How to Integrate Mimecast in wazuh siem solutions

236 views
Skip to first unread message

ismailctest C

unread,
Oct 24, 2022, 12:48:28 AM10/24/22
to Wazuh mailing list
Hi Team,
Kindly share the steps to integrate Mimecast in wazuh siem.

Mauricio Ruben Santillan

unread,
Oct 24, 2022, 2:50:09 PM10/24/22
to Wazuh mailing list

Hello!

I found this document from Mimecast that explains how to get logs from it. According to the document, you could download logs to a file or send them out via syslog (They even provide a script to do this).

If you choose to receive syslog directly to the Wazuh Manager, you would need to add a remote module to your Wazuh Manager as explained here in order to enable Wazuh to catch syslog traffic.
Once this is done, you will need to create custom decoders and rules for your events.

In case you choose to dump Mimecast logs to a file, you could install a Wazuh Agent on such Mimecast server and ingest the log file by adding a localfile module as shown here. Then you will need to work on decoders and rules as well (If the logs are in JSON format, you won't need to create decoders. Wazuh decoded JSON data by default).

I hope this helps! Let me know how it goes!

Reply all
Reply to author
Forward
0 new messages