Merge pull request #8866 from nipun-crestdatasystem/MimecastTIRegional

Mimecast TI Regional
Azure · Sep 18, 2023 · 21131dd · 21131dd
2 parents 91d9fab + 07f9146
commit 21131dd
Show file tree

Hide file tree

Showing 31 changed files with 2,120 additions and 0 deletions.
diff --git a/Sample Data/Custom/MimecastTIRegional/ThreatIntelligenceIndicator.csv b/Sample Data/Custom/MimecastTIRegional/ThreatIntelligenceIndicator.csv
@@ -0,0 +1,21 @@
+ExternalIndicatorId,"TimeGenerated [UTC]",TenantId,SourceSystem,Action,ActivityGroupNames,AdditionalInformation,ApplicationId,AzureTenantId,ConfidenceScore,Description,DiamondModel,"ExpirationDateTime [UTC]",IndicatorId,ThreatType,Active,KillChainActions,KillChainC2,KillChainDelivery,KillChainExploitation,KillChainReconnaissance,KillChainWeaponization,KnownFalsePositives,MalwareNames,PassiveOnly,ThreatSeverity,Tags,TrafficLightProtocolLevel,EmailEncoding,EmailLanguage,EmailRecipient,EmailSenderAddress,EmailSenderName,EmailSourceDomain,EmailSourceIpAddress,EmailSubject,EmailXMailer,"FileCompileDateTime [UTC]","FileCreatedDateTime [UTC]",FileHashType,FileHashValue,FileMutexName,FileName,FilePacker,FilePath,FileSize,FileType,DomainName,NetworkIP,NetworkPort,NetworkDestinationAsn,NetworkDestinationCidrBlock,NetworkDestinationIP,NetworkCidrBlock,NetworkDestinationPort,NetworkProtocol,NetworkSourceAsn,NetworkSourceCidrBlock,NetworkSourceIP,NetworkSourcePort,Url,UserAgent,IndicatorProvider,Type
+"indicator--f5b81ed4-941b-5aea-9fe0-017e3f41497d","8/28/2023, 7:11:43.902 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:01.000 AM",A7FD022FE4A4143137A9FF3447D89A174E8DE13C14D06575BD1B527EB8233B5F,Malware,true,,,,,,,,,,5,,red,,,,,,,"92.42.37.184",,,"8/28/2023, 6:32:03.000 AM",,SHA256,5EBCEC68EA40408B52E48EA18BE9E13A243E48E1F73C87F1F48351BDC168CF5D,,"Sequestration.html",,,11828,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--42203ab4-905b-5a78-bf18-c793eec22f33","8/28/2023, 7:11:43.926 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:04.000 AM",F39E2975DED11C21E82AE37FDFEEA83A20A34913218695E05481062B3A9DC149,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:35:14.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--50442156-8243-59eb-9880-7a7a4b3d02e3","8/28/2023, 7:11:43.950 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:06.000 AM",C8E35D0534FF7CA045DEE8A086F0A22C89E99E3BC292CDD0921AFE9B757CFD44,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:38:29.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--38773b62-7feb-5ebf-8fc6-3eddd58a43f4","8/28/2023, 7:11:43.974 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:07.000 AM",F68BD96C7232FD34D2BB2896D753231749F954DB6C7261A976EC34EC7889E875,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:40:09.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--750f4343-9e62-595f-bd0e-e59c4881b3e2","8/28/2023, 7:11:43.999 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:09.000 AM",31540C255C788D28C5C9B52AF932C990BF97CFD349A76429FA457F0D7DC67929,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:44:54.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--3c5f5b9a-9194-502b-8605-44ef2be9c828","8/28/2023, 7:11:43.889 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:00.000 AM",5C3F6F04F6DA280EB2BDB283CF89CE99077BF7B59989A6A14166D924542E3E2C,Malware,true,,,,,,,,,,5,,red,,,,,,,"94.131.2.87",,,"8/28/2023, 6:30:55.000 AM",,SHA256,51B0C8E05D094FA5505A91E38EBB7C4FD7A2651C650B6D359B750B2D57BA7D88,,"Eddie Lei-PO A4_053423G1.htm",,,46325,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--52a05416-7ec2-5516-93b8-f589938d4e0d","8/28/2023, 7:11:43.911 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:03.000 AM",D45A628E911576FC4B9AEA888D6C072EDF718C92969A3D03F63021640875BF9D,Malware,true,,,,,,,,,,5,,red,,,,,,,"193.109.120.87",,,"8/28/2023, 6:33:10.000 AM",,SHA256,DDC30B6FC7D8A9270453877B988B328E5D731D779774EFBE0C9ADC00054B0BF3,,"Scanned_Shipment_Arrival_Notice_Original_Cargo_Telex_Release_Order_2206055322061078220607197_BL_28_August_2023.tar",,,1264128,"application/x-tar",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--486de4e4-c8bb-53fa-92ad-9e4cf4282fbb","8/28/2023, 7:11:43.936 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:04.000 AM",67EE92D7CBDBFE075B4E232D246A6B1CECEB399CDD654381B90BD4184583BFA2,Malware,true,,,,,,,,,,5,,red,,,,,,,"94.131.2.87",,,"8/28/2023, 6:34:45.000 AM",,SHA256,EC539D6E926FB12A831F08CF4027534C7F7141D994F7EB54A4A3685943AF1DC9,,"Eddie Lei-PO A4_053423G1.htm",,,46328,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--292a37ec-85c1-56d5-8dfc-c231b5ab47b5","8/28/2023, 7:11:43.960 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:06.000 AM",87FC43559BD16EFE6C94BEC1160EFE03DB3D9AC117EFDAB7228210F793A1E30B,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:38:08.