AlienVault® USM Anywhere™

Mimecast Email Security

When you configure Mimecast Email Security to send log data to USM Anywhere, you can use the Mimecast plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
Device Details
Vendor Mimecast
Device Type Mail Security
Connection Type Syslog

Integrating Mimecast Email Security

To send log data from Mimecast to USM Anywhere

  • Follow the Mimecast tutorial, Downloading SIEM Logs, to forward logs to USM Anywhere.

    When modifying the script, enter the IP address of the USM Anywhere Sensor in the syslog_server variable.

Plugin Enablement

For plugin enablement information, see Manual Integration Management.

Available Plugin Fields

The following plugin fields are important attributes extracted from the syslog message. The USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.

  • customfield_0
  • customfield_10
  • customfield_11
  • customfield_12
  • customfield_13
  • customfield_19
  • customfield_2
  • customfield_3
  • customfield_5
  • customfield_7
  • customfield_9
  • customheader_0
  • customheader_10
  • customheader_11
  • customheader_12
  • customheader_13
  • customheader_2
  • customheader_3
  • customheader_5
  • customheader_7
  • customheader_9
  • device_direction
  • email_recipient
  • email_sender
  • email_subject
  • event_action
  • event_name
  • file_kb_size
  • source_address
  • tls_cipher
  • tls_version