Does this information look incorrect or out-of-date? Please contact us at support@socos.io.
To set up authorisation, follow Scripts or server applications from here:
https://integrations.mimecast.com/documentation/api-overview/authentication-and-authorization/
Effectively this involves two steps:
Create a socos@mydomain.com service user with some level permissions to read data, and some credentials that the SOC.OS platform will use to call the Mimecast API.
The permissions required will be:
Monitoring | URL Protection | Read
Monitoring | Impersonation Protection | Read
Monitoring | Attachment Protection | Read
The above permissions allow read access to the following endpoints:
Set the Authentication Cache TTL setting in the socos@mydomain.com user's authentication profile to "Never Expire."
Once these two steps are complete, 5 values need to be provided to the SOC.OS team:
For the Base URL, refer to this page:
https://community.mimecast.com/s/article/Global-SAML-URLs-and-Audience-Values
Please inform us which URL your API is hosted at (e.g. https://eu-api.mimecast.com, https://us-api.mimecast.com). It will likely be the same as the URL you use to log into the Mimecast portal.
The Application ID, Application Key, Access Key and Secret Key should be available in the Mimecast portal when setting up the socos@mydomain.com service user.
https://community.mimecast.com/s/article/Managing-API-Applications-505230018