Skip to main content

Email Security Integrations

Integrate your email security platforms with RAD Security to bring email threat detections — and, where available, email activity events — into a single, correlated view alongside your runtime, cloud, and Kubernetes security data. These integrations are read-only. RAD Security pulls email threats (and email activity events for supported providers) from your platform on a scheduled basis to power unified threat detection and investigation. RAD never writes to, modifies, or deletes anything in your email security platform.

Benefits

Email Threat Visibility

Surface email threat detections — phishing, malware, and impersonation — alongside runtime, cloud, and Kubernetes signals.

Email Activity

Ingest email activity events (Defender for Office 365) to see message flow across your tenant.

Correlated Analysis

Correlate email threats and activity with runtime and identity detections to prioritize what matters.

RADBot Prioritization

Let RADBot triage email threats by real-world impact.

Supported Integrations

Status: AvailableView Setup Guide →Connect Microsoft Defender for Office 365 to RAD Security to ingest email threats and email activity events.Key Features:
  • Email threat detections (OCSF Detection Finding)
  • Email activity events (OCSF Email Activity)
  • Azure AD app (OAuth) client-credentials authentication
  • Scheduled, read-only data ingestion
Status: AvailableView Setup Guide →Connect Mimecast Cloud Gateway to RAD Security to ingest email threats.Key Features:
  • Email threat detections (OCSF Detection Finding)
  • Mimecast API 2.0 OAuth2 client-credentials authentication
  • Scheduled, read-only data ingestion
Note: Mimecast provides email threats only — it does not provide email activity events.

What Data is Collected

  • Email threat detections — phishing, malware, impersonation, and spam (both providers)
  • Mapped to OCSF Detection Finding and stored as security findings, queryable in RAD
  • Email message events across your tenant (Microsoft Defender for Office 365 only)
  • Mapped to OCSF Email Activity and stored alongside RAD’s other activity feeds
Mimecast Cloud Gateway does not provide email activity events.

Use Cases

Threat Investigation

Investigate email threats with context from runtime, cloud, and identity detections.

Email Activity Monitoring

Track email activity events (Defender for Office 365) to understand message flow.

Correlated Detection

Correlate email threats with RAD runtime and identity signals to cut through the noise.

RADBot Prioritization

Leverage RADBot to prioritize email threats based on real-world impact.

Getting Started

1

Choose Your Platform

Select your email security platform from the supported integrations above.
2

Generate API Credentials

Create API credentials with read access in your email security platform.
3

Configure in RAD Security

Add the integration in your RAD Security workspace with the generated credentials.
4

Verify Connection

Confirm the integration is active and data is being synced.

Next Steps

Defender for Office 365 Setup

Connect Microsoft Defender for Office 365 for email threats and activity

Mimecast Setup

Connect Mimecast Cloud Gateway for email threats

Data Sources Overview

Explore all available data sources