Mimecast
App Vendor: Mimecast
App Category: Email Gateway
Connector Version: 1.1.0
API Version: V1.0.0
About App
Mimecast is a cloud-based email management service for Microsoft Exchange and Microsoft Office 365, including security, archiving, and continuity services to protect business mail.
The Mimecast app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Add Group Member | This action adds members to a group. |
Create Blocked Sender Policy | This action creates a new blocked sender policy object to either block or take no action on messages. |
Create Group | This action creates a new group. |
Create Managed URL | This action creates a new managed URL entry. |
Create Remediation Incident | This action creates a new remediation incident. |
Decode URL | This action decodes the encoded URL |
Find Remediation Incidents | This action finds remediation incidents. |
Generic Action | This action makes generic API calls to the Mimecast API endpoint. |
Get Blocked Sender Policy | This action retrieves the blocked sender policy. |
Get Current Account Details | This action retrieves the details about the configured Mimecast account. |
Get File | This action retrieves an attachment file. |
Get Group Members | This action retrieves the members of a group. |
Get Hold Message List | This action retrieves the information about held messages, including the reason, hold level, sender, and recipients. |
Get Managed URLs | This action retrieves a list of managed URLs in the Mimecast environment. |
Get Message Details | This action retrieves the details about a message. |
Get Message Information | This action retrieves information for a message. |
Get Remediation Incident | This action retrieves the remediation incident. |
Get TTP Attachment Protection Logs | This action retrieves the TTP attachment protection logs from Mimecast. |
Get TTP Impersonation Logs | This action retrieves the TTP impersonation logs from Mimecast. |
Get TTP URL Logs | This action retrieves the TTP URL logs from Mimecast. |
List Blocked Sender Policies | This action lists all existing blocked sender policies. |
Nullify Blocked Sender Policy | This action nullifies the blocked sender policy. |
Permit or Block Sender | This action permits or blocks emails between a specified sender and recipient. |
Remove Group Member | This action removes the member or members from the group. |
Search | This action searches the Mimecast email environment for messages matching the provided criteria. |
Search File Hash | This action searches for the provided file hash or hashes within messages. |
Search Groups | This action search for groups matching the given criteria. |
Update Group | This action updates a group. |
Configuration Parameters
The following configuration parameters are required for the Mimecast app to communicate with the Mimecast enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Application ID | Enter the Mimecast-provided application ID. | Text | Required | |
Application Key | Enter the Mimecast-provided application key. | Password | Required | |
Access Key | Enter the Mimecast-provided access key. | Password | Required | |
Secret Key | Enter the Mimecast-provided secret key. | Password | Required | |
Base URL | Enter the base URL to submit the API requests. | Text | Required | For more on the supported base URLs, see https://integrations.mimecast.com/documentation/api-overview/global-base-urls/. |
Action: Add Group Member
This action adds user email addresses or domains to a profile group. To successfully use this endpoint, you must be a Mimecast administrator with at least the Directories | Groups | Edit permission.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group ID | Enter the Mimecast ID of the group to add to. | Text | Required | |
Email Address | Enter the email address of a user to add to a group. Use either Email Address or Domain. | Text | Optional | |
Domain | A domain to add to a group. Use either Email Address or Domain. | Text | Optional |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.meta.status | Integer | The function level status of the request. Example: 200 |
app_instance.data | Array | Details of the user and group the user is added to. |
app_instance.data.folderID | String | The Mimecast ID of the group that the user/domain was added to. |
app_instance.data.emailAddress | String | The email address of the user that was added to the group. |
app_instance.data.id | String | The Mimecast ID of the user/domain that was added to the group. |
app_instance.data.internal | Boolean | If the user/domain is internal or not. |
Action: Create Blocked Sender Policy
This action creates a blocked sender policy object to either block or take no action on messages.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Policy Description | Enter the description for the policy. | Text | Required | |
From Object Type | Enter the source object type. | Text | Required | Allowed values:
|
To Object Type | Enter the destination object type. | Text | Required | Allowed values:
|
From Address | Enter the sender's address. | Text | Optional | |
To Address | Enter the recipient's address. | Text | Optional | |
From Domain | Enter the sender's domain. | Text | Optional | |
To Domain | Enter the recipient's domain. | Text | Optional | |
From Group | Enter the sender directory or profile group ID. | Text | Optional | |
To Group | Enter the recipient directory or profile group ID. | Text | Optional | |
Sender From Part | Enter the sender's email value to use in policy evaluation. | Text | Optional | Allowed values:
|
From Date | Enter the start date of the policy. | Text | Optional | |
To Date | Enter the end date of the policy. | Text | Optional | |
Apply Policy Bi-directionally | Indicates that the policy should also be applied in the reverse of the email flow | Boolean | Optional | |
From Eternal | Enter true to set the policy start date to eternal. | Boolean | Optional | |
To Eternal | Enter true to set the policy end date to eternal. | Boolean | Optional | |
Override Previous Policies | Choose to override the order in which policies are applied, and apply this policy first. | Boolean | Optional | |
Comment | Enter the comment about the policy. | Text | Optional | |
Conditional Source IPs | Enter source IPs to which the policy should exclusively apply. | Text | Optional | |
Conditional SPF Domains | Enter domains for which SPF records should be checked. | Text | Optional | |
Conditional Hostnames | Enter hostnames to which the policy should exclusively apply. | Text | Optional | |
Policy Action | Enter the action to take on a policy. | Text | Optional | Default value: block_sender Allowed values:
|
Action: Create Group
This action creates new Profile Groups at the root level or as a child group. Groups can be used to apply permissions and policies. To successfully use this endpoint, you must be a Mimecast administrator with at least the Directories | Groups | Edit permission.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group Name | Enter the name of the group to create. | Text | Required | |
Parent Group ID | Enter the Mimecast ID of the new group's parent. | Text | Optional | If the Parent Group ID parameter is not passed, then the new group is created at the root level. |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.meta.status | Integer | The function level status of the request. Example: 200 |
app_instance.data | Array | Details of the user and group the user is added to. |
app_instance.data.folderID | String | The Mimecast ID of the group that the user/domain was added to. |
app_instance.data.emailAddress | String | The email address of the user that was added to the group. |
app_instance.data.id | String | The number of child groups the new group has. |
app_instance.data.internal | Boolean | The Mimecast ID of the parent group. |
app_instance.data.id | String | The Mimecast ID of the new group. |
app_instance.data.parentId | userCount | The number of members of the new group. |
Action: Get Managed URLs
This action returns all entries currently in an accounts Managed URL list. Optional filtering fields can also be used to return a specific URL or set of URLs.
