Mimecast Security

the mimecast security connector facilitates the automation of email security management tasks, such as message tracking, file retrieval, and policy enforcement, directly within the swimlane platform mimecast security offers a robust email security platform designed to protect against advanced threats and data loss this connector enables seamless integration with swimlane turbine, allowing users to automate the retrieval and management of email security data by leveraging mimecast's capabilities, users can enhance incident response, streamline email archive searches, and enforce security policies directly within the swimlane turbine platform prerequisites to effectively utilize the mimecast security connector with swimlane turbine, ensure you have the following prerequisites oauth 2 0 client credentials for secure authentication url the endpoint url for api access client id your unique identifier for oauth 2 0 authentication client secret a confidential secret key for oauth 2 0 authentication hmac authentication for enhanced security url the endpoint url for api access access key your specific access key for hmac authentication app id the application identifier used in conjunction with hmac app key a unique key assigned to your application for hmac usage secret key the secret associated with your hmac credentials action api permissions below is the table of required api scopes for the set of credentials used in the asset and broken down by action action required api permissions add or remove group members https //integrations mimecast com/documentation/endpoint reference/directory/add group member/ archive message search https //integrations mimecast com/documentation/endpoint reference/archive/search/ create managed url https //integrations mimecast com/documentation/endpoint reference/targeted threat protection url protect/create managed url/ create remediation incident https //integrations mimecast com/documentation/endpoint reference/threat intel/create incident/ decode url https //integrations mimecast com/documentation/endpoint reference/targeted threat protection url protect/get managed url/ get archived file attachment https //integrations mimecast com/documentation/endpoint reference/archive/get file/ get archived message details https //integrations mimecast com/documentation/endpoint reference/archive/get message detail/ get archived message part https //integrations mimecast com/documentation/endpoint reference/archive/get message part/ get archived messages list https //integrations mimecast com/documentation/endpoint reference/archive/get message list/ get archived search logs https //integrations mimecast com/documentation/endpoint reference/logs and statistics/get archive search logs/ get group members https //integrations mimecast com/documentation/endpoint reference/directory/get group members/ get groups https //integrations mimecast com/documentation/endpoint reference/directory/find groups/ get file https //integrations mimecast com/documentation/endpoint reference/message queues/get file/ get held messages list https //integrations mimecast com/documentation/endpoint reference/message queues/get hold message list/ get ttp impersonation protect logs https //integrations mimecast com/documentation/endpoint reference/logs and statistics/get ttp impersonation protect logs/ get inbound & output message queue hold list https //integrations mimecast com/documentation/endpoint reference/message queues/inbound outbound queues/ get incident https //integrations mimecast com/documentation/endpoint reference/threat intel/get incident/ get managed urls https //integrations mimecast com/documentation/endpoint reference/targeted threat protection url protect/get managed url/ get message detail https //integrations mimecast com/documentation/endpoint reference/message queues/get message detail/ get message info https //integrations mimecast com/documentation/endpoint reference/message finder formally tracking/get message info/ get ttp url logs https //integrations mimecast com/documentation/endpoint reference/logs and statistics/get ttp url logs/ message finder search https //integrations mimecast com/documentation/endpoint reference/message finder formally tracking/search/ permit or block sender https //integrations mimecast com/documentation/endpoint reference/managed sender/ reject message from queue https //integrations mimecast com/documentation/endpoint reference/message queues/reject message/ release message from queue https //integrations mimecast com/documentation/endpoint reference/message queues/release message/ capabilities the mimecast connector provides the following capabilities add or remove group members archive message search create managed url create remediation incident decode url get archived file attachment get archived message details get archived message part get archived messages list get archived search logs get file get group members get groups get held messages list get ttp impersonation protect logs and so on additional information about capabilities see the https //www mimecast com/tech connect/documentation/tutorials/building search queries/ guide for more information on building search queries notes https //integrations mimecast com/documentation/endpoint reference/ https //www mimecast com/tech connect/documentation you will need to use a mimecast https //community mimecast com/docs/doc 1070 , see the below table to set access/secrets to never expire you must update the authentication cache ttl setting in the service user's effective authentication profile to "never expire " region api endpoint check for update urls australia au api mimecast com https //updates au mimecast com/update/descriptors/mfo/latest europe (excluding germany) eu api mimecast com https //updates uk mimecast com/update/descriptors/mfo/latest germany de api mimecast com https //updates de mimecast com/update/descriptors/mfo/latest offshore jer api mimecast com https //updates jer mimecast com/update/descriptors/mfo/latest required api mimecast com n/a used for initial account discovery south africa za api mimecast com https //updates za mimecast com/update/descriptors/mfo/latest