Mimecast for Splunk

Document created by user.zL0FB6L9lN Expert on Jan 30, 2017Last modified by user.zL0FB6L9lN Expert on Sep 11, 2017
Version 7Show Document
  • View in full screen mode
CategorySecurity, Analytics
Developed byMimecast
Support contactMimecast
DocumentationMimecast for Splunk Administrators Guide
DownloadDownload on Splunkbase





Our research shows 91% of attacks start with email. This makes Mimecast one of the most valuable sources of data for your Splunk system.


This app provides an easy way to add Mimecast gateway and audit events into your Splunk Enterprise environment, as well as a number of predefined dashboards to give you valuable, actionable insights into your organization's email security. 


Release notes


Current version: 2.0.1


  • Added support and dashboards for new Targeted Threat Protection URL Protect and Attachment Protect data types.
  • Refreshed version 1 dashboards to be more efficient and moved these to the Sample Dashboards menu.
  • Added support for proxy settings in the modular input script.
  • Added support for Advanced Account Administration customers to access log data from all their accounts using a single installation of the app.
  • Changed logging strategy of the modular input script from logging to file to logging to the splunkd log
  • Added a new Troubleshooting dashboard to get easy access and display logs.
  • Simplified app configuration and programatic extraction of the access key and secret key values required to authorize API requests.
  • Added support for rate limiting applied by the Mimecast API.
  • Removed requirement on version 1 of the Mimecast API.
  • Improved error handling.


Previous version: 1.0.4


  • Adds support for secure storage for Mimecast Access and Secret Keys
  • Addresses an issue where check point files were not being closed properly
1 person found this helpful