- Add validated mitre_attack frontmatter to all 754 skills (286 distinct
techniques), verified against MITRE ATT&CK v19.1 via the official
mitreattack-python library: 0 revoked, deprecated, or invalid IDs
- Curate precise per-skill technique IDs for forensics, malware-analysis,
threat-intel, and red-team skills (e.g. DCSync -> T1003.006,
Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003)
- Reconcile v19.1 tactic restructuring: Defense Evasion split into
Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.*
family and T1070.001/.002 remapped to active equivalents (T1685.*)
- Normalize word-split tags across 35 skills (remove filename-derived
stopword tags, add semantic cybersecurity tags)
- Add api-reference.md for 3 skills that were missing it
- Update README ATT&CK section with accurate v19.1 tactic distribution
Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect to defend against advanced phishing and spearphishing attacks.
cybersecurity
phishing-defense
mimecast
email-security
targeted-threat-protection
url-protect
impersonation
attachment-sandboxing
phishing
1.0
mahipal
Apache-2.0
PR.AT-01
DE.CM-09
RS.CO-02
DE.AE-02
T1566
T1598
T1534
T1036
Implementing Mimecast Targeted Attack Protection
Overview
Mimecast Targeted Threat Protection (TTP) is a suite of advanced email security services designed to protect against sophisticated phishing, spearphishing, and targeted attacks. TTP consists of four core modules: URL Protect (real-time URL rewriting and click-time analysis), Attachment Protect (sandbox detonation of suspicious attachments), Impersonation Protect (BEC and whaling detection), and Internal Email Protect (scanning internal/outbound email for threats). As of November 2025, Mimecast enabled URL Pre-Delivery Action with Hold setting for all customers by default.
When to Use
When deploying or configuring implementing mimecast targeted attack protection capabilities in your environment
When establishing security controls aligned to compliance requirements
When building or improving security architecture for this domain
When conducting security assessments that require this implementation
Prerequisites
Mimecast Email Security license with TTP add-on
Administrative access to Mimecast Administration Console
Microsoft 365 or Google Workspace environment
MX records configured to route through Mimecast
Understanding of email authentication (SPF, DKIM, DMARC)
Key Concepts
TTP Module Overview
Module
Function
Key Capability
URL Protect
Rewrites and scans URLs at click time
Real-time sandbox, pre-delivery hold
Attachment Protect
Sandboxes suspicious attachments
Static + dynamic analysis
Impersonation Protect
Detects BEC/whaling attacks
VIP name matching, header analysis
Internal Email Protect
Scans internal/outbound email
Lateral phishing detection
Impersonation Protection Scenarios
Hit 3 (Default): Flags emails matching 3+ impersonation indicators
Hit 1 (VIP): Flags emails matching 1+ indicator for designated VIP users