Each account has a maximum URL entry limit.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain or URL | Enter the domain or URL to search. | Text | Optional | |
Exact Match | Enter a domain or URL that acts as an exact match value. | Boolean | Optional | Default value: false Allowed values:
If true, the Domain or URL value acts as an exact match value. If false, any partial matches will be returned. |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.fail | Array | List of failed actions (if any). |
app_instance.meta | Object | Meta details of the request. |
app_instance.data | Array | Contains an array of managed URL entries. |
app_instance.data.id | String | The Mimecast secure ID of the managed URL. |
app_instance.data.scheme | String | The protocol to apply for the managed URL (e.g., HTTP or HTTPS). |
app_instance.data.domain | String | The managed domain of the entry, including the domain for an exact URL entry. |
app_instance.data.port | Integer | The specified port in the managed URL. The default value is -1 if no port was provided. |
app_instance.data.path | String | The resource path of the managed URL. Note: this will be present only when the matchType is explicit. |
app_instance.data.queryString | String | The query string of the managed URL. Note: this will be present only when the matchType is explicit. |
app_instance.data.matchType | String | The type of URL to match against. Possible options are: "explicit" for full URLs, and "domain" for only domains. |
app_instance.data.action | String | Action to take when the URL is clicked. Possible values are block and permit. |
app_instance.data.comment | String | The comment provided when creating the managed URL entry. |
app_instance.data.disableUserAwareness | Boolean | Prevents User Awareness screens from being presented to users for the URL when clicked. |
app_instance.data.disableRewrite | Boolean | Prevents the rewrite of the managed URL. |
app_instance.data.disableLogClick | Boolean | Disables logging of clicks for this managed URL. |
Action: Create Remediation Incident
This action creates a remediation incident.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Reason | Enter a reason for creating a remediation incident. | Text | Required | |
Hash or Message ID | Enter a file hash or message ID value. | Text | Required | |
Incident Start Time | Enter the incident start time in yyyy-mm-ddthh:mm:ss+timezone format. | Text | Optional | Default value: last calendar month |
Incident End Time | Enter the incident date time in yyyy-mm-ddthh:mm:ss+timezone format. | Text | Optional | Default value: current timestamp |
Component to Search | Enter the message component by which to search. If using messageid, "<" and ">" delimiters are required. | Text | Optional | Default values:
|
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.meta.status | Integer | The function level status of the request. Example: 200 |
app_instance.data | Array | Details of the remediation incident |
app_instance.data.reason | String | The reason provided at the creation of the remediation incident. |
app_instance.data.code | String | The incident code generated at creation, to be used as a reference for the remediation incident lookup. |
app_instance.data.SearchCriteria | Object | The search criteria used to identify messages. |
app_instance.data.SearchCriteria.fileHash | String | The file hash used in creation of the remediation incident, if remediation type is 'hash'. |
app_instance.data.SearchCriteria.messageIds | Array of Strings | An array of message IDs used in the creation of the remediation incident, if the remediation type is 'message_ids'. |
app_instance.data.SearchCriteria.url | String | URL used to create the remediation incident, if the remediation type is 'URL'. |
app_instance.data.SearchCriteria.start | Date String | The start date of messages included in ISO 8601 format. |
app_instance.data.SearchCriteria.end | String | The end date of messages included in ISO 8601 format. |
app_instance.data.type | String | Type of incident. Possible values are 'notify_only', 'automatic', 'manual' or 'restored'. |
app_instance.data.remediatedBy | String | Email address of the user who created the remediation incident. |
app_instance.data.create | Date String | Timestamp of the incident creation in ISO 8601 format |
app_instance.data.modified | Date String | Timestamp of the incident's last modification date in ISO 8601 format |
app_instance.data.id | String | The Mimecast secure ID of the remediation incident. |
Action: Decode URL
This action decodes the provided encoded URL. To successfully use this endpoint, you must be a Mimecast administrator with at least the Account | Dashboard | Read permission.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Encoded URL | Enter the Mimecast-encoded URL to decode. Example: https://protect-xx.mimecast.com/ | Text | Required |
Action Response Parameter
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.meta.status | Integer | The function level status of the request. Example: 200 |
app_instance.data | Array | Details of the decoded URL |
app_instance.data.url | String | Original decoded URL |
app_instance.data.url | Boolean | Status of the decode request. Will return true or false. |
Action: Find Remediation Incidents
This action finds remediation incidents between the start and end times. To successfully use this endpoint, you must be a Mimecast administrator with at least the Services | Threat Remediation | Read permission.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Start Date | Enter the start date in yyyy-mm-ddthh:mm:ss+0000 format. | Text | Optional | |
End Date | Enter the end date in yyyy-mm-ddthh:mm:ss+0000 format. | Text | Optional |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.data | Array | Details of the remediation incidents |
app_instance.data.incidents | Array | List of incidents |
app_instance.data.incidents.incident | Object | Details of a specific incident. |
app_instance.data.incidents.incident.code | String | A unique code identifying the incident. |
