# Has anyone implemented ingesting the Audit logs from Mimecast into Graylog?

Are there any tips you would be willing to share?

We are looking to create a Graylog Alert/Rule from ingested Mimecast Outbound audit logs to detect when a user sends more the 100 emails over a 15 min window of time. this would generally be indicative of a compromised account that is sending spam to other users.

##### Post Metadata
- Posted at: over 6 years ago
- Author title: Director Of Information Security at Messiah University
- Net upvotes: 1


## Comments
### Comment 1

Yes, I have done this before and can consult on the implementation

##### Comment Metadata
- Posted at: about 1 year ago
- Author title: Sabbatical leave 



### Comment 2

Yes, I have a working example. We also sell this as a feature

##### Comment Metadata
- Posted at: almost 4 years ago
- Author title: Senior Principal Consultant



### Comment 3

I have not, I just use the built in alerts and mxtoolbox for mail flow.

##### Comment Metadata
- Posted at: about 6 years ago




## Related Product
[Mimecast Advanced Email Security](https://www.g2.com/products/mimecast-advanced-email-security/reviews)

## Related Category
[Cloud Email Security](https://www.g2.com/categories/cloud-email-security)

## Related discussions
- [How well does Trello scale into a larger team?](https://www.g2.com/discussions/1-how-well-does-trello-scale-into-a-larger-team)
  - Posted at: about 13 years ago
  - Comments: 6
- [Can we please add a new section](https://www.g2.com/discussions/2-can-we-please-add-a-new-section)
  - Posted at: about 13 years ago
  - Comments: 0
- [Quantifiable benefits from implementing your CRM](https://www.g2.com/discussions/quantifiable-benefits-from-implementing-your-crm)
  - Posted at: about 13 years ago
  - Comments: 4


