elastic
diff --git a/‎packages/mimecast/_dev/build/docs/README.md‎
Lines changed: 11 additions & 0 deletions b/‎packages/mimecast/_dev/build/docs/README.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎packages/mimecast/_dev/deploy/docker/files/config.yml‎
Lines changed: 136 additions & 0 deletions b/‎packages/mimecast/_dev/deploy/docker/files/config.yml‎
Lines changed: 136 additions & 0 deletions
diff --git a/‎packages/mimecast/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/mimecast/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/mimecast/data_stream/message_release_logs/_dev/test/pipeline/test-common-config.yml‎
Lines changed: 3 additions & 0 deletions b/‎packages/mimecast/data_stream/message_release_logs/_dev/test/pipeline/test-common-config.yml‎
Lines changed: 3 additions & 0 deletions
@@ -48,6 +48,17 @@ https://integrations.mimecast.com/documentation/endpoint-reference/logs-and-stat
 
 {{fields "dlp_logs"}}
 
+### Message Release Logs
+
+This is the `mimecast.message_release_logs` dataset. These logs contain information about
+messages that were either released to the recipient, with details about the user that
+processed the release. More information about [these logs](
+https://integrations.mimecast.com/documentation/endpoint-reference/logs-and-statistics/get-message-release-logs/). 
+
+{{event "message_release_logs"}}
+
+{{fields "message_release_logs"}}
+
 ### SIEM Logs
 
 This is the `mimecast.siem_logs` dataset. These logs contain information about
 
@@ -230,3 +230,139 @@ rules:
             - "application/json"
         body: |-
           {"meta":{"status":200,"pagination":{"pageSize":10,"totalCount":20,"next": "nextToken"}},"data":[{"clickLogs":[{"userEmailAddress":"johndoe@example.com","fromUserEmailAddress":"googlealerts-noreply@google.com","url":"https://www.google.com/alerts/feeds/00259755281018227146/14369994449842858162","ttpDefinition":"Inbound URL 'Aggressive'","subject":"Google Alert - dollar","action":"allow","adminOverride":"N/A","userOverride":"None","scanResult":"clean","category":"Search Engines & Portals","sendingIp":"8.8.8.8","userAwarenessAction":"N/A","date":"2021-11-10T08:55:53+0000","actions":"Allow","route":"inbound","creationMethod":"User Click","emailPartsDescription":["Body"],"messageId":"<11-0000000000004109b705d06b609c@google.com>"},{"userEmailAddress":"johndoe@example.com","fromUserEmailAddress":"googlealerts-noreply@google.com","url":"https://www.google.co.za/alerts?source=alertsmail&hl=en&gl=US&msgid=MTgzMTU0Mzc2MTA3OTY3MzIxNw&s=AB2Xq4g-GUg7dJreWJN14pFdqYo0nYsyiVX2dK8&ffu=","ttpDefinition":"Inbound URL 'Aggressive'","subject":"Google Alert - china","action":"allow","adminOverride":"N/A","userOverride":"None","scanResult":"clean","category":"Search Engines & Portals","sendingIp":"8.8.8.8","userAwarenessAction":"Continue","date":"2021-11-10T08:50:37+0000","actions":"Allow","route":"inbound","creationMethod":"User Click","emailPartsDescription":["Body"],"messageId":"<12-00000000000079a99a05d06b4d20@google.com>"},{"userEmailAddress":"johndoe@example.com","fromUserEmailAddress":"googlealerts-noreply@google.com","url":"https://www.google.com/url?rct=j&sa=t&url=https://texassports.com/news/2021/11/10/no-5-5-mens-basketball-tops-houston-baptist-in-season-opener-92-48.aspx&ct=ga&cd=CAEYACoUMTEzMjI3MjkwNzM0OTE1Nzg0NDMyHGMzNzg3MjBmODY3MWM2MGY6Y29tOmVuOlVTOkw&usg=AFQjCNG4_460IiZmbwJkDzkFkQC5-htSxw","ttpDefinition":"Inbound URL 'Aggressive'","subject":"Google Alert - news","action":"allow","adminOverride":"N/A","userOverride":"None","scanResult":"clean","category":"Search Engines & Portals","sendingIp":"8.8.8.8","userAwarenessAction":"Continue","date":"2021-11-10T08:28:18+0000","actions":"Allow","route":"inbound","creationMethod":"User