Skip to main content

Mimecast Cloud Gateway Integration Setup

This guide walks you through integrating Mimecast Cloud Gateway with RAD Security to ingest email threats for unified threat detection and investigation. Mimecast Cloud Gateway protects your email against phishing, malware, and impersonation. RAD Security authenticates to the Mimecast API 2.0 using OAuth 2.0 client credentials and pulls email threat detections on a scheduled basis to correlate them with your runtime, cloud, and Kubernetes security data.
Read-only integration: RAD Security only reads data from Mimecast. It never writes to, modifies, or deletes anything in your Mimecast environment.
Mimecast Cloud Gateway provides email threats only — it does not provide email activity events. To also ingest email activity events, use the Microsoft Defender for Office 365 integration.

Prerequisites

Before you begin, ensure you have:
  • A Mimecast account with API access
  • Administrator permission to create an API 2.0 application in the Mimecast Administration Console
  • The API Gateway region for your Mimecast tenant (if not the default global region)
  • Access to a RAD Security workspace with integration permissions

Understanding Integration Components

RAD Security authenticates to the Mimecast API 2.0 using the OAuth 2.0 client-credentials grant. You create an API 2.0 application in Mimecast and provide its Client ID and Client Secret. RAD exchanges them for short-lived access tokens automatically.
Mimecast operates regional API gateways. The optional API Gateway region selects the API base URL. Leave it at the default (global) unless your Mimecast tenant is served by a specific regional gateway.
RAD Security ingests Mimecast data via scheduled polling. Webhooks are not used — data arrives on RAD’s polling cadence rather than being pushed by Mimecast.

Step 1: Create an API 2.0 Application in Mimecast

1

Sign in to the Mimecast Administration Console

Log in to the Mimecast Administration Console with an administrator account that can manage API applications.
2

Create an API 2.0 Application

Navigate to Services → API and Platform Integrations and create a new Mimecast API 2.0 application. Provide the requested details and submit the application.
3

Generate Client Credentials

Generate the credentials for the application to obtain your Client ID and Client Secret.
Copy the Client Secret immediately. Mimecast shows the secret only once at creation time. Store it securely in a password manager or secrets vault.
4

Determine Your API Gateway Region

Identify the API Gateway region for your Mimecast tenant. Use the default global region unless your tenant is served by a specific regional gateway.
Exact console navigation and labels vary across Mimecast versions. See the Mimecast API 2.0 documentation for current steps to create an application and generate credentials.

Configure in RAD Security

Navigate to your RAD Security workspace and configure the Mimecast Cloud Gateway integration with the following parameters:

Required Parameters

ParameterDescription
Client IDMimecast API 2.0 OAuth2 Client ID
Client SecretMimecast API 2.0 OAuth2 Client Secret
API Gateway regionMimecast API gateway region — optional, defaults to global

Verify Integration

1

Check Connection Status

  1. Navigate to Data Sources > Integrations > Email Security in RAD Security
  2. Locate your Mimecast Cloud Gateway integration
  3. Verify the connection status shows as Connected
Your Mimecast integration is now configured! RAD Security will ingest email threats from Mimecast on a scheduled basis.

What Data is Synced

Email threat detections — phishing, malware, impersonation — mapped to OCSF Detection Finding, stored as security findings, and correlated with runtime, cloud, and identity signals.

Use Cases

Threat Investigation

Investigate Mimecast email threats with context from RAD runtime, cloud, and identity detections.

Correlated Detection

Correlate Mimecast email threats with RAD runtime and identity signals to cut through the noise.

RADBot Prioritization

Leverage RADBot to prioritize Mimecast email threats by real-world impact.

Unified Findings

Review Mimecast email threats alongside the rest of your RAD security findings.

Troubleshooting

Possible causes:
  • Incorrect Client ID or Client Secret
  • The API 2.0 application was disabled or its credentials were revoked in Mimecast
Solution:
  • Verify the Client ID and Client Secret are copied correctly (no extra spaces)
  • Confirm the API 2.0 application is still active under API and Platform Integrations
  • Regenerate the credentials in Mimecast and update them in RAD Security if needed
Possible causes:
  • The selected API Gateway region does not match your Mimecast tenant
Solution:
  • Leave the region at global unless your tenant uses a specific regional gateway
  • Update the API Gateway region to match your tenant and reconnect
Possible causes:
  • No email threats in scope for the configured account
  • The API application lacks access to threat data
Solution:
  • Confirm threat detections exist in the Mimecast Administration Console
  • Verify the API 2.0 application has the access required to read threat data

Security Best Practices

Use a Dedicated Application

Create a dedicated API 2.0 application for the RAD integration rather than reusing an existing one.

Least Privilege

Grant only the read access required for email threats.

Rotate Credentials

Rotate the Client Secret periodically according to your security policy.

Secure Secret Storage

Store the Client Secret in a secrets vault. Never commit it to version control.

Additional Resources

Mimecast API 2.0 Documentation

Official Mimecast API 2.0 documentation, including applications and credentials

Email Security Overview

Learn about RAD’s email security integrations

Next Steps

Defender for Office 365 Setup

Connect Microsoft Defender for Office 365 for email threats and activity

Email Security Integrations

Explore other email security integration options

RADBot

Learn how RADBot helps prioritize findings