app_instance.data.incidents.incident.type | String | The incident type. Possible values are notify_only, automatic, manual, or restored. |
app_instance.data.incidents.incident.reason | String | The reason provided when the remediation incident was created. |
app_instance.data.incidents.incident.searchCriteria | Object | Criteria used when the remediation incident was created. |
app_instance.data.incidents.incident.searchCriteria.unremediateCode | String | Code required to perform a message restoration. |
app_instance.data.incidents.incident.searchCriteria.start | Date String | Date of oldest results to return. |
app_instance.data.incidents.incident.searchCriteria.end | Date String | Date of most recent incidents to return. |
app_instance.data.incidents.incident.searchCriteria.fileHash | String | File hash used to create the remediation incident. |
app_instance.data.incidents.incident.searchCriteria.messageId | String | Message ID used to create the remediation incident. |
app_instance.data.incidents.incident.searchCriteria.restoreCode | String | Restore code for the remediation event. |
app_instance.data.incidents.incident.searchCriteria.from | String | Sender address or domain name used to create the remediation incident. |
app_instance.data.incidents.incident.searchCriteria.to | String | The recipient address or domain name used to create the remediation incident. |
app_instance.data.incidents.incident.create | Date String | The timestamp of the incident creation. |
app_instance.data.incidents.incident.modified | Date String | The timestamp of the last modification to the incident. |
app_instance.data.incidents.incident.identified | Integer | The total number of messages identified as part of the remediation incident. |
app_instance.data.incidents.incident.successful | Integer | The number of messages successfully remediated. |
app_instance.data.incidents.incident.failed | Integer | The number of messages that failed to remediate. |
app_instance.data.incidents.incident.restored | Integer | The number of messages restored from the remediation incident. |
app_instance.data.incidents.incident.id | String | The Mimecast secure ID of the remediation incident. |
Action: Generic Action
This action makes generic API calls to the Mimecast API endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to use. | Text | Required | |
Endpoint | Enter the Mimecast endpoint to use. Example: "/api/ttp/remediation/create" | Text | Required | |
Payload json | Enter the payload in JSON format. Example: {"data": [{"reason": "test"}]} | Text | Optional | |
Query Params | Enter the query parameters in JSON format. Example: {"limit": "10"} | Key Value | Optional |
Action: Get Blocked Sender Policy
This action retrieves the blocked sender policy.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Policy ID | Enter the policy ID to retrieve the blocked sender policy. | Text | Required |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.data | Array | Contains a list of policies and their details. |
app_instance.data.policy | Object | Details of a specific policy. |
app_instance.data.policy.fromEternal | Boolean | Indicates if the policy is always applied or if there is a specific start date. |
app_instance.data.policy.toDate | String (Date) | The date until which the policy will apply. |
app_instance.data.policy.fromValue | String | A value defining which senders the policy applies to. |
app_instance.data.policy.from | Object | An object containing type and value fields defining which sender addresses the policy applies. |
app_instance.data.policy.description | String | The description of the policy, kept with the email in the Archive for future reference. |
app_instance.data.policy.bidirectional | Boolean | Indicates if the Policy is also applied in the reverse of the email flow, i.e. where the specified recipient in the Policy becomes the sender, and the specified sender in the Policy becomes the recipient. |
app_instance.data.policy.fromType | String | Indicates which sender addresses the policy applies. Can be any of everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address, free_mail_domains, header_display_name. |
app_instance.data.policy.to | Object | An object containing type and value fields defining which recipient addresses the policy applies to. |
app_instance.data.policy.fromDate | String | The date from which the policy will apply. |
app_instance.data.policy.override | Boolean | If true, this option overrides the order in which the policy is applied and forces it to be applied first if there are multiple applicable policies, unless more specific policies of the same type have been configured with an override as well. |
app_instance.data.policy.toEternal | Boolean | If the policy should always be applied or if there is an end date. |
app_instance.data.policy.conditions | Object | An object with fields describing additional conditions that should affect when the policy is applied. |
app_instance.data.policy.toType | String | Specifies which recipient addresses the policy applies to. Can be any of everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address, free_mail_domains, header_display_name. |
app_instance.data.policy.fromPart | String | Indicates which from-address is used in the policy. Can be any of envelope_from , header_from, both. |
app_instance.data.option | String | The option set for the policy. Will be one of no_action, block_sender. |
app_instance.data.id | String | The Mimecast ID of the policy, used when updating the policy. |
app_instance.fail | Array | An array of error objects describing the error returned from the API, if any. |
Action: Get Current Account Details
This action retrieves the details about the configured Mimecast account.
Action Input Parameters
This action does not require any action input parameter.
Action: Get File
This action retrieves the attachment file.
To successfully use this endpoint to load any file attachment from any archived message, you must be a Mimecast administrator with at least the Archive | Search Content View permission.
