Live · API 2.0 · us-api.services.mimecast.com
Security Overview
LIVE
Initializing Mimecast event stream…
--:--:--
Threats Blocked (24h)
0
API: /threats/events
Quarantined Today
0
API: /message/get-hold
URL Clicks Blocked
0
API: /ttp/url/get-logs
Emails Processed
0
API: /siem/v1/batch/events
Spam Rejected
0
API: /stats/gateway
🛡Threat Breakdown — Last 24h
View All →
Ransomware / Malware
0
--:--
Phishing / Spear-Phishing
0
--:--
Business Email Compromise
0
--:--
Malicious URL (clicked)
0
--:--
Spam / Bulk
0
--:--
🚨Recent High-Priority Alerts
Ack All
All Alerts →
BEC Attempt — CEO Impersonation
11:42
Investigate
Malicious Attachment — Ransomware
11:18
View Hash
Malicious URL — User Click Blocked
10:54
URL Detail
Spear-Phishing — IT Impersonation
10:31
Quarantine
Bulk Spam Campaign — 1,812 copies
09:47
Details
📊Threat Volume — Hourly (24h)
API Source
00:0006:0012:0018:00Now
📨Top Threat Origin Domains
API Source
API: /threats/events · 13,241 endpoints
Threat Events
🛡All Threat Events — Last 24h
All
CRIT
HIGH
MED
Export CSV
| Severity | Type | Sender | Recipient | Subject | Action | Time |
|---|---|---|---|---|---|---|
| CRIT | BEC / Impersonation | [email protected] | [email protected] | Urgent wire transfer needed | BLOCKED | 11:42 |
| CRIT | Ransomware Attachment | [email protected] | [email protected] | Invoice Q1 2026 - Action Required | SANDBOX | 11:18 |
| CRIT | Malware Dropper | [email protected] | [email protected] | Shared document: Q1 Report.docm | BLOCKED | 10:55 |
| HIGH | URL — Malicious Click | [email protected] | [email protected] | Your account needs verification | CLICK BLOCKED | 10:54 |
| HIGH | Spear-Phishing | [email protected] | [email protected] | Password expiry notice - act now | QUARANTINED | 10:31 |
| MED | Impersonation | [email protected] | [email protected] | Quick question - confidential | TAGGED | 09:58 |
| MED | URL — Phishing Page | [email protected] | [email protected] | Verify your PayPal account | BLOCKED | 09:22 |
| LOW | Spam — Bulk | [email protected] | 1,812 recipients | You've been selected! | BLOCKED | 09:47 |
| LOW | Spam — Bulk | [email protected] | 892 recipients | Flash Sale - Today Only | BLOCKED | 08:14 |
API: /ttp/url/get-logs · 13,241 endpoints
URL Protect — TTP
URLs Blocked Today
241
Malicious / phishing
▲ +67 vs yesterday
User Clicks Blocked
67
On-click real-time block
Safe URLs Scanned
148,220
Rewritten & scanned
99.8% safe
Blocked URL Events
API Source
| URL (sanitized) | User | Action | Category | Time | Actions |
|---|---|---|---|---|---|
| hxxps://login-secure-bank[.]xyz/auth | j.smith | BLOCKED | Phishing | 10:54 | |
| hxxps://paypa1-verify[.]net/login | m.jones | BLOCKED | Credential Harvest | 09:22 | |
| hxxps://docusign-sign[.]info/doc/view | a.chen | WARN | Suspicious | 08:47 | |
| hxxps://shared-docs-view[.]ru/file/Q1 | ops-user | BLOCKED | Malware DL | 08:12 | |
| hxxps://microsofft[.]com/signin | r.kim | BLOCKED | Typosquat | 07:30 |
API: /ttp/attachment/get-logs · 13,241 endpoints
Attachment Protect — TTP
Malicious Blocked
18
Sandbox detonation
Sandboxed Today
218
Pre-emptive analysis
Safe Delivered
62,814
Converted & delivered
Sandbox Detections — File Analysis
API Source
| Filename | Type | SHA256 | Verdict | Sender | Time | Actions |
|---|---|---|---|---|---|---|
| invoice_Q1_2026.xlsm | XLSM | 5f4dcc3b5aa7… | MALICIOUS | [email protected] | 11:18 | |