united states us api mimecast com https //updates us mimecast com/update/descriptors/mfo/latest about address alteration policy updates you must define the input required for your use case in the policy update action the policy update action doesn't require any policy input, which is how mimecast defined this endpoint if no policy input is defined, then the action will fail for more information about all the available inputs, see the https //integrations mimecast com/documentation/endpoint reference/policies/address alteration/update policy/ additional notes please provide admin access or required premissions to your mimecast account or credentials wherever applicable to make the connector actions working configurations mimecast hmac authenticates using hmac configuration parameters parameter description type required url a url to the target host string required access key access key string required app id app id string required app key app key string required secret key secret key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional mimecast oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required client id the client id string required client secret the client secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get archived file attachment retrieves a file attachment from an archived message in mimecast security using specified data parameters endpoint url /api/archive/get file method post input argument name type required description data array optional response data data id string optional response data input example {"json body" {"data" \[{"id" "enpfjkulwjayrf9ltlpi0jzvd07vojpgpqncn6gkn0mwd8mjo4j faigs7mbc8 l3pef4q3obi0qezf57wptn1w1r3briwppvh7nntu t9qiv2w1wewfjo1xezhd3yc km1 rx8v ptzdk1rb9bwekpxo29 bhcis7urso qbcy8dumhrgznk t7ckmyzzroahvbwd30aegmb x1snirafcwe04zwscmzeqs i9zimmkwsgkoefadememysinccsy emy t4a6feswu"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data urls array response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "tue, 16 sep 2025 05 37 26 gmt","content type" "application/json","cache control" "no store","strict transport security" "max age=31536000; includesubdomains","x frame options" "sameorigin","referrer policy" "same origin","x request id" "793b7425 5352 48ef 9b2c eb9a5e4aed6a","via" "1 1 google","alt svc" "h3=\\" 443\\"; ma=2592000,h3 29=\\" 443\\"; ma=2592000","transfer encoding" "chunked"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fai get archived message details retrieve detailed information about a specific message from mimecast's archive using the provided data parameters endpoint url /api/archive/get message detail method post input argument name type required description data array optional response data data id string required response data input example {"json body" {"data" \[{"id" "enpvzlklgkaubed mq8fze5bd5hugbxtkqsh4y23rns8ywv99 yx5 8cznktaqwrsciyjhnkp8fpgwfhlq wf1mg 8ku3syml9noymakdeyd63f78adegph0uze9jgb34trt6erwcsbrvppxuac7tyefpzoppf qmn1tbi r4csabwfn3bhpkjipyt wztugypnmwois s5 v1duun21nisheknbyvbpkufqyr vtfaiifz 58vo3bc9a"}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get archived messages list retrieves a list of archived messages for a specified user in mimecast security, requiring a data payload endpoint url /api/archive/get message list method post input argument name type required description meta object optional parameter for get archived messages list meta pagination object optional parameter for get archived messages list meta pagination pagetoken string optional parameter for get archived messages list meta data array optional response data meta data view string required response data meta data mailbox string optional response data meta data start string optional response data meta data end string optional response data meta data includedelegates boolean optional response data meta data includealiases boolean optional response data input example {"json body" {"meta" {"pagination" {"pagetoken" "page token"},"data" \[{"view" "inbox","mailbox" "admin\@mctest swimlane com","start" "2021 09 07t14 49 18+0000","end" "2022 10 07t14 49 18+0000","includedelegates"\ true,"includealiases"\ true}]}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get archived message part retrieves a specific part of an archived message from mimecast using the provided data parameters endpoint url /api/archive/get message part method post input argument name type required description data array optional response data data mailbox string required response data data context string required response data data id string required response data data type string required response data input example {"json body" {"data" \[{"mailbox" "admin\@mctest swimlane com","context" "delivered","id" "enpvzlklgkaubed mq8fze5bd5hugbxtkqsh4y23rns8ywv99 yx5 8cznktaqwrsciyjhnkp8fpgwfhlq wf1mg 8ku3syml9noymakdeyd63f78adegph0uze9jgb34trt6erwcsbrvppxuac7tyefpzoppf qmn1tbi r4csabwfn3bhpkjipyt wztugypnmwois s5 v1duun21nisheknbyvbpkufqyr vtfaiifz 58vo3bc9a","type" "plain"}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get archived search logs retrieves archived search logs from mimecast security based on specified json body parameters endpoint url /api/archive/get search logs method post input argument name type required description meta object optional parameter for get archived search logs meta pagination object optional parameter for get archived search logs meta pagination pagesize number optional parameter for get archived search logs meta pagination pagetoken string optional parameter for get archived search logs data array optional response data data start string optional response data data end string optional response data data query string optional response data input example {"json body" {"meta" {"pagination" {"pagesize" 1,"pagetoken" "page token"}},"data" \[{"start" "2022 10 23t20 51 21+0000","end" "2022 10 24t20 51 21+0000","query" "\<?xml version=\\"1 0\\"?