To use this endpoint to load file attachments for messages sent or received, no administrator permissions are required.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File ID | Enter the Mimecast ID of the message attachment to return. The value is returned by the /api/archive/get-message-detail endpoint in the attachment object. | Text | Required |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.data | Array | Array will be empty. |
app_instance.fail | Array | An array of error objects describing the error returned from the API, if any. |
Action: Get Group Members
This action retrieves the members of a group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group ID | Enter the group ID to retrieve the members. | Text | Required | |
Return All Results | Enter true to retrieve all the results. | Boolean | Optional | Default value: false Allowed values:
|
Page Size | Enter the number of results to retrieve per page. | Integer | Optional |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.meta.pagination | Object | An object containing paging information. |
app_instance.meta.pagination.pageSize | Integer | The number of results requested. |
app_instance.meta.pagination.next | String | A pageToken value that can be used to request the next page of results. Only returned if there are more results to return. |
app_instance.meta.pagination.previous | String | A pageToken value that can be used to request the previous page of results. Only returned if there is a previous page. |
app_instance.data | Array | Contains an array of group members. |
app_instance.data.groupMembers | Array | An array of group member objects. |
app_instance.data.groupMembers.type | String | The type of user. |
app_instance.data.groupMembers.domain | String | The domain name of the user's email address. |
app_instance.data.groupMembers.internal | Boolean | Indicates if the user is internal or not. |
app_instance.data.groupMembers.emailAddress | String | The user's email address. |
app_instance.data.groupMembers.name | String | The user's display name. |
Action: Get Hold Message List
This action retrieves the information about held messages, including the reason, hold level, sender, and recipients.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Admin | Specify the level of results to return. If false, only results for the currently authenticated user will be returned. If true, held messages for all recipients will be returned. | Boolean | Optional | Default value: false (retrieves results for the authenticated user) |
Start Date | Enter the start date in the yyyy-mm-ddthh :mm:ss+0000 format. Example: 2011-12-03T10:15:30+0000 | Text | Optional | |
End Date | Enter the end date in yyyy-mm-ddthh:mm:ss+0000 format. Example: 2011-12-04T10:15:30+0000 | Text | Optional |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.fail | Array | List of failed actions (if any). |
app_instance.meta | Object | Meta details of the request. |
app_instance.data | Array | Contains an array of message details. |
app_instance.data.id | String | The Mimecast secure ID for a message. |
app_instance.data.reason | String | The summary reason for holding the message. |
app_instance.data.reasonId | String | Mirrors the reason field, formatted without spaces. However, reasonCode should be used instead. |
app_instance.data.reasonCode | String | Reason code for holding the message. |
app_instance.data.from | Object | Contains the envelope sender information. |
app_instance.data.from.displayableName | String | The displayable name of the sender. |
app_instance.data.from.emailAddress | String | The email address of the sender. |
app_instance.data.hasAttachments | Boolean | Indicates whether the message contains attachments. |
app_instance.data.route | String | Direction of the message being held. Possible values are: INBOUND, OUTBOUND, INTERNAL, EXTERNAL. |
app_instance.data.policyInfo | String | Information or definition name triggering the message hold action. |
app_instance.data.fromHeader | Object | Contains the header sender information. |
app_instance.data.fromHeader.displayableName | String | The displayable name of the sender from the message header. |
app_instance.data.fromHeader.emailAddress | String | The email address of the sender from the message header. |
app_instance.data.to | Object | Contains the envelope recipient information. |
app_instance.data.to.displayableName | String | The displayable name of the recipient. |
app_instance.data.to.emailAddress | String | The email address of the recipient. |
app_instance.data.subject | String | The message subject. |
app_instance.data.size | Integer | The size of the message in bytes. |
app_instance.data.dateReceived | String (Date) | The timestamp of the message transmission. |
Action: Get Managed URLs
This action returns all entries currently in an accounts Managed URL list. Optional filtering fields can also be used to return a specific URL or set of URLs.
Each account has a maximum URL entry limit.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain or URL | Enter the domain or URL to search. | Text | Optional | |
Exact Match | Enter a domain or URL that acts as an exact match value. | Boolean | Optional | Default value: false Allowed values:
If true, the Domain or URL value acts as an exact match value. If false, any partial matches will be returned. |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.fail | Array | List of failed actions (if any). |
app_instance.meta | Object | Meta details of the request. |
app_instance.data | Array | Contains an array of managed URL entries. |
app_instance.data.id | String | The Mimecast secure ID of the managed URL. |
app_instance.data.scheme | String | The protocol to apply for the managed URL (e.g., HTTP or HTTPS). |
app_instance.data.domain | String | The managed domain of the entry, including the domain for an exact URL entry. |
app_instance.data.port | Integer | The specified port in the managed URL. The default value is -1 if no port was provided. |
app_instance.data.path | String | The resource path of the managed URL. Note: this will be present only when the matchType is explicit. |
app_instance.data.queryString | String | The query string of the managed URL. Note: this will be present only when the matchType is explicit. |
app_instance.data.matchType | String | The type of URL to match against. Possible options are: "explicit" for full URLs, and "domain" for only domains. |
app_instance.data.action | String | Action to take when the URL is clicked. Possible values are block and permit. |
app_instance.data.comment | String | The comment provided when creating the managed URL entry. |
app_instance.data.disableUserAwareness | Boolean | Prevents User Awareness screens from being presented to users for the URL when clicked. |
app_instance.data.disableRewrite | Boolean | Prevents the rewrite of the managed URL. |
