Get TTP Impersonation Protect Logs
Get messages containing information flagged by an Impersonation Protection configuration.
Required application permissions: Monitoring | Impersonation Protection | Read.
External Documentation
To learn more, visit the Mimecast V2 documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Search By Actions | Specify actions to search by. |
| Search By Field | Specify the field to be used for filtering the Search Query.Note: If this parameter is provided, Search Query must be specified. |
| Search By Identifiers | Search logs by identifiers. |
| Search Query | Provide a query to search in the logs.Note: If Search By Field is provided, this parameter must be specified. |
| Tagged Malicious | Determines whether to return only messages that are tagged as malicious. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Search By End Date | The end date of logs to return. The default is the execution time. |
| Search By Start Date | The start date of logs to return. The default is the start of the current day. |
| Sort Descending | Determines whether to order results with the most recent first. |
Example Output
{
"data": {
"impersonationLogs": [
{
"action": "string",
"definition": "string",
"eventTime": "yyyy-MM-dd'T'HH:mm:ssZ",
"hits": 0,
"id": "string",
"identifiers": [
"similar_internal_domain",
"newly_observed_domain",
"internal_user_name",
"reply_address_mismatch",
"targeted_threat_dictionary",
"custom_external_domain",
"mimecast_external_domain",
"advanced_similar_internal_domain",
"advanced_custom_external_domain",
"advanced_mimecast_external_domain",
"custom_name_list"
],
"impersonationResults": [
"string"
],
"messageId": "string",
"recipientAddress": "string",
"senderAddress": "string",
"senderIpAddress": "string",
"subject": "string",
"taggedExternal": true,
"taggedMalicious": true
}
],
"resultCount": 0
},
"fail": [
{
"errors": [
{
"code": "string",
"message": "string",
"retryable": true
}
],
"key": {
"actions": [
"hold",
"bounce",
"none"
],
"from": "yyyy-MM-dd'T'HH:mm:ssZ",
"identifiers": [
"similar_internal_domain",
"newly_observed_domain",
"internal_user_name",
"reply_address_mismatch",
"targeted_threat_dictionary",
"custom_external_domain",
"mimecast_external_domain",
"advanced_similar_internal_domain",
"advanced_custom_external_domain",
"advanced_mimecast_external_domain",
"custom_name_list"
],
"oldestFirst": true,
"query": "string",
"searchField": "all",
"taggedMalicious": false,
"to": "yyyy-MM-dd'T'HH:mm:ssZ"
}
}
]
}
Workflow Library Example
Get Ttp Impersonation Protect Logs with Mimecast V2 and Send Results Via Email
Preview this Workflow on desktop