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--1db7c7eb-c23e-51fd-90d8-3332d6c4acf8","8/28/2023, 7:11:43.985 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:08.000 AM",DFF9C95AA0501AA0063D867464AD71DF82F2B5C0C2D364BC8F6BC3EEBFFC3139,Malware,true,,,,,,,,,,5,,red,,,,,,,"210.143.104.183",,,"8/28/2023, 6:42:40.000 AM",,SHA256,F7AFFA57B7792DF51CDBC521D5C176CA8E42A16B8E68244126DB5DB32C1E02B5,,"body.htm",,,3354,"text/plain",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--164cf226-a747-5bc1-8795-47a8db966576","8/28/2023, 7:11:44.010 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:09.000 AM",E5859EA2B7EFF21A2E8F7F940DA53C6F4B45E7BA0F9ABEB6E485B06DFCD84686,Malware,true,,,,,,,,,,5,,red,,,,,,,"212.227.126.135",,,"8/28/2023, 6:43:17.000 AM",,SHA256,58090CF03262493D86F4BF9B4B2DAC65DB59D55FC4DE001F53417B89C528C28C,,"body.htm",,,24612,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--6d8e1c2a-6349-5ac7-b8da-e5507741a091","8/28/2023, 7:11:43.894 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:00.000 AM",38179278BE6087A66EEB29F1B69E349134865DE4BA748F823CA8A8F44FC80A68,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:30:39.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--fd122cca-9a51-5c99-96dc-22e82a80da76","8/28/2023, 7:11:43.917 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:03.000 AM",2FA23DC3106DF201174567894618F3E366C6F22B64234233C459B091F19423EF,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:33:35.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--bee8ef60-ae53-5c54-9f26-afb4ff78a797","8/28/2023, 7:11:43.941 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:04.000 AM",DC1E5B07A64ACA0846070A704FA50D31D1A419A5BB6D2162992F49D5582621F5,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:36:43.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--ecdaa66b-f870-51ca-82f3-923452f85e4c","8/28/2023, 7:11:43.965 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:07.000 AM",DBD41F234E611C0780CCB7935F7738FF708355B1B00E26C9DA6A163A7143D401,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:39:31.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--220639c0-68e6-5dc2-abfe-5101907ebc4c","8/28/2023, 7:11:43.990 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:08.000 AM",38EB5855B1179B96B9DF41A739F3426AE00CD7383B83F0ACE7DA175AD32F9BF4,Malware,true,,,,,,,,,,5,,red,,,,,,,"210.143.104.183",,,"8/28/2023, 6:42:56.000 AM",,SHA256,0F3BA4E8FD825D0952B11D85607F7B09A1C7852F80D605F6335B0029902D4873,,"body.htm",,,3350,"text/plain",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--0aad5e11-22b0-52fa-bbb2-d39b0634bb10","8/28/2023, 7:11:44.027 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:09.000 AM",45D1927832BED02920BE050BA2176D6775927A58EFD6EAB76C1101D2D98F3A63,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:44:56.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--06f0a772-21b7-5329-ba83-22fbb61606c7","8/28/2023, 7:11:43.888 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:00.000 AM",61D9AC94D411848748584D69CF9D196B51740C346B4FE6B7066378A1CA16A8D0,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:30:13.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--bc10165d-9315-5362-ab49-977120628fc9","8/28/2023, 7:11:43.910 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:03.000 AM",F4964857A4C035CF09857B69293EFED7CE3D4A5D9EAD0DEB7996F7DF3A13351E,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:33:03.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