app_instance.data.disableLogClick | Boolean | Disables logging of clicks for this managed URL. |
Action: Get Message Details
This action retrieves the details of a message.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Message ID | Enter the ID of a message to retrieve its details. | Text | Required |
Action: Get Message Information
This action retrieves the information of a message.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Message ID | Enter the Mimecast ID of a message to retrieve details. | Text | Required |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | Indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.fail | Array | List of failed actions (if any) |
app_instance.data | Array | Contains an array of message details. |
app_instance.data.status | String | The message status. |
app_instance.data.retentionInfo | Object | An object describing the retention information applied to the message. |
app_instance.data.recipientInfo | Object | An object describing the recipient information applied to the message. |
app_instance.data.deliveredMessage | Object | If rewriting of this URL in emails is disabled. |
app_instance.data.spamInfo | Object | An object describing the spam scoring information of the message. |
app_instance.data.id | String | The Mimecast ID of the message. |
app_instance.data.retentionInfo.currentPurgeDate | String (Date) | The date that the message is scheduled to be purged from Mimecast. |
app_instance.data.retentionInfo.originalPurgeDate | String (Date) | The message's original purge date. |
app_instance.data.retentionInfo.retentionAdjustmentDays | Integer | The number of days that a retention adjustment has been applied to the message. |
app_instance.data.retentionInfo.fbrExpireCheck | Array | An array of date strings describing when Granular Retention policies were checked, if applicable. |
app_instance.data.retentionInfo.fbrStamps | Array | An array of objects describing the email address, folder, recipient visibility, expiry, purge, and policy fields applied to the message as a result of a Granular retention policy action, if applicable. |
app_instance.data.retentionInfo.audits | Array | An array of objects describing the date, type, and information about any audits carried out on the message. |
app_instance.data.retentionInfo.litigationHoldInfo | Array | An array containing objects describing the expiry, description, and Mimecast ID of any litigation hold policies applied to the message. |
app_instance.data.retentionInfo.smartTags | Array | An array of smart tag objects that the message is assigned to. |
app_instance.data.retentionInfo.purgeBasedOn | String | Describes what the message purge date is based on. |
app_instance.data.recipientInfo.messageInfo | Object | An object describing recipient message information. |
app_instance.data.recipientInfo.recipientMetaInfo | Object | An object describing the message meta-data. |
app_instance.data.deliveredMessage[user@domain.com].messageInfo | Object | An object describing recipient message information. |
app_instance.data.deliveredMessage[user@domain.com].policyInfo | Array | An array of policy objects indicating the policies applied to the delivered message. |
app_instance.data.deliveredMessage[user@domain.com].deliveryMetaInfo | Object | An object describing the message meta-data for delivered messages. |
app_instance.data.spamInfo.spamScore | Integer | The spam score of the received message. |
app_instance.data.spamInfo.detectionLevel | String | The spam scanning level applied to the message. |
app_instance.data.spamInfo.spamProcessingDetail | Object | An object containing detailed spam scanning information. |
app_instance.data.spamInfo.spamProcessingDetail.greyEmail | Boolean | Identifies if the message was found to be greymail or bulk. |
app_instance.data.spamInfo.spamProcessingDetail.rbl | Object | An object containing information about RBL results of the message. |
app_instance.data.spamInfo.spamProcessingDetail.spf | Object | An object containing information about SPF results of the message. |
app_instance.data.spamInfo.spamProcessingDetail.dkim | Object | An object containing information about DKIM results of the message. |
app_instance.data.spamInfo.spamProcessingDetail.dmarc | Object | An object containing information about DMARC results of the message. |
app_instance.data.spamInfo.spamProcessingDetail.permittedSender | Object | An object to determine if the from address matched a Permitted Sender entry. |
app_instance.data.spamInfo.spamProcessingDetail.managedSender | Object | An object to determine if the from address matched a Managed Sender entry. |
app_instance.data.spamInfo.spamProcessingDetail.verdict | Object | An object containing category and risk info for the spam verdict. |
Action: Get Remediation Incident
This action retrieves a remediation incident.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the ID of a remediation incident. | Text | Required |
Action Response Parameters
Parameter | Type | Response |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.data | Array | Contains an array of remediation incident details. |
app_instance.data.code | String | Incident code, used as a reference for a remediation incident. |
app_instance.data.successful | Integer | The number of messages successfully remediated as part of the incident. |
app_instance.data.identified | Integer | Number of messages identified by the search criteria. |
app_instance.data.reason | String | The reason provided when an incident was created. |
app_instance.data.id | String | The Mimecast ID of the remediation incident, provided when the incident was created. |
app_instance.data.create | Date String | Date that the remediation incident was created. |
app_instance.data.modified | Date String | Date that the remediation incident was last updated. |
app_instance.data.searchCriteria | Object | Conditions used to build a remediation incident. Includes messageId, file-hash, from or to addresses. |
app_instance.data.failed | Integer | The number of messages that failed to remediate as part of the incident. |
app_instance.data.type | String | The type of incident action taken. Can be one of: notify_only, automatic, manual, or restored. |
app_instance.data.restored | Integer | The number of messages restored as part of the incident. |
app_instance.data.searchCriteria | Object | SErach criteria details |
app_instance.data.searchCriteria.unremediateCode | String | Code used to restore messages that were previously removed by a remediation incident. |
app_instance.data.searchCriteria.start | Date String | The start date from the remediation incident creation. |
app_instance.data.searchCriteria.fileHash | String | The file hash provided during the remediation incident creation. |
app_instance.data.searchCriteria.messageId | String | The message ID provided during the remediation incident creation. |
