Alert Logic now provides customers with Mimecast security coverage via Mimecast-generated observations and a new Email Security Summary dashboard. The Mimecast cloud-based Secure Email Gateway supports protection against inbound spear-phishing, malware, spam, and zero-day attacks.
Mimecast-Generated Observation Creation
Alert Logic observations based on Mimecast data are available for customer consumption and provide coverage for the following Mimecast customer use cases:
- Detecting malicious emails
- Applying a watchlist against links and domains found in Mimecast logs
- Detecting emails with malware
Access Mimecast observations within the Alert Logic console at (navigation menu) > Investigate > Search > Search > Expert Mode. Copy and paste the following search query into the Expert Mode search text field and select Search to see all Mimecast-generated observations for the time frame you have selected.
SELECT ts AS "Time Stamp", severity, visibility, keys, properties, tactic, technique, class, subclass
WHERE keys.vendor = 'Mimecast'
Now that you have Mimecast observations and the ability to search and filter them, you can use these observations to create correlations to receive customized alerts. The same example above for search can be used to set up your Mimecast correlations.
For more on working with correlations in the Alert Logic console, see the Correlations and Notifications documentation, which can be used to correlate observations from Mimecast.
Email Security Summary Dashboard
The new Email Security Summary dashboard - found in the Alert Logic console at > Dashboards > Email Security Summary - provides a real-time view of the current state of top Mimecast analytics and alerts. The dashboard also allows you the ability to capture lists of top offenders and victims of email-based threats in a single-page view.