> \<xmlquery trace=\\"iql,muse\\"> \<metadata query type=\\"emailarchive\\" archive=\\"true\\" active=\\"false\\" page size=\\"25\\" startrow=\\"0\\"> \<mailboxes> \<mailbox include aliases=\\"true\\">admin\@mctest swimlane com\</mailbox> \</mailboxes> \<smartfolders/> \<return fields> \<return field>attachmentcount\</return field> \<return field>status\</return field> \<return field>subject\</return field> \<return field>size\</return field> \<return field>receiveddate\</return field> \<return field>displayfrom\</return field> \<return field>displayfromaddress\</return field> \<return field>id\</return field> \<return field>displayto\</return field> \<return field>displaytoaddresslist\</return field> \<return field>smash\</return field> \</return fields> \</metadata> \<muse> \<text>\</text> \<date select=\\"last year\\"/> \<sent>\</sent> \<docs select=\\"optional\\"> \</docs> \<route/> \</muse> \</xmlquery>"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value meta pagination object output field meta pagination meta pagination pagesize number output field meta pagination pagesize meta pagination totalcount number count value data array response data data logs array response data data logs createtime string response data data logs emailaddr string response data data logs source string response data data logs searchtext string response data data logs searchpath string response data data logs searchreason string response data data logs isadmin boolean response data data logs musequery string response data data logs description string response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "mon, 24 oct 2022 21 18 56 gmt","content type" "application/json","content length" "3360","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200,"pagination" {}},"data" \[{}],"fail" \[]}} archive search conduct a comprehensive search in mimecast security's archive using specified data parameters endpoint url /api/archive/search method post input argument name type required description meta object optional parameter for archive search meta pagination object optional parameter for archive search meta pagination pagetoken string optional parameter for archive search data array optional response data data admin boolean required response data data query string required response data input example {"json body" {"meta" {"pagination" {"pagetoken" "pagetoken"}},"data" \[{"admin"\ false,"query" "\<?xml version=\\"1 0\\"?> \<xmlquery trace=\\"iql,muse\\"> \<metadata query type=\\"emailarchive\\" archive=\\"true\\" active=\\"false\\" page size=\\"100\\" startrow=\\"0\\"> \<muse> \<text>subject\ subject\</text> \<date select=\\"last year\\"/> \<sent>\</sent> \<docs select=\\"optional\\"> \</docs> \<route/> \</muse> \</xmlquery>"}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} add group member adds a new member to a specified group within mimecast security using the provided json body endpoint url /api/directory/add group member method post input argument name type required description data array optional response data data domain string optional response data data emailaddress string optional response data data id string required response data input example {"json body" {"data" \[{"domain" "www test1 com","emailaddress" "test\@test1 com","id" "enovzk0lgjayaod 8l4tytvkhq6mkngnlaxqredrlc2fc5ok nt2fw7pbyqyvsppwabungvziomyxuepgmw 1bpydq9w47fxjur8fg xmosnfrgpojsj x0wizheduh3xcjf6ozwagunuxppu 8ltax8wqvrhhjgf 31bbbvulgwt2olkrhqzskt7dwpjrralgzea2smmuwubnhwymsh1oygxlpyuyfndmhfmwh9 w4tsgj5 ga76ubc"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data id string response data data folderid string response data data emailaddress string response data data internal boolean response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "mon, 10 oct 2022 16 06 44 gmt","content type" "application/json","content length" "606","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "100","x ratelimit remaining" "99","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fail" \[]}} get groups retrieve groups from mimecast that match the query parameters specified in the provided json body data endpoint url /api/directory/find groups method post input argument name type required description meta object optional parameter for get groups meta pagination object optional parameter for get groups meta pagination pagesize number optional parameter for get groups meta pagination pagetoken string optional parameter for get groups data array optional response data data query string optional response data data source string optional response data input example {"json body" {"meta" {"pagination" {"pagesize" 25,"pagetoken" "page token"}},"data" \[{"query" "query string","source" "source string"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value meta pagination object output field meta pagination meta pagination pagesize number output field meta pagination pagesize meta pagination totalcount number count value meta pagination next string output field meta pagination next data array response data data source string response data data folders array response data data folders id string response data data folders description string response data data folders source string response data data folders parentid string response data data folders usercount number response data data folders foldercount number response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "mon, 10 oct 2022 20 21 32 gmt","content type" "application/json","content length" "6293","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200,"pagination" {}},"data" \[{}],"fail" \[]}} get group members retrieves a list of members for a specified group in mimecast security using the provided json body endpoint url /api/directory/get group members method post input argument name type required description data array optional response data data id string required response data input example {"json body" {"data" \[{"id" "enovzk0lgjayaod 8l4tytvkhq6mkngnlaxqredrlc2fc5ok nt2fw7pbyqyvsppwabungvziomyxuepgmw 1bpydq9w47fxjur8fg xmosnfrgpojsj x0wizheduh3xcjf6ozwagunuxppu 8ltax8wqvrhhjgf 31bbbvulgwt2olkrhqzskt7dwpjrralgzea2smmuwubnhwymsh1oygxlpyuyfndmhfmwh9 w4tsgj5 ga76ubc"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value meta pagination object output field meta pagination meta pagination pagesize number output field meta pagination pagesize meta pagination totalcount number count value data array response data data groupmembers array