app_instance.data.searchCriteria.restoreCode | String | The code provided to restore a message. |
app_instance.data.searchCriteria.from | String | The sender address provided at the remediation incident creation. |
app_instance.data.searchCriteria.end | Date String | The end date from the remediation incident creation. |
app_instance.data.searchCriteria.to | String | The recipient address provided at the remediation incident creation. |
Action: Get TTP Attachment Protection Logs
This action gets the TTP attachment protection logs from Mimecast.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Return all results | Choose whether to recursively call the API endpoint to return all available logs. | Boolean | Optional | Default: false |
Page size | Enter the number of results per page. | Integer | Optional | |
Return oldest logs first | Enter the order results starting with the oldest. | Boolean | Optional | Default: false |
From date | Start date of logs in the format yyyy-mm-ddthh:mm:ss+timezone. | Text | Optional | Default: start of the current day |
To date | End date of logs in the format yyyy-mm-ddthh:mm:ss+timezone. | Text | Optional | Default: time of the request |
Email route | Enter the route with which to filter logs. | Text | Optional | Allowed values: inbound, outbound, internal, all. Default: all |
Scan result | Scan results with which to filter logs. | Text | Optional | Allowed values: safe, malicious, timeout, error, unsafe, all. Default: all |
Action Response Parameters
Parameter | Type | Response |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.data | Array | Contains an array of attachment log events. |
app_instance.data.attachmentLogs | Array | An array of objects describing the log event for each attachment. |
app_instance.data.attachmentLogs.result | String | The result of the attachment analysis: clean, malicious, unknown, or timeout. |
app_instance.data.attachmentLogs.date | Date String | The time at which the attachment was released from the sandbox. |
app_instance.data.attachmentLogs.senderAddress | String | The sender of the attachment. |
app_instance.data.attachmentLogs.fileName | String | The file name of the original attachment. |
app_instance.data.attachmentLogs.actionTriggered | String | The action triggered for the attachment. |
app_instance.data.attachmentLogs.route | String | The route of the original email containing the attachment: inbound, outbound, internal, or external. |
app_instance.data.attachmentLogs.details | String | Detailed output of the attachment sandbox processing. |
app_instance.data.attachmentLogs.recipientAddress | String | The address of the user that received the attachment. |
app_instance.data.attachmentLogs.fileType | String | The address of the user that received the attachment. |
app_instance.data.attachmentLogs.fileType | String | The file type of the attachment. |
app_instance.data.attachmentLogs.fileHash | String | The SHA256 hash value of the file. |
Action: Get TTP Impersonation Logs
This action retrieves the TTP impersonation logs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Return All Results | Enter true to return all results. | Boolean | Optional | Default value: false |
Page Size | Enter the number of results to retrieve per page. | Integer | Optional | |
Return Oldest Logs First | Enter true to order results starting with the oldest. | Boolean | Optional | Default value: false |
From Date | Enter the start date in yyyy-mm-ddthh:mm:ss+timezone format. | Text | Optional | Default value: start of current day |
To Date | Enter the end date in yyyy-mm-ddthh:mm:ss+timezone format. | Text | Optional | Default value: start of current day |
Email Route | Enter the email route to filter results. | Text | Optional | Default value: all Allowed values:
|
Scan Result | Enter the scan result to filter results. | Text | Optional | Default value: all Allowed values:
|
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.data | Array | Contains an array of impersonation log events. |
app_instance.data.impersonationLogs | Object | An object describing the log event for impersonation. |
app_instance.data.impersonationLogs.hits | Integer | The number of identifiers that the message triggered. |
app_instance.data.impersonationLogs.taggedMalicious | Boolean | Whether the message was tagged as malicious. |
app_instance.data.impersonationLogs.senderIpAddress | String | The source IP address of the message. |
app_instance.data.impersonationLogs.senderAddress | String | The email address of the sender of the message. |
app_instance.data.impersonationLogs.Subject | String | The subject of the email. |
app_instance.data.impersonationLogs.identifiers | String | The properties of the message that triggered the action: similar_internal_domain, newly_observed_domain, internal_user_name, reply_address_mismatch, and/or targeted_threat_dictionary. |
app_instance.data.impersonationLogs.eventTime | Date String | The time at which the log was recorded. |
app_instance.data.impersonationLogs.action | String | The action triggered by the email. |
app_instance.data.impersonationLogs.definition | String | The name of the policy definition that triggered the log. |
app_instance.data.impersonationLogs.id | String | A token that can be used to retrieve this log again. |
app_instance.data.impersonationLogs.recipientAddress | String | The email address of the recipient of the email. |
app_instance.data.impersonationLogs.taggedExternal | Boolean | Whether the message was tagged as coming from an external address. |
app_instance.data.impersonationLogs.impersonationResults | Array | An array of objects containing details about the message's impersonation triggers. |
app_instance.data.impersonationLogs.messageId | String | The message-id of the identified message. |
app_instance.data.impersonationLogs.impersonationResults | Object | An array of objects containing details about the message's impersonation triggers. |
app_instance.data.impersonationLogs.impersonationResults.impersonationDomainSource | String | The trigged impersionation type. Response will be one of: similar_internal_domain, newly_observed_domain, internal_user_name, reply_address_mismatch, targeted_threat_dictionary, custom_external_domain, mimecast_external_domain, advanced_similar_internal_domain, advanced_custom_external_domain, advanced_mimecast_external_domain, custom_name_list. |
app_instance.data.impersonationLogs.impersonationResults.stringSimilarToDomain | String | The string that is suspiciously similar to a known value within the Mimecast configuration. Multiple triggers will be comma-separated. |
app_instance.data.impersonationLogs.impersonationResults.similarDomain | String | The known value within the Mimecast configuration that was matched against. Multiple triggers will be comma-separated. |
app_instance.fail | Array | An array of error objects describing the error returned from the API. |
Action: Get TTP URL Logs
