# AQUILA - Setup Integration from Mimecast

## **Mimecast Integration Guide**

Integrate **Mimecast** with your security platform via API to collect email threat data, archive logs, DLP events, and other security-related logs for centralized visibility and incident response.

### **Credentials & API Access Setup (Mimecast)**

Before configuring the integration, prepare your API credentials from the Mimecast Admin Console.

#### **Steps**:

1. **Log in** to the Mimecast Administration Console.
2. Navigate to **Administration → Account → API Applications**.
3. Click **“Register New Application”** and provide a name and description.
4. Once registered, take note of the following credentials:
    
    
    - **Application ID**
    - **Application Key**
    - **Access Key**
    - **Secret Key**
5. You may need your **Mimecast Region-specific API URL**:
    
    
    - Example: `https://api.mimecast.com`
    - Check with your Mimecast representative for region-specific URLs.

> **Note:** Some log types may require separate credentials due to rate limits.

### **Permissions Reference (Mimecast API App)**

Ensure the API Application and associated Access Key have the following scopes:

<div class="_tableContainer_80l1q_1" id="bkmrk-data-stream-permissi"><div class="_tableWrapper_80l1q_14 group flex w-fit flex-col-reverse" tabindex="-1"><table border="1" class="w-fit min-w-(--thread-content-width)" data-end="2931" data-start="2486" style="border-collapse: collapse; border-style: solid; width: 101.548%; height: 150.234px;"><thead data-end="2560" data-start="2486"><tr data-end="2560" data-start="2486" style="height: 29.7969px;"><th data-col-size="sm" data-end="2514" data-start="2486" style="width: 39.5709%; height: 29.7969px;">Data Stream</th><th data-col-size="sm" data-end="2560" data-start="2514" style="width: 60.4291%; height: 29.7969px;">Permission Scope</th></tr></thead><tbody data-end="2931" data-start="2636"><tr data-end="2709" data-start="2636" style="height: 30.1094px;"><td data-col-size="sm" data-end="2663" data-start="2636" style="width: 39.5709%; height: 30.1094px;">Archive / Audit Logs</td><td data-col-size="sm" data-end="2709" data-start="2663" style="width: 60.4291%; height: 30.1094px;">`auditevents:read`</td></tr><tr data-end="2783" data-start="2710" style="height: 30.1094px;"><td data-col-size="sm" data-end="2737" data-start="2710" style="width: 39.5709%; height: 30.1094px;">DLP &amp; SIEM Logs</td><td data-col-size="sm" data-end="2783" data-start="2737" style="width: 60.4291%; height: 30.1094px;">`dlplogs:read`, `siemlogs:read`</td></tr><tr data-end="2857" data-start="2784" style="height: 30.1094px;"><td data-col-size="sm" data-end="2811" data-start="2784" style="width: 39.5709%; height: 30.1094px;">Threat Intel Feeds</td><td data-col-size="sm" data-end="2857" data-start="2811" style="width: 60.4291%; height: 30.1094px;">`ti_logs:read`</td></tr><tr data-end="2931" data-start="2858" style="height: 30.1094px;"><td data-col-size="sm" data-end="2885" data-start="2858" style="width: 39.5709%; height: 30.1094px;">TTP Logs</td><td data-col-size="sm" data-end="2931" data-start="2885" style="width: 60.4291%; height: 30.1094px;">`ttp_logs:read`</td></tr></tbody></table>

</div></div>### **Integration Configuration (Mimecast)**

<div class="_tableContainer_80l1q_1" id="bkmrk-data-stream-required"><div class="_tableWrapper_80l1q_14 group flex w-fit flex-col-reverse" tabindex="-1"><table border="1" class="w-fit min-w-(--thread-content-width)" data-end="2243" data-start="1532" style="width: 108.095%; height: 207.375px; border-collapse: collapse; border-style: solid;"><thead data-end="1622" data-start="1532"><tr data-end="1622" data-start="1532" style="height: 29.7969px;"><th data-col-size="md" data-end="1565" data-start="1532" style="width: 50.064%; height: 29.7969px;">Data Stream</th><th data-col-size="md" data-end="1622" data-start="1565" style="width: 50.064%; height: 29.7969px;">Required Details</th></tr></thead><tbody data-end="2243" data-start="1714"><tr data-end="1802" data-start="1714" style="height: 28.5938px;"><td data-col-size="md" data-end="1746" data-start="1714" style="width: 50.064%; height: 28.5938px;">Archive Search Logs</td><td data-col-size="md" data-end="1802" data-start="1746" style="width: 50.064%; height: 28.5938px;">Application ID, App Key, Access Key, Secret Key, URL</td></tr><tr data-end="1892" data-start="1803" style="height: 29.7969px;"><td data-col-size="md" data-end="1835" data-start="1803" style="width: 50.064%; height: 29.7969px;">Audit Events</td><td data-col-size="md" data-end="1892" data-start="1835" style="width: 50.064%; height: 29.7969px;">Same as above</td></tr><tr data-end="1982" data-start="1893" style="height: 29.7969px;"><td data-col-size="md" data-end="1925" data-start="1893" style="width: 50.064%; height: 29.7969px;">DLP Logs</td><td data-col-size="md" data-end="1982" data-start="1925" style="width: 50.064%; height: 29.7969px;">Same as above</td></tr><tr data-end="2072" data-start="1983" style="height: 29.7969px;"><td data-col-size="md" data-end="2015" data-start="1983" style="width: 50.064%; height: 29.7969px;">SIEM Logs</td><td data-col-size="md" data-end="2072" data-start="2015" style="width: 50.064%; height: 29.7969px;">Same as above</td></tr><tr data-end="2161" data-start="2073" style="height: 29.7969px;"><td data-col-size="md" data-end="2112" data-start="2073" style="width: 50.064%; height: 29.7969px;">Threat Intel Malware (Customer/Grid)</td><td data-col-size="md" data-end="2161" data-start="2112" style="width: 50.064%; height: 29.7969px;">Same as above</td></tr><tr data-end="2243" data-start="2162" style="height: 29.7969px;"><td data-col-size="md" data-end="2206" data-start="2162" style="width: 50.064%; height: 29.7969px;">TTP Logs (Attachment, URL, Impersonation)</td><td data-col-size="md" data-end="2243" data-start="2206" style="width: 50.064%; height: 29.7969px;">Same as above</td></tr></tbody></table>

</div></div>### **Aquila Integration Configuration (Mimecast)**

**(incomplete)**