response data data groupmembers emailaddress string response data data groupmembers name string response data data groupmembers internal boolean response data data groupmembers domain string response data data groupmembers type string response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "mon, 10 oct 2022 20 37 01 gmt","content type" "application/json","content length" "245","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "0"},"reason" "ok","json body" {"meta" {"status" 200,"pagination" {}},"data" \[{}],"fail" \[]}} remove group member removes specified members from a mimecast security group using the provided json body for configuration endpoint url /api/directory/remove group member method post input argument name type required description data array optional response data data domain string optional response data data emailaddress string optional response data data id string required response data input example {"json body" {"data" \[{"domain" "www test1 com","emailaddress" "test\@test1 com","id" "enovzk0lgjayaod 8l4tytvkhq6mkngnlaxqredrlc2fc5ok nt2fw7pbyqyvsppwabungvziomyxuepgmw 1bpydq9w47fxjur8fg xmosnfrgpojsj x0wizheduh3xcjf6ozwagunuxppu 8ltax8wqvrhhjgf 31bbbvulgwt2olkrhqzskt7dwpjrralgzea2smmuwubnhwymsh1oygxlpyuyfndmhfmwh9 w4tsgj5 ga76ubc"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data id string response data data folderid string response data data emailaddress string response data data internal boolean response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "mon, 10 oct 2022 16 06 53 gmt","content type" "application/json","content length" "606","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fail" \[]}} get inbound and outbound message queue hold list retrieves inbound and outbound email queue messages from mimecast security using specified data parameters endpoint url /api/email/get email queues method post input argument name type required description data array optional response data data start string required response data data end string required response data input example {"json body" {"data" \[{"start" "2015 11 16t14 49 18+0000","end" "2015 11 16t14 49 18+0000"}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get held messages list retrieve details of messages on hold in mimecast security using specified criteria within the required data payload endpoint url /api/gateway/get hold message list method post input argument name type required description data array optional response data data admin boolean optional response data data start string optional response data data searchby object optional response data data searchby fieldname string optional response data data searchby value string optional response data data end string optional response data input example {"json body" {"data" \[{"admin"\ true,"start" "2015 11 16t14 49 18+0000","searchby" {"fieldname" "field name","value" "value"},"end" "2015 11 16t14 49 18+0000"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value meta pagination object output field meta pagination meta pagination pagesize number output field meta pagination pagesize meta pagination totalcount number count value meta pagination next string output field meta pagination next data array response data data id string response data data reason string response data data reasonid string response data data reasoncode string response data data from object response data data from emailaddress string response data data from displayablename string response data data fromheader object response data data fromheader emailaddress string response data data fromheader displayablename string response data data to object response data data to emailaddress string response data data to displayablename string response data data subject string response data data route string response data data hasattachments boolean response data output example {"status code" 200,"response headers" {"date" "thu, 13 oct 2022 15 33 09 gmt","content type" "application/json","content length" "9520","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200,"pagination" {}},"data" \[{"id" "enpvzsskgkaybeb3mw2bl9qaouvpzfgrlqighi5 xsojhwekonfplq2 czjnjrgq3kkziro5qxy7foklk6idkv0 htfz get message details retrieve detailed information about a specific message from mimecast using the provided data parameters endpoint url /api/gateway/message/get message detail method post input argument name type required description data array optional response data data viewtype string optional response data data id string required response data data context string optional response data data mailbox string optional response data input example {"json body" {"data" \[{"viewtype" "archive","id" "mimecast secure id","context" "delivered","mailbox" "mailbox\@mailbox com"}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} reject message from queue rejects a specific message from the mimecast held queue using the provided data parameters endpoint url /api/gateway/hold reject method post input argument name type required description data array optional response data data message string optional response data data ids array required response data data reasontype string optional response data data notify boolean optional response data input example {"json body" {"data" \[{"message" "rejection message to be returned to sender","ids" \["enpvzl0lgjaybed smshzc1c0eukpfkhlaeqhb9v vgt3obi6l9nl10 53dog3hizqdvgezi1wjthucjx7z 4a9bo uzbazqcgmnjsj8bdukjun1ti sazylibspz3hoqr6yomhurhdl00tqvsvzhdgv3npmepbfsvtlxfo3wvzskyr1gtxbia2v9 l5w8auemwyhooaeg 2 yk5go6bx1apha9ahubgikyaexxdhoepqcllv 5aqapqs0"],"reasontype" "message contains undesirable content","notify"\ false}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data id string response data data reject boolean response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "thu, 13 oct 2022 19 54 55 gmt","content type" "application/json","content length" "317","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fail" \[]}} release message from queue releases a message from mimecast's hold queue using specified data parameters endpoint url /api/gateway/hold release method post input argument name type required description data array optional