🚫 Mimecast Audit Logs for Microsoft Sentinel - DEPRECATED
Solution: MimecastAudit
🚫 Deprecated: This solution has been deprecated and replaced by a newer integration.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Mimecast |
| Support Tier | Partner |
| Support Link | https://mimecastsupport.zendesk.com/ |
| Categories | domains |
| Version | 3.0.2 |
| Author | Mimecast - dlapi@mimecast.com |
| First Published | 2022-02-24 |
| Last Updated | 2022-02-24 |
| Solution Folder | MimecastAudit |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (0%) |
The data connector for Mimecast Audit & Authentication provides customers with the visibility into security events related to audit and authentication events within Microsoft Sentinel. The data connector provides pre-created dashboards to allow analysts to view insight into user activity, aid in incident correlation and reduce investigation response times coupled with custom alert capabilities.
The Mimecast products included within the connector are:
Audit & Authentication.
Microsoft Sentinel Solutions provide a consolidated way to acquire Microsoft Sentinel content like data connectors, workbooks, analytics, and automations in your workspace with a single deployment step.
NOTE: This integration is considered deprecated and has been replaced by the unified Mimecast integration, which uses Mimecast's API 2.0 gateway. Please avoid using this version, and if already using it, migrate to the new integration. No further updates will be performed, and this version will be removed at a future date. For additional information, including the unified integration setup steps, go here.
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
MimecastAudit_CL 🔶 |
Mimecast Audit & Authentication | Analytics, Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 2 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 1 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Mimecast Audit - Logon Authentication Failed | High | Discovery, InitialAccess, CredentialAccess | MimecastAudit_CL |
Workbooks
| Name | Tables Used |
|---|---|
| MimecastAudit | MimecastAudit_CL |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.2 | 06-03-2025 | Solution Deprecated |
| 3.0.1 | 05-12-2023 | Enhanced Dataconnector to use existing workspace and updated checkpoint mechanism |
| 3.0.0 | 23-08-2023 | Initial Solution Release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