This action gets the TTP URL logs from Mimecast.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Return all results | Choose whether to recursively call the API endpoint to return all available logs. | Boolean | Optional | Default: false |
Page size | Enter the number of results per page. | Integer | Optional | |
Return oldest logs first | Enter the order results starting with the oldest. | Boolean | Optional | Default: false |
From date | Enter the start date of logs in the format yyyy-mm-ddthh:mm:ss+timezone. | Text | Optional | Default: start of current day |
To date | End date of the logs in the format yyyy-mm-ddthh:mm:ss+timezone. | Text | Optional | Default: time of the request |
Email route | Enter the route with which to filter logs. | Text | Optional | Allowed values:
Default: all |
Scan result | Enter the scan result with which to filter logs. | Text | Optional | Allowed values:
Default: all |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.data | Array | Contains an array of click log events. |
app_instance.data.clickLogs | Object | An object describing the log event for clicks. |
app_instance.data.clickLogs.category | String | The category of the URL clicked. |
app_instance.data.clickLogs.userEmailAddress | String | The email address of the user who clicked the link. |
app_instance.data.clickLogs.url | String | The URL clicked. |
app_instance.data.clickLogs.userAwarenessAction | String | The action taken by the user if user awareness was applied. |
app_instance.data.clickLogs.route | String | The route of the email that contained the link. |
app_instance.data.clickLogs.adminOverride | String | The action defined by the administrator for the URL. |
app_instance.data.clickLogs.date | String | The date that the URL was clicked. |
app_instance.data.clickLogs.scanResult | String | The result of the URL scan. |
app_instance.data.clickLogs.action | String | The action that was taken for the click. |
app_instance.data.clickLogs.ttpDefinition | String | The description of the definition that triggered the URL to be rewritten by Mimecast. |
app_instance.data.clickLogs.userOverride | String | The action requested by the user. |
app_instance.data.clickLogs.emailPartsDescription | Array of Strings | An array of components of the message where the URL was found. |
app_instance.fail | Array | List of failed actions (if any). |
Action: List Blocked Sender Policies
This action provides a list of all the existing blocked sender policies.
Action Input Parameters
This action does not require any input parameter.
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.data | Array | Contains a list of policies and their details. |
app_instance.data.policy | Object | Details of a specific policy. |
app_instance.data.policy.fromEternal | Boolean | Indicates if the policy is always applied or if there is a specific start date. |
app_instance.data.policy.toDate | String (Date) | The date until which the policy will apply. |
app_instance.data.policy.fromValue | String | A value defining which senders the policy applies to. |
app_instance.data.policy.from | Object | An object containing type and value fields defining which sender addresses the policy applies. |
app_instance.data.policy.description | String | The description of the policy, kept with the email in the Archive for future reference. |
app_instance.data.policy.bidirectional | Boolean | Indicates if the Policy is also applied in the reverse of the email flow, i.e. where the specified recipient in the Policy becomes the sender, and the specified sender in the Policy becomes the recipient. |
app_instance.data.policy.fromType | String | Indicates which sender addresses the policy applies. Can be any of everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address, free_mail_domains, header_display_name. |
app_instance.data.policy.to | Object | An object containing type and value fields defining which recipient addresses the policy applies to. |
app_instance.data.policy.fromDate | String | The date from which the policy will apply. |
app_instance.data.policy.override | Boolean | If true, this option overrides the order in which the policy is applied and forces it to be applied first if there are multiple applicable policies, unless more specific policies of the same type have been configured with an override as well. |
app_instance.data.policy.toEternal | Boolean | If the policy should always be applied or if there is an end date. |
app_instance.data.policy.conditions | Object | An object with fields describing additional conditions that should affect when the policy is applied. |
app_instance.data.policy.toType | String | Specifies which recipient addresses the policy applies to. Can be any of everyone, internal_addresses, external_addresses, email_domain, profile_group, address_attribute_value, individual_email_address, free_mail_domains, header_display_name. |
app_instance.data.policy.fromPart | String | Indicates which from-address is used in the policy. Can be any of envelope_from , header_from, both. |
app_instance.data.option | String | The option set for the policy. Will be one of no_action, block_sender. |
app_instance.data.id | String | The Mimecast ID of the policy, used when updating the policy. |
app_instance.fail | Array | An array of error objects describing the error returned from the API, if any. |
Action: Nullify Blocked Sender Policy
This action nullifies the blocked sender policy with the given ID. This is done by creating a new policy with the same items and the action "no_action", and setting it to override.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Policy ID | Enter the ID of the policy to nullify. | Text | Required |
Action: Permit or Block Sender
This action permits or blocks emails between a specified sender and a recipient. To successfully use this endpoint, you must be a Mimecast administrator with at least the Gateway | Managed Senders | Edit permission.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sender | Enter the email address of the sender to permit or block. | Text | Required | |
Recipient | Enter the email address of the recipient to permit or block. | Text | Required | |
Action | Choose to either "permit" (to bypass spam checks) or "block" (to reject the email). | Text | Required | Allowed values are permit and block. |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.meta.status | Integer | The function level status of the request. |
app_instance.data | Array | Details of the permit or block action. |
app_instance.data.to | String | The email address of the internal recipient. |
app_instance.data.type | String | The Managed Sender type: "Permit" (to bypass spam checks) or "Block" (to reject the email). |
app_instance.data.id | String | The Mimecast secure ID of the managed sender object. |
app_instance.data.sender | String | The email address of the external sender. |
Action: Remove Group Member