Click","emailPartsDescription":["Body"],"messageId":"<13-0000000000005fa4e905d06afd8f@google.com>"},{"userEmailAddress":"johndoe@example.com","fromUserEmailAddress":"googlealerts-noreply@google.com","url":"https://www.google.co.za/alerts/feedback?ffu=https://www.ft.com/content/4d61fac4-e3f3-401b-bca2-6e94ff47e2cc&source=alertsmail&hl=en&gl=US&msgid=MTM1OTYyMDAwNTE0MzU3NjA0NjI&s=AB2Xq4g-GUg7dJreWJN14pFdqYo0nYsyiVX2dK8","ttpDefinition":"Inbound URL 'Aggressive'","subject":"Google Alert - china","action":"allow","adminOverride":"N/A","userOverride":"None","scanResult":"clean","category":"Search Engines & Portals","sendingIp":"8.8.8.8","userAwarenessAction":"Continue","date":"2021-11-10T07:50:16+0000","actions":"Allow","route":"inbound","creationMethod":"User Click","emailPartsDescription":["Body"],"messageId":"<14-000000000000eb13ab05d06a76fc@google.com>"},{"userEmailAddress":"johndoe@example.com","fromUserEmailAddress":"googlealerts-noreply@google.com","url":"https://www.google.com/alerts/feedback?ffu=https://www.fox7austin.com/news/search-for-suspect-involved-in-aggravated-robbery-at-family-dollar&source=alertsmail&hl=en&gl=US&msgid=ODM0MDY5Nzg2NzI3NDkxMjUwNg&s=AB2Xq4i7OaFz4ss3vFU-wNb0DTELEKxhyDdFl54","ttpDefinition":"Inbound URL 'Aggressive'","subject":"Google Alert - dollar","action":"allow","adminOverride":"N/A","userOverride":"None","scanResult":"clean","category":"Search Engines & Portals","sendingIp":"8.8.8.8","userAwarenessAction":"Continue","date":"2021-11-10T06:55:34+0000","actions":"Allow","route":"inbound","creationMethod":"User Click","emailPartsDescription":["Body"],"messageId":"<15-0000000000001ddf7205d069b36e@google.com>"},{"userEmailAddress":"johndoe@example.com","fromUserEmailAddress":"googlealerts-noreply@google.com","url":"https://www.google.co.za/alerts?source=alertsmail&hl=en&gl=US&msgid=NDgxNzM4MzYwOTM2NzY1MDg2Ng","ttpDefinition":"Inbound URL 'Aggressive'","subject":"Google Alert - china","action":"allow","adminOverride":"N/A","userOverride":"None","scanResult":"clean","category":"Search Engines & Portals","sendingIp":"8.8.8.8","userAwarenessAction":"Continue","date":"2021-11-10T06:50:16+0000","actions":"Allow","route":"inbound","creationMethod":"User Click","emailPartsDescription":["Body"],"messageId":"<16-000000000000567c2105d069a0ce@google.com>"},{"userEmailAddress":"johndoe@example.com","fromUserEmailAddress":"googlealerts-noreply@google.com","url":"https://www.google.com/alerts/share?hl=en&gl=US&ru=https://www.ctvnews.ca/world/judge-denies-trump-s-overnight-request-for-injunction-in-executive-privilege-case-1.5658613&ss=tw&rt=Judge+denies+Trump%27s+overnight+request+for+injunction+in+executive+privilege+case+%7C+CTV+News&cd=KhM2MTQ1MDcxODY2MDQ5NTY2MDk2Mhw1MzNlMDE2OWZhYWUyMDBkOmNvbTplbjpVUzpM&ssp=AMJHsmXlnSoHb_ZABC-riiVXrxFyWhlMpQ","ttpDefinition":"Inbound URL 'Aggressive'","subject":"Google Alert - Trump","action":"allow","adminOverride":"N/A","userOverride":"None","scanResult":"clean","category":"Search Engines & Portals","sendingIp":"8.8.8.8","userAwarenessAction":"Continue","date":"2021-11-10T05:11:56+0000","actions":"Allow","route":"inbound","creationMethod":"User Click","emailPartsDescription":["Body"],"messageId":"<17-000000000000e78cfa05d0683fab@google.com>"},{"userEmailAddress":"johndoe@example.com","fromUserEmailAddress":"googlealerts-noreply@google.com","url":"https://www.google.com/alerts?s=AB2Xq4i7OaFz4ss3vFU-wNb0DTELEKxhyDdFl54&start=1636516479&end=1636520078&source=alertsmail&hl=en&gl=US&msgid=MTMyNTI1OTY4MzI3OTI0NDc4MTU#history","ttpDefinition":"Inbound URL 'Aggressive'","subject":"Google Alert - dollar","action":"allow","adminOverride":"N/A","userOverride":"None","scanResult":"clean","category":"Search Engines & Portals","sendingIp":"8.8.8.8","userAwarenessAction":"Continue","date":"2021-11-10T04:55:34+0000","actions":"Allow","route":"inbound","creationMethod":"User Click","emailPartsDescription":["Body"],"messageId":"<18-000000000000f2696405d0680583@google.com>"},{"userEmailAddress":"johndoe@example.com","fromUserEmailAddress":"googlealerts-noreply@google.com","url":"https://www.gstati","ttpDefinition":"Inbound