Proofpoint TAP

Version: 1.2
Updated: Mar 31, 2023

Proofpoint Targeted Attack Protection (TAP) integration which protects against and provides additional visibility into phishing and other malicious attacks.

Actions

• List Campaigns (Enrichment) - Gets details for a given campaign.
• Get Campaign (Enrichment) - Gets a list of IDs of campaigns active in a specified time period.
• Get Most Attacked Users (Enrichment) - Gets a list of the most attacked users in the organization.
• Get Top Clickers (Enrichment) - Gets a list of the top clickers in the organization for a specified time period.
• Get Threat (Enrichment) - A string containing a unique identifier associated with the threat in TAP Dashboard.
• List Issues (Enrichment) - Get events for clicks to malicious URLs permitted and messages delivered containing a known attachment threat within the specified time period.
• Blocked Messages (Enrichment) - Fetch events for messages blocked in the specified time period which contained a known threat.
• Blocked Clicks (Enrichment) - Fetch events for clicks to malicious URLs blocked in the specified time period.
• Decode URL (Containment) - The URL Decoder allows users to decode URLs which have been rewritten by TAP to their original, target URL.

Configure Proofpoint TAP in Automation Service and Cloud SOAR

Before you can use this automation integration, you must configure its authentication settings so that the product you're integrating with can communicate with Sumo Logic. For general guidance, see Configure Authentication for Automation Integrations.

How to open the integration's configuration dialog

1. Access App Central and install the integration. (You can configure at installation, or after installation with the following steps.)
2. Go to the Integrations page.
   Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
   New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
3. Select the installed integration.
4. Hover over the resource name and click the Edit button that appears.
   

In the configuration dialog, enter information from the product you're integrating with. When done, click TEST to test the configuration, and click SAVE to save the configuration.

• Label. Name of the resource
• URL. URL of Proofpoint TAP (default URL’ https://tap-api-v2.proofpoint.com’ is already provided).
• Service Principal
• Secret Key
  

For information about Proofpoint, see the Proofpoint website.

Change Log

• February 4, 2022 - First upload
• March 31, 2023 (v1.1 and v1.2) - Integration refined.