The value of data often increases when correlated with other information that was previously isolated in an organization. This is certainly true for security threat information when considering that endpoints, networks, databases and many other types of systems are vulnerable to attack. We know that email is one of the top attack vectors, and combining this data with that from other security solutions is a top priority.
Mimecast is pleased to announce the general availability of the Data Logging API and Splunk application for customers and partners. The Data Logging API lets organizations harness key email information and integrate and analyze the information in custom or third-party SIEM solutions. Below are just a few of the use cases for increased data visibility:
- Who in my organization/what department is being targeted most by whaling (impersonation) attacks?
- What is the country of origin for rejected mail?
- Email rejections by type
- Reporting and monitoring for encrypted email between two domains -- including top recipient and sending domains that use or do not use TLS
For Mimecast customers that already use Splunk, integrating Mimecast data is easy and requires no coding or scripting. Just download the Mimecast app from Splunk, fill out a couple of simple form fields and you’re off and running.
If you aren’t a Splunk customer, you can use the Data Logging API and have access to the same data. Use the Developer Community on Mimecaster Central for sample code and API documentation. As always, Mimecast’s legendary support is here to help every step of the way. Stay tuned for even more API information in the coming months.