This action removes a member or a list of members with the provided information from the group with the provided ID. Either email address or the domain must be provided.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group ID | Enter the ID of the group to remove members from. | Text | Required | |
Email address | Enter the email address of the member to remove. | Text | Optional | |
Domain | Enter the domain of users to remove. | Text | Optional |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.data | Array | Meta details of the request |
app_instance.data.folderId | String | The Mimecast ID of the group that the user/domain was removed from. |
app_instance.data.emailAddress | String | The email address of the user that was removed from the group. |
app_instance.data.id | String | The Mimecast ID of the user/domain that was removed from the group. |
app_instance.data.internal | Boolean | If the user/domain is internal or not. |
Action: Search
This action searches the Mimecast email environment for messages matching the provided criteria. Either from, to, subject, sender IP, or message ID must be provided.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Search reason | Enter the string describing the reason for the search, used for tracking purposes. | Text | Optional | |
Start date | Enter the date to receive the messages in the format "yyyy-mm-ddthh:mm:ss+0000". | Text | Optional | |
End date | Enter the date string in the format "yyyy-mm-ddthh:mm:ss+0000", of the latest message. | Text | Optional | |
Message ID | Enter the internet message ID to search. | Text | Optional | |
Route | Enter a comma-separated list of route values to search. | Text | Optional | Allowed values:
|
From | Enter the email address of the sender to search. | Text | Optional | |
To | Enter the email address of the recipient to search. | Text | Optional | |
Subject | Enter the email subject of messages to track. | Text | Optional | |
Sender IP | Enter the source IP of messages to track. | Text | Optional |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.data | Array | Contains an array of tracked email objects. |
app_instance.data.trackedEmails | Array | An array of tracked email objects. |
app_instance.data.trackedEmails.status | String | The status of the message. |
app_instance.data.trackedEmails.received | Date String | The date and time the message was received by Mimecast. |
app_instance.data.trackedEmails.attachments | Boolean | If the message has attachments. |
app_instance.data.trackedEmails.route | String | The route of the message. |
app_instance.data.trackedEmails.fromEnv | Object | An object describing the envelope from address of the message. |
app_instance.data.trackedEmails.fromHdr | Object | An object describing the header from address of the message. |
app_instance.data.trackedEmails.to | Array | An array of recipient details such as name and email address. |
app_instance.data.trackedEmails.senderIP | String | The source IP address of the message. |
app_instance.data.trackedEmails.id | String | The Mimecast ID of the message. Used to load more information about the message. |
app_instance.data.trackedEmails.sent | String | The date and time that the message was sent / processed by Mimecast. |
app_instance.data.trackedEmails.subject | String | The subject of the message. |
Action: Search File Hash
This action identifies if an account has seen a specific file hash within messages over the last year. A maximum of 100 hashes can be submitted in a single call, however, it is recommended to submit no more than 20 hashes per API call to stay under the 2048-byte size limit.
Currently, this endpoint does not support image file hashes.
To successfully use this endpoint, you must be a Mimecast administrator with at least the Services | Threat Remediation | Read permission.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hashes | List the file hashes to determine if they have been seen within an account. | Text | Required |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.meta | Object | Meta details of the request. |
app_instance.meta.status | Integer | The function level status of the request. |
app_instance.data | Array | Details of the file hash. |
app_instance.data.failedHashes | Array | List of hashes that failed verification. |
app_instance.data.hashStatus | Array | List of hashes that were detected within the account |
app_instance.data.hashStatus.detected | Boolean | Indicates the presence of hash within account |
app_instance.data.hashStatus.hash | String | The file hash value. |
Action: Search Groups
This action performs a search in Mimecast for groups matching the given criteria.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Return all results | Choose whether to recursively call the API endpoint to return all available logs. | Boolean | Optional | Default: false |
Page size | Enter the number of results per page. | Integer | Optional | |
Query string | Enter the string to query for. | Text | Optional | |
Group source | Enter the group source to filter on. | Text | Optional | Allowed values:
|
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.data | Array | Contains an array of objects representing folders/groups. |
app_instance.data.folders | Array | An array of folder/group objects. |
app_instance.data.folders.description | String | The name of the group. |
app_instance.data.folders.source | String | The source of the group. |
app_instance.data.folders.folderCount | Integer | The number of child groups the group has. |
app_instance.data.folders.parentId | String | The Mimecast ID of the group's parent. |
app_instance.data.folders.id | String | The Mimecast ID of the group. |
app_instance.data.folders.userCount | Integer | The number of members of the group. |
app_instance.data.source | String | The source that was defined in the request. |
app_instance.data.query | String | The query that was defined in the request. |
Action: Update Group
This action updates a group with the provided information.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group ID | Enter the ID of the group to update. | Text | Required | |
New group name | Enter the updated name of the group | Text | Optional | |
New parent group ID | Enter the updated parent group ID of the group. | Text | Optional |
Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.data | Array | Contains an array of objects representing folders/groups. |
app_instance.data.folders | Array | An array of folder/group objects. |
app_instance.data.folders.description | String | The name of the group. |
app_instance.data.folders.source | String | The source of the group. |
app_instance.data.folders.folderCount | String | The number of child groups the group has. |
app_instance.data.folders.parentId | String | The Mimecast ID of the group's parent. |
app_instance.data.folders.id | String | The Mimecast ID of the group. |