A. Introduction
The following documentation will guide you on how to integrate Right-hand HRM platform with Mimecast.
The integration can be used for ingesting security incidents. This security incident related data is then used for the following:
Assess organizational risk
Sending micro-learning nudges to employees
Target employees for phishing campaigns or training campaigns
Below are the steps to be performed for doing a successful integration with Mimecast. It involves 3 major steps:
B. Creating an integration role(Mimecast)
Login to your mimecast console and select Administration Console.
On the top-left corner, please click on the menu icon. Select the Account tab.
On the Account tab, click on Roles.
Click on New Role.
Provide Role Name and Description.
Under the Monitoring Menu, enable only read access for the following.
Attachment
URL Protection
Attachment Protection
Impersonation Protection Logs
DLP Logs
Click on Save and Exit mentioned on the top.
A role should appear as per the screenshot below.
C. Creating an API tenant with the above role access
Go to Services --> API and Platform Integrations
2. Click on generate keys
3. Go through the Generate keys wizard as shown in below steps:
4. Add the following details
Add category as Business Intelligence
Add the following product: Security Events
Application role select RH HRM or any other name that you had given to the role in first part of the configuration.
Add any suitable description and click next.
5. Add details of a technical point of contact, which is the person who are notified if the integration or API service account is not working
6. Verify that the details in summary are correct and click on "Add and generate Keys"
7. Copy the Client ID and Client Secret and save them to a secure place you can easily access.
D. Creating an API tenant with the above role access
Go to Right-Hand Cyberready portal and navigate to Human Risk Management --> Settings --> Search Mimecast
2. Click on Configure and you will be redirected to the following Modal.
--> Select the API URL based on your Mimecast Deployment Region
--> Add the Client ID and Secret
--> Click on Save & Authorize
3. Once you have the Authentication done. Go to the next tab: Detection Rules and select the events that you want to enable for Direct message nudges/emails and the ones that you want to enable for campaign targeting.
A. In order for the nudges to be delivered, you will have to
-> Configure the delivery medium
-> Ensure that the employees for whom the events are received are added in the Right-hand portal.
B. For campaign retargeting, you must have access to training readiness and phishing readiness license to create campaigns.
F. Mimecast Events Supported by Right Hand HRM
Sensitive data exposure
This event is considered by Right hand when following conditions are met in the received alerts
log type: DLP events
action: block
Employee Received a malicious file via email
This event is considered by Right hand when following conditions are met in the received alerts
log type: attachment logs
result: malicious
route: inbound
Employee Sent a Malicious File via email
This event is considered by Right hand when following conditions are met in the received alerts
log type: attachment logs
result: malicious
route: outbound
Employee Sent a Malicious File to a coworker
This event is considered by Right hand when following conditions are met in the received alerts
log type: attachment logs
result: malicious
route: internal
Employee received a spoof email
This event is considered by Right hand when following conditions are met in the received alerts
log type: ttp impersonation logs
taggedmalicious: True
action: hold
identifiers: similar_internal_domain
Employee received a Impersonation email attack
This event is considered by Right hand when following conditions are met in the received alerts
log type: ttp impersonation logs
taggedmalicious: True
action: hold
identifiers: internal_user_name
Employee received a targeted impersonation email
This event is considered by Right hand when following conditions are met in the received alerts
log type: ttp impersonation logs
taggedmalicious: True
action: hold
identifiers: targeted_threat_dictionary
Employee clicked on a Malicious Link (Category: Compromised Website)
This event is considered by Right hand when following conditions are met in the received alerts
log type: ttp url logs
category: 'Compromised'
action: block
Employee clicked on a Malicious Link (Category: Phishing & Fraud)
This event is considered by Right hand when following conditions are met in the received alerts
log type: ttp url logs
category: 'Phishing & Fraud'
action: block
Employee clicked on a Malicious Link (Category: 'Spam Sites)
This event is considered by Right hand when following conditions are met in the received alerts
log type: ttp url logs
category: 'Spam Sites'
action: block
Employee clicked on a Malicious Link (Category: Suspicious)
This event is considered by Right hand when following conditions are met in the received alerts
log type: ttp url logs
category: 'Suspicious'
action: block
Employee clicked on a Malicious Link (Category: Malware)
This event is considered by Right hand when following conditions are met in the received alerts
log type: ttp url logs
category: 'Malware'
action: block
Employee clicked on a Malicious Link (Category: Botnets)
This event is considered by Right hand when following conditions are met in the received alerts
log type: ttp url logs
category: 'Botnets'
action: block