response data data id string required response data input example {"json body" {"data" \[{"id" "enpvzlklgkaubed mq8fze5bd5hugbxtkqsh4y23rns8ywv99 yx5 8cznktaqwrsciyjhnkp8fpgwfhlq wf1mg 8ku3syml9noymakdeyd63f78adegph0uze9jgb34trt6erwcsbrvppxuac7tyefpzoppf qmn1tbi r4csabwfn3bhpkjipyt wztugypnmwois s5 v1duun21nisheknbyvbpkufqyr vtfaiifz 58vo3bc9a"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data id string response data data release boolean response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "thu, 13 oct 2022 20 07 50 gmt","content type" "application/json","content length" "317","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fail" \[]}} create remediation incident initiates a new remediation incident in mimecast security with specified data parameters endpoint url /api/ttp/remediation/v2/create method post input argument name type required description data array optional response data data reason string required the reason for creating the remediation incident data searchby string required the message component in which to search by must be one of 'hash', 'message ids' or 'url' data messageids array optional one or more message id to create incident the '<' '>' delimiters are required for each message id data hash string optional file hash of an email attachment to create incident data end string optional timestamp of the most recent message to remediate if none is provided, will default to the current timestamp format is yyyy mm dd't'hh\ mm \ ssz data url string optional url present in an email that should be remediated this field is required when setting searchby field to url should be a decoded, non mimecast rewritten url data start string optional timestamp of the earliest messages to remediate if none is provided, will default to last calendar month format is yyyy mm dd't'hh\ mm \ ssz input example {"json body" {"data" \[{"reason" "remediate by url","searchby" "hash","messageids" \["c6617708516e3"],"hash" "f704b10e18c8e62311c3ddaa0e15c027491af091779ccb9e67ec7d7bf57569a1","end" "2022 01 22t00 00 00+00 00","url" "https //www domain tld/path/to/unwanted/content","start" "2022 01 20t00 00 00+00 00"}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get remediation incident retrieve detailed information about a specific remediation incident in mimecast security using the provided data endpoint url /api/ttp/remediation/get incident method post input argument name type required description data array optional response data data id string required response data input example {"json body" {"data" \[{"id" "incidentidstring"}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} find incidents locate existing remediation incidents in mimecast security with optional search criteria; requires at least one search field endpoint url /api/ttp/remediation/find incidents method post input argument name type required description data array optional response data data start string optional response data data searchby array optional response data data searchby fieldname string optional response data data searchby value string optional response data data end string optional response data data filterby array optional response data data filterby fieldname string optional response data data filterby value string optional response data input example {"json body" {"data" \[{"start" "2015 11 16t14 49 18+0000","searchby" \[{"fieldname" "string","value" "string"}],"end" "2015 11 16t14 49 18+0000","filterby" \[{"fieldname" "string","value" "string"}]}]}} output parameter type description fail array output field fail fail file name string name of the resource fail file string output field fail file meta object output field meta meta status number status value data array response data data incidents array response data data incidents code string response data data incidents successful number response data data incidents modified string response data data incidents reason string response data data incidents id string response data data incidents create string response data data incidents identified number response data data incidents searchcriteria object response data data incidents searchcriteria start string response data data incidents searchcriteria end string response data data incidents searchcriteria filehash string response data data incidents failed number response data data incidents type string response data data incidents restored number response data output example {"json body" {"fail" \[],"meta" {"status" 200},"data" \[{}]}} permit or block sender permits or blocks a sender in mimecast security using the specified data endpoint url /api/managedsender/permit or block sender method post input argument name type required description data array optional response data data action string required response data data to string required response data data sender string required response data input example {"json body" {"data" \[{"action" "block","to" "admin\@mctest swimlane com","sender" "test\@test com"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data id string response data data sender string response data data to string response data data type string response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "thu, 13 oct 2022 18 33 04 gmt","content type" "application/json","content length" "370","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fail" \[]}} message finder search executes a search within mimecast for messages using specified criteria and returns the matching results endpoint url /api/message finder/search method post input argument name type required description data array optional response data data advancedtrackandtraceoptions object optional response data data advancedtrackandtraceoptions from string optional the sending email address or domain of the messages to track data advancedtrackandtraceoptions senderip string optional the source ip address of messages to track data advancedtrackandtraceoptions subject string optional the subject of the messages to track data advancedtrackandtraceoptions to string optional the recipient email address or domain of the messages to track data advancedtrackandtraceoptions url string optional an url from the email content