| Q1_Report.docm | DOCM | aab3238922bc… | MALICIOUS | [email protected] | 10:55 | |
| remittance_advice.exe.pdf | EXE | c4ca4238a0b9… | MALICIOUS | [email protected] | 09:14 | |
| contract_draft.docx | DOCX | eccbc87e4b5c… | CLEAN | [email protected] | 08:52 | — |
| salary_review.pdf | c81e728d9d4c… | CLEAN | [email protected] | 08:20 | — |
API: /ttp/impersonation/get-logs · 13,241 endpoints
Impersonation Protect — TTP
BEC Attempts
43
CEO/CFO fraud detected
Typosquat Domains
71
Similar domain abuse
Internal Spoofed
18
From-header spoofing
Impersonation Events
API Source
| Impersonation Type | Spoofed Identity | Sender Domain | Recipient | Action | Time | Actions |
|---|---|---|---|---|---|---|
| CEO Fraud | M. Johnson, CEO | acme-corp.co | [email protected] | BLOCKED | 11:42 | |
| CFO Fraud | S. Williams, CFO | ktc-demo.co | [email protected] | BLOCKED | 10:15 | |
| IT Impersonation | IT Help Desk | ktcdemo-helpdesk.net | [email protected] | QUARANTINED | 10:31 | |
| Typosquat | Microsoft | microsofft.com | [email protected] | BLOCKED | 07:30 | |
| Brand Abuse | DocuSign | docusign-sign.info | [email protected] | TAGGED | 08:47 |
API: /stats/gateway · hourly & daily · 13,241 endpoints
Gateway Statistics
Inbound Processed
94,822
Last 24h · 13,241 endpoints
Outbound Processed
22,418
Last 24h
Malware Blocked
680
Anti-virus engine
Spam Rejected
18,441
99.2% catch rate
Email Volume by Hour
Traffic Disposition
Delivered Clean
76%
Blocked / Rejected
18%
Quarantined
4%
Held / Review
2%
API: /message/get-hold-message-list · 13,241 endpoints
Quarantine
Showing top 10 of 183 held messages across 13,241 endpoints · API: /message/get-hold-message-list · pageSize=10 · totalCount=183
Held Messages — Pending Review
API Source
Release Selected
| Reason | From | To | Subject | Held Since | Actions | |
|---|---|---|---|---|---|---|
| SUSPICIOUS | [email protected] | a.chen | Password expiry notice | 10:31 | ||
| MALWARE | [email protected] | accounting | Invoice Q1 2026 | 11:18 | ||
| SPAM | [email protected] | 892 users | Flash Sale - Today Only | 08:14 | ||
| POLICY | [email protected] | [email protected] | Large file share link | 07:44 | ||
| DLP | [email protected] | [email protected] | Patient data spreadsheet | 07:11 | ||
| BEC | [email protected] | [email protected] | Quick question re: payroll | 09:58 | ||
| SUSPICIOUS | [email protected] | [email protected] | Sign document now | 08:47 |
API: /siem/v1/batch/events · 13,241 endpoints
SIEM Log Batch
Events This Batch
24,821
Last pull: 5 min ago
Log Types
7
receipt, delivery, ttp, av…
SIEM Destinations
2
Splunk + Sentinel
Sample SIEM Event Output
View Full API Call
{"datetime": "2026-03-22T11:42:18+0000", "acc": "KTC-Demo-Org", "endpoints": 13241,
"Sender": "[email protected]", "Recipient": "[email protected]",
"Dir": "Inbound", "Act": "Blk", "RejType": "Impersonation",
"RejCode": "TT0004", "Definition": "BEC High Risk", "Subtype": "BEC"}
{"datetime": "2026-03-22T11:18:05+0000", "acc": "KTC-Demo-Org", "endpoints": 13241,
"Sender": "[email protected]", "Recipient": "[email protected]",
"Dir": "Inbound", "Act": "Blk", "RejType": "MaliciousAttachment",
"sandboxResult": "Malicious", "fileHash": "5f4dcc3b5aa765d6...",
"Definition": "Attachment Protect - Pre-emptive"}