URL 'Aggressive'","subject":"Google Alert - dollar","action":"allow","adminOverride":"N/A","userOverride":"None","scanResult":"clean","category":"Unknown","sendingIp":"8.8.8.8","userAwarenessAction":"N/A","date":"2021-11-10T03:55:09+0000","actions":"Browser Isolation","route":"inbound","creationMethod":"User Click","emailPartsDescription":["Body"],"messageId":"<19-00000000000065020205d0672f01@google.com>"},{"userEmailAddress":"johndoe@example.com","fromUserEmailAddress":"googlealerts-noreply@google.com","url":"https://www.google.co.za/alerts/share?hl=en&gl=US&ru=https://www.wsj.com/articles/u-s-tests-israels-iron-dome-in-guam-as-defense-against-chinese-cruise-missiles-11636455224&ss=tw&rt=U.S.+Tests+Israel%27s+Iron+Dome+in+Guam+as+Defense+Against+Chinese+Cruise+Missiles+-+WSJ&cd=KhQxNzg2NTc5NDQ3ODIzODUyNjI5NzIcZmQ4N2VjYzkxMGIxMWE4Yzpjby56YTplbjpVUw&ssp=AMJHsmW3CCK1S4TNPifSXszcyaNMwd6TDg","ttpDefinition":"Inbound URL 'Aggressive'","subject":"Google Alert - china","action":"allow","adminOverride":"N/A","userOverride":"None","scanResult":"clean","category":"Search Engines & Portals","sendingIp":"8.8.8.8","userAwarenessAction":"Continue","date":"2021-11-10T03:49:53+0000","actions":"Allow","route":"inbound","creationMethod":"User Click","emailPartsDescription":["Body"],"messageId":"<20-000000000000a02a0a05d0671c06@google.com>"}]}],"fail":[]}
+  - path: /api/gateway/get-held-release-logs
+    methods: ["POST"]
+    request_body: /"meta":\{"pagination":\{"pageSize":100\}\}/
+    request_headers:
+      authorization: ["MC .*"]
+    responses:
+      - status_code: 200
+        headers:
+          Content-Type:
+            - "application/json"
+        body: |-
+          {{ minify_json `
+          {
+              "fail": [],
+              "meta": {
+                  "status": 200,
+                  "pagination": {
+                      "pageSize": 25,
+                      "next": "String",
+                      "previous": "String"
+                  }
+              },
+              "data": [
+                  {
+                      "heldReleaseLogs": [
+                          {
+                              "spamProcessingDetail": {
+                                  "greyEmail": true,
+                                  "permittedSender": {
+                                      "allow": true,
+                                      "info": "allow"
+                                  },
+                                  "managedSender": {
+                                      "allow": true,
+                                      "info": "allow"
+                                  },
+                                  "dkim": {
+                                      "allow": true,
+                                      "info": "allow"
+                                  },
+                                  "spf": {
+                                      "allow": true,
+                                      "info": "allow"
+                                  },
+                                  "rbl": {
+                                      "allow": true,
+                                      "info": "allow"
+                                  },
+                                  "dmarc": {
+                                      "allow": true,
+                                      "info": "allow"
+                                  },
+                                  "spamVerdict": {
+                                      "decision": "spam",
+                                      "description": "",
+                                      "risk": "low",
+                                      "categories": [
+                                          {
+                                              "name": "spam",
+                                              "risk": "low",
+                                              "subcategories": [