data attachments boolean optional if set to true then searches for emails with attachments data end string optional the date and time of the latest message to track, in the following format, 2011 12 03t10 15 30 +0000 data messageid string optional the internet message id of the message to track data route string optional an array of routes to filter by possible values are internal, outbound and inbound data searchreason string optional reason for tracking a email, used for activity tracking purposes data start string optional the date and time of the earliest message to track, in the following format, 2011 12 03t10 15 30 +0000 data status array optional an array of email status to filter by email status possible values {accepted, processing, bulk processing, delivery, bulk delivery, held, bounced, deferred, rejected and archived} input example {"json body" {"data" \[{"advancedtrackandtraceoptions" {"from" "","senderip" "","subject" "","to" "","url" ""},"attachments"\ true,"end" "2011 12 03t10 15 30+0000","messageid" "","route" "internal","searchreason" "","start" "2011 12 03t10 15 30+0000","status" \["accepted","processing"]}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get file downloads an email attachment from mimecast's message queue using the provided 'data' parameters endpoint url /api/gateway/message/get file method post input argument name type required description data array optional response data data id string required response data input example {"json body" {"data" \[{"id" "enpvkotv2jauxf vkv hw4 ysdldiqbqh7ah0llyhit8uiestxkhqaf973nktw5frot7js756f4kwjbda6knxke635 bqslwn4p54vijtx qzeh4o1ehmd0vyet0of3lp2zfnhzjwta9mdezzq0d ljovmxxr7lejkrdxfdwnvhrdoq5wdez3edtt1jdujhe7 e3590ppqyxg z8eaydjjgcknz1wgfjssvzyvba26od5fwvdbwrmig9mcbmkhlqzcvosjikrfcnq4uzugwsthzprdg86zmud0geyeqykogxgfhwh803k eu2rdqunavcoo hgarkom4ekmegofsawllmsbmidawplfu 6w2ymraihgoiyomoigasnxquhy ajww39p6tfxa8fyprf8rtdl8cnl8l5ijfkqme5tx6feit5b3my5ixsswcygizisybdc6aipwixddvreqe3dzvjp00mhvy 0 9jsf8xgqrvpukjdw5wz04fd21n dmr4grrtgxt7kc64o 9axfl8wfqwkaez17hrf8dpz37bhzihsld1f9pspueq6qg"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data urls array response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "wed, 11 jun 2025 17 32 48 gmt","content type" "application/json","cache control" "no store","strict transport security" "max age=31536000; includesubdomains","x frame options" "sameorigin","referrer policy" "same origin","x request id" "53346ffa a419 4d9b 957c 33ac460010d9","via" "1 1 google","alt svc" "h3=\\" 443\\"; ma=2592000,h3 29=\\" 443\\"; ma=2592000","transfer encoding" "chunked"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fai get message info retrieve detailed information about a specific message in mimecast using the provided data parameters endpoint url /api/message finder/get message info method post input argument name type required description data array optional response data data id string required response data input example {"json body" {"data" \[{"id" "enpvzl0lgjaybed smshzc1c0eukpfkhlaeqhb9v vgt3obi6l9nl10 53dog3hizqdvgezi1wjthucjx7z 4a9bo uzbazqcgmnjsj8bdukjun1ti sazylibspz3hoqr6yomhurhdl00tqvsvzhdgv3npmepbfsvtlxfo3wvzskyr1gtxbia2v9 l5w8auemwyhooaeg 2 yk5go6bx1apha9ahubgikyaexxdhoepqcllv 5aqapqs0"}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} policy update updates an existing address alteration policy in mimecast security with the provided data parameters endpoint url /api/policy/address alteration/update policy method post input argument name type required description data array optional response data data policy array optional response data data policy frometernal string optional response data data policy comment string optional response data data policy enforced string optional response data data policy description string optional response data data policy fromdate string optional response data data policy bidirectional string optional response data data policy toeternal string optional response data data policy frompart string optional response data data policy todate string optional response data data policy from object optional response data data policy from attribute object optional response data data policy from attribute name string optional response data data policy from attribute value string optional response data data policy from attribute id string optional response data data policy from type string optional response data data policy from emailaddress string optional response data data policy from groupid string optional response data data policy from emaildomain string optional response data data policy enabled string optional response data data policy to object optional response data data policy to attribute object optional response data data policy to attribute name string optional response data data policy to attribute value string optional response data input example {"data" \[{"policy" \[{"frometernal" "string","comment" "string","enforced" "string","description" "string","fromdate" "string","bidirectional" "string","toeternal" "string","frompart" "string","todate" "string","from" {"attribute" {},"type" "string","emailaddress" "string","groupid" "string","emaildomain" "string"},"enabled" "string","to" {"attribute" {},"type" "string","emailaddress" "string","groupid" "string","emaildomain" "string"},"override" "string","conditions" {"sourceips" \["string"]}}],"addressalterationsetid" "string","id" "12345678 1234 1234 1234 123456789abc"}]} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data addressalterationsetid string response data data id string response data data policy object response data data policy description string response data data policy frompart string response data data policy from object response data data policy from type string response data data policy to object response data data policy to type string response data data policy fromtype string response data data policy totype string response data data policy frometernal boolean response data data policy toeternal boolean response data data policy fromdate string response data data policy todate string response data data policy override boolean response data data policy bidirectional