API: /policy/blockedsenders · /policy/antispoofing · 13,241 endpoints
Security Policies
Active Gateway Policies
API Source
Block — Known Malicious Senders
All inbound · 4,218 entries
BLOCKQuarantine — Suspicious Attachments
Inbound · .xlsm .docm .exe .vbs .ps1
QUARANTINETag — External Sender Warning
All inbound from external domains
TAGAnti-Spoofing SPF Strict
All inbound · SPF fail = reject
REJECTDLP — PII Outbound Scan
Outbound · SSN / CC / PHI patterns
HOLDAllow — Microsoft 365 Relay
Outbound · IP whitelist · 8 IPs
ALLOWAPI: /directory/find-groups · /directory/get-group-members · 13,241 endpoints
Directory Groups
Security Groups · 13,241 Total Endpoints
API Source
| Group Name | Members | Endpoints | Policy Applied | Sync Source | Last Sync | Actions |
|---|---|---|---|---|---|---|
| Executive Leadership | 52 | 52 | BEC High Risk Policy | Azure AD | Today 06:00 | |
| Finance Department | 128 | 128 | Wire Fraud Policy | Azure AD | Today 06:00 | |
| IT Administrators | 34 | 204 | Bypass External Tag | Azure AD | Today 06:00 | |
| All Staff | 8,241 | 8,241 | Standard TTP Policy | LDAP | Today 06:00 | |
| Infrastructure Servers | — | 4,616 | Server TTP Policy | API Managed | Today 06:00 | |
| Blocked Senders List | 4,218 domains | All | Block All | API Managed | 11:42 today |
API: /awareness-training/get-campaigns · /awareness-training/get-safe-score-summary · 8,241 users
Awareness Training
Avg SAFE Score
74
org-wide · /100 · 8,241 users
▲ +4 this month
Active Campaigns
3
Phishing simulation
Training Pending
842
Users overdue
High Risk Users
38
SAFE score < 40
Active Phishing Campaigns
API Source
| Campaign | Sent | Clicked | Reported | Status | Actions |
|---|---|---|---|---|---|
| Q1 2026 — CEO Fraud Sim | 8,241 | 948 (11.5%) | 2,194 | ACTIVE | |
| IT Help Desk Spoof | 8,241 | 478 (5.8%) | 3,181 | ACTIVE | |
| PayPal Invoice Phish | 8,241 | 214 (2.6%) | 5,097 | COMPLETE |
High Risk Users — Watchlist (Top 5 of 38)
| User | SAFE Score | Clicks | Action |
|---|---|---|---|
| [email protected] | 22 | 6 | |
| [email protected] | 28 | 5 | |
| [email protected] | 31 | 4 | |
| [email protected] | 36 | 3 | |
| [email protected] | 38 | 3 |
Interactive · Mimecast API 2.0
API Explorer
✅Demo mode active — returns realistic Mimecast API 2.0 responses scoped to 13,241 endpoints. Connect Client ID + Secret for live production data.
Select a template below and click RUN to get a demo Mimecast API response.
Ready
Quick Templates
GET/api/ttp/url/get-logs
GET/api/ttp/impersonation/get-logs
GET/api/ttp/attachment/get-logs
POST/api/siem/v1/batch/events
POST/api/message/get-hold-message-list
POST/api/awareness-training/get-safe-score-summary
GET/api/stats/gateway
POST/api/directory/find-groups
Ops · 13,241 endpoints
API Status & Rate Limits
API Gateway
● Online
us-api.services.mimecast.com
Auth Token
Valid
Expires in 28 min
Rate Limit Used
423/1000
Per minute window
API Calls Today
0
All endpoints
Endpoint Rate Limits
| Endpoint | Quota | Used | Reset | Status |
|---|---|---|---|---|
| /api/ttp/url/get-logs | 100/min | 57 | :42s | MODERATE |
| /api/ttp/impersonation/get-logs | 100/min | 43 | :42s | OK |
| /api/siem/v1/batch/events | 10/min | 3 | :42s | OK |
| /api/message/get-hold-message-list | 50/min | 38 | :42s | MODERATE |
| /api/awareness-training/* | 20/min | 4 | :42s | OK |
| /api/stats/gateway | 60/min | 12 | :42s | OK |