+"indicator--58bb3ae6-685b-5c23-8b83-763dcaa37fec","8/28/2023, 7:11:43.936 AM","9205e39d-9c6f-488c-8ecf-3c29542c7add",SecurityGraph,block,,,,"3adb963c-8e61-48e8-a06d-6dbb0dacea39",100,"Mimecast Regional Threat Intel",,"9/27/2023, 7:10:04.000 AM",D9FB9847A735DDE0893FB20A8FF310B5279E4ADE1A50DB46E93CC82BBEFD0A58,Malware,true,,,,,,,,,,5,,red,,,,,,,"12.196.177.42",,,"8/28/2023, 6:36:03.000 AM",,SHA256,2AA38A1EE874CD499769C0C3E0FF267AA31F7E3E0CB8F20EE6D8C21EE3F4AEA1,,"AWB #8347630147.htm",,,15855,"text/html",,,,,,,,,,,,,,,,,ThreatIntelligenceIndicator
diff --git a/Solutions/MimecastTIRegional/Data Connectors/GetThreatIntelFeedRegional/__init__.py b/Solutions/MimecastTIRegional/Data Connectors/GetThreatIntelFeedRegional/__init__.py
@@ -0,0 +1,53 @@
+import datetime
+import logging
+import azure.functions as func
+from ..Helpers.date_helper import DateHelper
+from ..Helpers.threat_intel_feed_request_helper import ThreatIntelFeedRequestHelper
+from ..Models.Error.errors import MimecastRequestError, GraphAPIRequestError
+
+
+def main(mytimer: func.TimerRequest, checkpoint: str) -> str:
+    utc_timestamp = datetime.datetime.utcnow().replace(tzinfo=datetime.timezone.utc).isoformat()
+
+    if mytimer.past_due:
+        logging.info("The timer is past due!")
+
+    logging.info("Python timer trigger function ran at %s", utc_timestamp)
+
+    # datetime manipulation is done to assure there is neither duplicate nor missing logs
+    start_date = checkpoint if checkpoint else DateHelper.get_utc_time_in_past(days=3)
+    mimecast_start_date = datetime.datetime.strptime(start_date, "%Y-%m-%dT%H:%M:%S%z") + datetime.timedelta(seconds=1)
+    mimecast_start_date = mimecast_start_date.strftime("%Y-%m-%dT%H:%M:%S%z")
+    end_date = datetime.datetime.fromisoformat(utc_timestamp) - datetime.timedelta(seconds=15)
+    mimecast_end_date = end_date.strftime("%Y-%m-%dT%H:%M:%S%z")
+
+    threat_intel_feed_request_helper = ThreatIntelFeedRequestHelper()
+
+    try:
+        grid_feeds = threat_intel_feed_request_helper.get_threat_intel_feed(
+            mimecast_start_date, mimecast_end_date, "malware_grid"
+        )
+    except MimecastRequestError as e:
+        logging.error(
+            "Failed to get TI logs from Mimecast.", extra={"request_id": threat_intel_feed_request_helper.request_id}
+        )
+        e.request_id = threat_intel_feed_request_helper.request_id
+        raise e
+    except Exception as e:
+        logging.error("Unknown Exception raised.", extra={"request_id": threat_intel_feed_request_helper.request_id})
+        raise e
+
+    try:
+        if grid_feeds:
+            latest_feed = threat_intel_feed_request_helper.send_feeds_to_azure(grid_feeds)
+            return latest_feed
+        else:
+            logging.info("There are no Regional Threat Intel Feeds for this period.")
+            return mimecast_end_date
+    except GraphAPIRequestError as e:
+        logging.error("Failed to send TI logs.", extra={"request_id": threat_intel_feed_request_helper.request_id})
+        e.request_id = threat_intel_feed_request_helper.request_id
+        raise e
+    except Exception as e:
+        logging.error("Unknown Exception raised.", extra={"request_id": threat_intel_feed_request_helper.request_id})
+        raise e
diff --git a/Solutions/MimecastTIRegional/Data Connectors/GetThreatIntelFeedRegional/function.json b/Solutions/MimecastTIRegional/Data Connectors/GetThreatIntelFeedRegional/function.json
@@ -0,0 +1,24 @@
+{
+  "scriptFile": "__init__.py",
+  "bindings": [
+    {
+      "name": "mytimer",
+      "type": "timerTrigger",
+      "direction": "in",
+      "schedule": "0 */5 * * * *"
+    },
+    {
+      "name": "checkpoint",
+      "type": "blob",
+      "dataType": "string",
+      "path": "tir-checkpoints/checkpoint.txt",
+      "direction": "in"
+    },
+    {
+      "name": "$return",
+      "type": "blob",
+      "path": "tir-checkpoints/checkpoint.txt",
+      "direction": "out"
+    }
+  ]
+}
diff --git a/Solutions/MimecastTIRegional/Data Connectors/GetThreatIntelFeedRegional/readme.md b/Solutions/MimecastTIRegional/Data Connectors/GetThreatIntelFeedRegional/readme.md
@@ -0,0 +1,11 @@
+# TimerTrigger - Python
+
+The `TimerTrigger` makes it incredibly easy to have your functions executed on a schedule. This sample demonstrates a simple use case of calling your function every 5 minutes.