boolean response data data policy conditions object response data data policy enabled boolean response data data policy enforced boolean response data output example {"status code" 200,"response headers" {"date" "wed, 12 oct 2022 20 52 34 gmt","content type" "application/json","content length" "1015","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fail" \[]}} create block sender policy establishes new blocked sender policies in mimecast security, managing sender and recipient restrictions endpoint url /api/policy/blockedsenders/create policy method post input argument name type required description data array optional response data data option string optional response data data policy object optional response data data policy bidirectional boolean optional response data data policy comment string optional response data data policy conditions object optional response data data policy conditions hostnames array optional response data data policy conditions sourceips array optional response data data policy conditions spfdomains array optional response data data policy description string optional response data data policy from object optional response data data policy from attribute object optional response data data policy from attribute id string optional response data data policy from attribute name string optional response data data policy from attribute value string optional response data data policy from emailaddress string optional response data data policy from emaildomain string optional response data data policy from groupid string optional response data data policy from headerdisplayname string optional response data data policy from type string optional response data data policy fromdate string optional response data data policy frometernal boolean optional response data data policy frompart string optional response data data policy override boolean optional response data data policy to object optional response data input example {"data" \[{"option" "string","policy" {"bidirectional"\ true,"comment" "string","conditions" {"hostnames" \["string"],"sourceips" \["string"],"spfdomains" \["string"]},"description" "string","from" {"attribute" {},"emailaddress" "string","emaildomain" "string","groupid" "string","headerdisplayname" "example name","type" "string"},"fromdate" "string","frometernal"\ true,"frompart" "string","override"\ true,"to" {"attribute" {},"emailaddress" "string","emaildomain" "string","groupid" "string","headerdisplayname" "example name","type" "string"},"todate" "string","toeternal"\ true}}]} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data option string response data data id string response data data policy object response data data policy description string response data data policy frompart string response data data policy from object response data data policy from type string response data data policy from emaildomain string response data data policy to object response data data policy to type string response data data policy to emaildomain string response data data policy fromtype string response data data policy fromvalue string response data data policy totype string response data data policy tovalue string response data data policy fromdate string response data data policy todate string response data data policy override boolean response data data policy bidirectional boolean response data data policy conditions object response data output example {"status code" 200,"response headers" {"date" "wed, 12 oct 2022 20 18 19 gmt","content type" "application/json","content length" "865","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "100","x ratelimit remaining" "99","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fail" \[]}} create managed url adds a specified url to mimecast's managed list for enhanced targeted threat protection, utilizing provided data parameters endpoint url /api/ttp/url/create managed url method post input argument name type required description data array optional response data data matchtype string optional response data data disablerewrite boolean optional response data data action string required response data data comment string optional response data data disableuserawareness boolean optional response data data url string required response data data disablelogclick boolean optional response data input example {"json body" {"data" \[{"matchtype" "explicit","disablerewrite"\ false,"action" "block","comment" "this is a comment","disableuserawareness"\ false,"url" "https //example com","disablelogclick"\ false}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data id string response data data scheme string response data data domain string response data data port number response data data path string response data data querystring string response data data matchtype string response data data action string response data data comment string response data data disableuserawareness boolean response data data disablerewrite boolean response data data disablelogclick boolean response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "mon, 10 oct 2022 18 06 32 gmt","content type" "application/json","content length" "386","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "100","x ratelimit remaining" "99","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fail" \[]}} decode url decodes mimecast's threat protection (ttp) urls to their original form using the 'data' parameter endpoint url /api/ttp/url/decode url method post input argument name type required description data array optional response data data url string required response data input example {"json body" {"data" \[{"url" "example com"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value data array response data data url string response data data success boolean response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "mon, 10 oct 2022 18 22 06 gmt","content type" "application/json","content length" "79","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200},"data" \[{}],"fail" \[]}} get managed urls retrieve all managed urls or domains from mimecast security with a specified query using the 'data' parameter endpoint url /api/ttp/url/get