Configuring the BlueApp for Mimecast Events Collection

Role Availability Read-Only Investigator Analyst Manager

To configure the BlueApp for Mimecast Events Collection in USM Anywhere, you need to have a Mimecast account with the appropriate authorization, as well as an API access token and secret key.

Set up the Mimecast API

Follow the instructions listed in the Mimecast user documentation. Here are the instructions on how to generate the API access token and secret key for USM Appliance.

To set up Mimecast to enable the BlueApp for Mimecast Events Collection

  1. Create a new user within the Mimecast Administration Console whose authentication token will never expire.

    1. Assign your new user to the Basic Administrator role under Administration > Account > Roles.

    2. Create a new group under Administration > Directories > Profile Groups and add your user to it.

    3. Create a new authentication profile under Administration > Services > Applications, ensuring that you set the Authentication TTL to Never Expires.

    Note: If you do not select Never Expires, you will have to generate a new API token and secret key and reconfigure your AlienApp every time this expires, or your AlienApp will not be able to collect data.

    1. Still in Administration > Services > Applications, create a new application setting and add the group you created in step 3 and the authentication profile you created in step 4.

  2. Generate an API token and secret key under Services > API Applications > Create Keys.

Important: Be sure to save the API token and secret key, which you will need to configure the BlueApp for Mimecast Events Collection.

Configure BlueApp for Mimecast Events Collection in USM Anywhere

To enable the BlueApp for Mimecast Events Collection

  1. In USM Anywhere, go to Data Sources > BlueApps.
  2. Click the Available Apps tab.
  3. Search for the BlueApp, and then click the tile.
  4. Click Configure API.
  5. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled BlueApp.

    BlueApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the BlueApp API endpoints.

  6. Enter the required information to configure the API.

    • Email Address: the email address of your credentialed Mimecast user

    • Access Key: the API token you generated previously

    • Secret Key: the secret key you generated previously

    • App ID: the ID assigned to your Mimecast application when you registered your app

    • App Key: the app key assigned to your Mimecast application when you registered your app

  7. Click Save.

BlueApp Log Collection

Once the BlueApp has been configured, you can choose to have USM Anywhere collect logs from the app on a regular basis.

To configure log collection for the BlueApp

  1. Go to Settings > Scheduler.
  2. In the Job Scheduler, search for the BlueApp on the sensor to which it was deployed.
  3. In the enabled column, click the icon for the inactive collection job.

    The icon turns green, and collection is enabled.

  4. (Optional.) Click the icon to customize the frequency of the event collection.