[INTPLAT-107] [SIEMINT-42] [Release] DDS: Mimecast: Crawler Integrati…

…on v1.0.0 (DataDog#17946)

* Add MImecast integration with assets.

* Adding integration in labeler.yml

* Fix pipeline pipelines suggestions.

* Reduce size of the image.

* minor fix in image name

* corrected resolution of the image.

* Updated Samples

* Updated log results

* Updated Rejection Samples

* Added rejection log sample result

* Added svg file

* minor change.

* Update README and dashboards

* Modified Dashboards with new formate

* Minor discription change

* Dahboard image updated with latest changes

* Dashboard image resizing

* Dashboard description added as per suggestion and added log details in readme

* Re-structured content

* read.me TTP attachment content change

---------

Co-authored-by: Thibault Krebs <[email protected]>
Co-authored-by: surabhipatel_crest <[email protected]>
Co-authored-by: savan.dalasaniya <[email protected]>

mimecast/CHANGELOG.md

@@ -4,4 +4,4 @@
 
 ***Added***:
 
-* Initial Release
+* Initial Release

mimecast/README.md

@@ -1,25 +1,62 @@
-# Agent Check: Mimecast
-
 ## Overview
 
-This check monitors [Mimecast][1].
+[Mimecast][1] is a cloud-based solution designed to protect organizations from a wide range of email-based threats. The product offers a comprehensive set of security features that help to safeguard against advanced threats, such as phishing, malware, spam, and targeted attacks, while also providing data leak prevention and email continuity services.
 
-## Setup
+This integration ingests the following logs:
+
+- Audit : Audit logs allow you to search, review, and export logs regarding account access and configuration changes made by administrators.
+- DLP : Data Loss Prevention (DLP) is a set of practices designed to secure confidential business data as well as detect and head off data loss resulting from breaches and malicious attacks.
+- Rejection : Rejected messages contain a virus signature, or destined to a recipient that doesn't exist. In these instances no email data is accepted by Mimecast, and Rejected messages cannot be retrieved.
+- TTP Attachment : Targeted Threat Protection(TTP) Attachment Protection protects customers from spear phishing attacks that use email attachments.
+- TTP Impersonation : Targeted Threat Protection(TTP) Impersonation Protect helps prevent impersonation attacks by scanning emails in real time for signs of an attack.
+- TTP URL : Targeted Threat Protection(TTP) URL Protection is an email security service that rewrites all inbound email links and scans the destination website in real-time when clicked by the user.
 
-### Installation
+The Mimecast integration seamlessly collects all the above listed logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling effortless search and analysis. The integration provides insight into audit, DLP, malicious attachments in email, email sent by user as an impersonated identity, phishing email links, and many more through the out-of-the-box dashboards.
 
-The Mimecast check is included in the [Datadog Agent][2] package.
-No additional installation is needed on your server.
+## Setup
 
 ### Configuration
 
-1. List of steps to configure this integration
+#### Get Credentials of Mimecast
+
+To find your application's details in Mimecast Email Security:
+
+1. Sign into Mimecast Email Security with your credentials.
+2. Navigate to the **Administration Console**, select **Services**, and then choose the **API and Platform Integrations** section.
+3. Proceed to Your **API 2.0 Applications**.
+4. Search for your application in the list provided.
+5. If the application is absent, it means it hasn't been set up yet, and you'll need to configure it with the following steps:
+   - In **API and Platform Integrations** page, click on **Available Integrations** tab.
+   - Click the **Generate keys** button of Mimecast API 2.0 tile.
+   - Check the **I accept** checkbox, click on **Next**.
+   - In **Application Details** step, fill out the following details according to the instructions:
+     - Application Name: Enter the application name of your choice
+     - Category: Select **SIEM Integration**
+     - Products: Click **Select all** option
+     - Application Role: Select **SIEM Admin Role**
+     - Description: Enter the description of your choice
+   - In **Notifications**, provide the contact details of your technical administrator and click on **Next**
+   - After clicking on **Add and Generate Keys** there will be pop up window showing Client ID and Client Secret. Please copy those keys to a safe place as they won't be displayed again.
+6. If the application is present, click on its name.
+7. Click the **Manage API 2.0 credentials** button and click **Generate**. This generates a new Client ID and Client Secret. Please copy those keys to a safe place as they won't be displayed again.
+
+#### Mimecast DataDog Integration Configuration
+
+Configure the Datadog endpoint to forward Mimecast logs to Datadog.
+
+1. Navigate to `Mimecast`.
+2. Add your Mimecast credentials.
+
+| Mimecast Parameters | Description                                                  |
+| ------------------- | ------------------------------------------------------------ |
+| Client ID           | The Client ID of your registered application on mimecast     |
+| Client Secret       | The Client Secret of your registered application on mimecast |
 
-### Validation
+## Data Collected
 
-Steps to validate integration is functioning as expected
+### Logs
 
-## Data Collected
+The Mimecast integration collects and forwards Mimecast Audit, DLP, Rejection, TTP Attachment and TTP Impersonation, TTP URL logs to Datadog.
 
 ### Metrics
 
@@ -33,10 +70,9 @@ The Mimecast integration does not include any service checks.
 
 The Mimecast integration does not include any events.
 
-## Troubleshooting
+## Support
 
-Need help? Contact [Datadog support][3].
+For further assistance, contact [Datadog Support][2].
 
-[1]: **LINK_TO_INTEGRATION_SITE**
-[2]: https://app.datadoghq.com/account/settings#agent
-[3]: https://docs.datadoghq.com/help/
+[1]: https://www.mimecast.com/
+[2]: https://docs.datadoghq.com/help/