all managed urls method post input argument name type required description data array optional response data data domainorurl string required response data data exactmatch boolean optional response data input example {"json body" {"data" \[{"domainorurl" "example com","exactmatch"\ false}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value meta pagination object output field meta pagination meta pagination pagesize number output field meta pagination pagesize meta pagination totalcount number count value data array response data data id string response data data scheme string response data data domain string response data data port number response data data path string response data data querystring string response data data matchtype string response data data action string response data data comment string response data data disableuserawareness boolean response data data disablerewrite boolean response data data disablelogclick boolean response data fail array output field fail fail file name string name of the resource fail file string output field fail file output example {"status code" 200,"response headers" {"date" "thu, 13 oct 2022 15 46 55 gmt","content type" "application/json","content length" "1119","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200,"pagination" {}},"data" \[{},{},{}],"fail" \[]}} get ttp url logs fetches log data for urls processed by mimecast's targeted threat protection service using the 'data' parameter endpoint url /api/ttp/url/get logs method post input argument name type required description meta object optional parameter for get ttp url logs meta pagination object optional parameter for get ttp url logs meta pagination pagesize number optional parameter for get ttp url logs meta pagination pagetoken string optional parameter for get ttp url logs data array optional response data data oldestfirst boolean optional response data data from string optional response data data route string optional response data data to string optional response data data scanresult string optional response data input example {"json body" {"meta" {"pagination" {"pagesize" 2,"pagetoken" "page token"}},"data" \[{"oldestfirst"\ false,"from" "2016 10 01t14 49 18+0000","route" "all","to" "2017 10 13t23 59 59+0000","scanresult" "all"}]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta status number status value meta pagination object output field meta pagination meta pagination pagesize number output field meta pagination pagesize meta pagination totalcount number count value meta pagination next string output field meta pagination next data array response data data clicklogs array response data data clicklogs useremailaddress string response data data clicklogs fromuseremailaddress string response data data clicklogs url string response data data clicklogs ttpdefinition string response data data clicklogs subject string response data data clicklogs action string response data data clicklogs adminoverride string response data data clicklogs useroverride string response data data clicklogs scanresult string response data data clicklogs category string response data data clicklogs sendingip string response data data clicklogs userawarenessaction string response data data clicklogs date string response data data clicklogs actions string response data data clicklogs route string response data output example {"status code" 200,"response headers" {"date" "thu, 13 oct 2022 17 02 23 gmt","content type" "application/json; charset=utf 8","content length" "7778","connection" "keep alive","cache control" "no store","pragma" "no cache","x robots tag" "noindex, nofollow","x ratelimit limit" "800","x ratelimit remaining" "799","x ratelimit reset" "5000"},"reason" "ok","json body" {"meta" {"status" 200,"pagination" {}},"data" \[{}],"fail" \[]}} get ttp impersonation protect logs retrieve logs of impersonation attempts from mimecast security using specified data parameters endpoint url /api/ttp/impersonation/get logs method post input argument name type required description meta object optional parameter for get ttp impersonation protect logs meta pagination object optional parameter for get ttp impersonation protect logs meta pagination pagesize number optional parameter for get ttp impersonation protect logs meta pagination pagetoken string optional parameter for get ttp impersonation protect logs data array optional response data data oldestfirst boolean optional response data data taggedmalicious boolean optional response data data searchfield string optional response data data identifiers array optional response data data query string optional response data data from string optional response data data to string optional response data data actions array optional response data input example {"meta" {"pagination" {"pagesize" 123,"pagetoken" "string"}},"data" \[{"oldestfirst"\ true,"taggedmalicious"\ true,"searchfield" "string","identifiers" \["string"],"query" "string","from" "string","to" "string","actions" \["string"]}]} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} response headers header description example alt svc http response header alt svc h3=" 443 "; ma=2592000,h3 29=" 443 "; ma=2592000 cache control directives for caching mechanisms no store connection http response header connection keep alive content length the length of the response body in bytes 245 content type the media type of the resource application/json date the date and time at which the message was originated mon, 24 oct 2022 21 18 56 gmt pragma http response header pragma no cache referrer policy http response header referrer policy same origin strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked via http response header via 1 1 google x frame options http response header x frame options sameorigin x ratelimit limit the number of requests allowed in the current rate limit window 100 x ratelimit remaining the number of requests remaining in the current rate limit window 99 x ratelimit reset the time at which the current rate limit window resets 5000 x request id a unique identifier for the request 793b7425 5352 48ef 9b2c eb9a5e4aed6a x robots tag http response header x robots tag noindex, nofollow