+                                                  {
+                                                      "name": "phishing",
+                                                      "risk": "low",
+                                                      "augmentations": [
+                                                          {
+                                                              "name": "body",
+                                                              "risk": "negligible"
+                                                          }
+                                                      ]
+                                                  }
+                                              ]
+                                          }
+                                      ]
+                                  }
+                              },
+                              "attachments": true,
+                              "messageInfo": "Expired in queue - rejected by housekeeping",
+                              "subject": "Exclusive Offer - You don't want to miss this!",
+                              "detectionLevel": "moderate",
+                              "heldGroup": "IT Staff Global",
+                              "operator": "admin@domain.tld",
+                              "fromEnv": {
+                                  "emailAddress": "user@domain.tld",
+                                  "displayableName": "FirstName LastName"
+                              },
+                              "rejectReason": "Message contains undesirable content",
+                              "route": "inbound",
+                              "size": 5043,
+                              "heldReason": "High-Confidence Impersonation Protection",
+                              "spamScore": 12,
+                              "id": "eNpVj21LhEAUhf_LfN2VnRl1RpclCN...",
+                              "to": [
+                                  {
+                                      "emailAddress": "user@domain.tld",
+                                      "displayableName": "FirstName LastName"
+                                  }
+                              ],
+                              "released": "2015-11-25T14:49:18+00:00",
+                              "fromHdr": {
+                                  "emailAddress": "user@domain.tld",
+                                  "displayableName": "FirstName LastName"
+                              },
+                              "status": "released",
+                              "policy": "Moderate Spam Detection"
+                          }
+                      ]
+                  }
+              ]
+          }
+          `}}
+  - path: /api/gateway/get-held-release-logs
+    methods: ["POST"]
+    request_body: /"meta":\{"pagination":\{"pageSize":100,"pageToken":"String"\}\}/
+    request_headers:
+      authorization: ["MC .*"]
+    responses:
+      - status_code: 200
+        headers:
+          Content-Type:
+            - "application/json"
+        body: |-
+          {{ minify_json `
+          {
+              "fail": [],
+              "meta": {
+                  "status": 200,
+                  "pagination": {
+                      "pageSize": 25,
+                      "next": "String",
+                      "previous": "String"
+                  }
+              },
+              "data": []
+          }
+          `}}
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.27.0"
+  changes:
+    - description: Add support for message release logs.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/10732
 - version: "1.26.1"
   changes:
     - description: Fix handling of email addresses with comma in quoted name.
 
@@ -0,0 +1,3 @@
+fields:
+  tags:
+    - preserve_original_event
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+fields:`
	`2`	`+ tags:`
	`3`	`+ - preserve_original_event`