sent over HTTPS (port 443) to endpoints with publicly valid certificates.
    • Ability to restrict API traffic to specific Mimecast IP addresses.
  • Improved Error Handling:
    • Automatic retries for temporary errors.
    • Email notifications for permanent errors to up to 5 configured recipients.
  • Replay and Fetch Controls:
    • Fetch from Duration setting to control historical event delivery on setup.
    • Token reset feature for replaying events as needed.

Recommended actions

  • Review your current Event Push configurations to ensure the selected push type matches your event volume and recipient platform's capabilities.
  • Update recipient platforms to accept connections from the listed Mimecast IP addresses.
  • Verify authentication settings (OAuth 2.0, static headers, or IAM credentials) and update secrets as needed.
  • Monitor for rate limiting if using Webhook or S3 push types with high event volumes; consider switching to HEC or NDJSON if necessary.
  • No immediate action is required if your current configuration meets your needs and is functioning as expected.

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.