+
+## How it works
+
+For a `TimerTrigger` to work, you provide a schedule in the form of a [cron expression](https://en.wikipedia.org/wiki/Cron#CRON_expression)(See the link for full details). A cron expression is a string with 6 separate expressions which represent a given schedule via patterns. The pattern we use to represent every 5 minutes is `0 */5 * * * *`. This, in plain text, means: "When seconds is equal to 0, minutes is divisible by 5, for any hour, day of the month, month, day of the week, or year".
+
+## Learn more
+
+<TODO> Documentation
diff --git a/Solutions/MimecastTIRegional/Data Connectors/Helpers/date_helper.py b/Solutions/MimecastTIRegional/Data Connectors/Helpers/date_helper.py
@@ -0,0 +1,34 @@
+import datetime
+
+from ..Models.Error.errors import ParsingError
+
+
+class DateHelper:
+    """DateHelper class responsible for making Mimecast specific date formats needed in request models."""
+
+    @staticmethod
+    def get_utc_time_from_now(days):
+        now = datetime.datetime.utcnow()
+        offset_time = now + datetime.timedelta(days=days)
+        return offset_time.strftime("%Y-%m-%dT%H:%M:%SZ")
+
+    @staticmethod
+    def get_utc_time_in_past(days):
+        """Generating time by subtracting days from current UTC time."""
+        now = datetime.datetime.utcnow()
+        offset_time = now - datetime.timedelta(days=days)
+        offset_time = offset_time.replace(tzinfo=datetime.timezone.utc)
+        return offset_time.strftime("%Y-%m-%dT%H:%M:%S%z")
+
+    @staticmethod
+    def convert_from_mimecast_format(datetime_str):
+        try:
+            datetime_obj = datetime.datetime.strptime(datetime_str, "%Y-%m-%dT%H:%M:%S%z")
+        except ValueError:
+            try:
+                datetime_obj = datetime.datetime.strptime(datetime_str, "%Y-%m-%dT%H:%M:%S.%fZ")
+            except ValueError:
+                raise ParsingError(f"Unknown time format: {datetime_str}")
+
+        converted_datetime = datetime_obj.astimezone(datetime.timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+        return converted_datetime
diff --git a/Solutions/MimecastTIRegional/Data Connectors/Helpers/graph_api_collector.py b/Solutions/MimecastTIRegional/Data Connectors/Helpers/graph_api_collector.py
@@ -0,0 +1,56 @@
+import json
+import requests
+import logging
+from msal import ConfidentialClientApplication
+
+from ..Models.Error.errors import GraphAPIRequestError
+
+
+class GraphApiCollector:
+    def get_token(self, app_id, app_secret, tenant_id):
+        try:
+            app = ConfidentialClientApplication(
+                app_id, authority="https://login.microsoftonline.com/" + tenant_id, client_credential=app_secret
+            )
+        except ConnectionError:
+            logging.error("Failed to establish connection with GS API. Server is probably not available at the moment.")
+            raise GraphAPIRequestError(
+                "Failed to establish connection with GS API. Server is probably not available at the moment."
+            )
+
+        for i in range(4):
+            result = app.acquire_token_silent(["https://graph.microsoft.com/.default"], account=None)
+            if not result:
+                result = app.acquire_token_for_client(scopes=["https://graph.microsoft.com/.default"])
+            if result["access_token"]:
+                break
+
+        headers = {"Content-type": "application/json", "Authorization": "Bearer " + result["access_token"]}
+        return headers
+
+    def create_threat_indicators(self, headers, body):
+        """
+        Makes a POST request to create a TI indicator.
+        :param headers: Header of the POST request.
+        :param body: Body of the POST request.
+        :returns: json response.
+        :raises GraphAPIRequestError: raises an exception
+        """
+        ti_url = "https://graph.microsoft.com/beta/security/tiIndicators/submitTiIndicators"
+        if body is None:
+            logging.error("Request body cannot be empty.")
+            raise GraphAPIRequestError("Request body cannot be empty.")
+
+        try:
+            response = requests.post(
+                url=ti_url, data=json.dumps(body, ensure_ascii=False).encode("utf-8"), headers=headers, stream=False
+            )
+        except ConnectionError:
+            raise GraphAPIRequestError("Error on Graph API while creating new indicators.")
+
+        if 200 <= response.status_code <= 299:
+            logging.info(str(len(body["value"])) + " Threat Indicators sent successfully!")
+        else:
+            logging.error("Graph API Connector error occurred!")
+            logging.error(response.content)
+            raise GraphAPIRequestError("Error on Graph API while creating new indicators.")