Connect Aurora Endpoint Security to Mimecast

You can add a Mimecast connection to your Endpoint Defense console. Mimecast attachment protection analyzes all email attachments that your users receive and can handle the attachment based on the policy that you configure.

The Alerts view allows administrators to view Mimecast attachment risk information from one unified interface. Mimecast surfaces the attachment risk telemetry that is provided by the Mimecast Attachment Protection Service. The action that Mimecast applies to the file attachment is displayed in the response column of the Alerts view. If Mimecast categorizes an alert as malicious, the alert will be categorized as high priority in the Alerts view. If Mimecast categorizes an alert as unsafe or unknown, the alert will be categorized as medium priority. Any alerts that are deemed low priority by Mimecast will not display in the Alerts view.

The Alerts view uses the attachment hash to group alerts, meaning that a similar alert across multiple users in your organization can be grouped for the same threat. You can use the Detection Details link to access the Mimecast Attachment Protection dashboard to investigate and remediate threats.

For more information about the Alerts view, see Managing alerts across Aurora Endpoint Security services in the Administration content.

Prepare your Mimecast account:
1. Create a Mimecast account. Administrators must create a new account for all service users.
  
  For more information, see Creating/Editing Mimecast Users in the Mimecast documentation.
2. Add an API application.
  
  Specify the details and settings of your API application. When configuring the API application, verify that "Service Application" is selected. This is required to make sure API keys do not expire. If this option is not selected, the Mimecast connector will lose connectivity when the key expires.
  
  For more information, see Adding an API application in the Managing API Applications guide from Mimecast.
3. Create user association keys.
  
  You must create user association keys to connect Mimecast to Aurora Endpoint Security.
  
  For more information, see Creating User Association Keys in the Managing API Applications guide from Mimecast.
4. Inform users of the Mimecast configuration.
  
  It is recommended that you notify your users of the Mimecast configuration. You can download the preconfigured email templates available from Mimecast.
5. Configure attachment protection definitions and policies.
  
  Configure the attachment protection definitions and policies that Mimecast will use when an insecure email is discovered.
  
  For more information, see Attachment Protect Configuration in the Mimecast documentation.
6. Enable and configure notifications.
  
  Make sure you enabled and configured notifications for all API users for notification data so that it is available in the Alerts view.
  
  For more information, see Attachment Protect Configuration in the Mimecast documentation.
7. Enable directory services.
  
  Make sure you enabled Mimecast Directory Services so that the Mimecast user information (email address) is correlated with your user data that is stored in your Entra or Active Directory service. This configuration also enables correlation with your devices and the device data that is associated with the users in your directory services.
  
  For more information, see Directory Synchronization in the Mimecast documentation.
In the Endpoint Defense console, on the menu bar, click Settings > Connectors.
Click Add Connector > Mimecast.
In the General Information section, type a name for the connector.
In the Mimecast Configuration section, specify the required information, specify a polling frequency, and select a base URL.
For more information, see Managing API Applications in the Mimecast documentation.
Click the toggle control to enable polling.
Click Test Connection.
Click Save.

View and manage alerts in the Alerts view. See Managing alerts acrossEndpoint Defenseservices in the Administration content.