Guides

Proofpoint (TAP)

Suggest Edits

📘

TL;DR

To integrate Proofpoint(TAP) with Query:

  • Setup the required connection parameters for Proofpoint mentioned in the 'Prerequisites' section of this document.
  • Add a Proofpoint TAP connection source in Query with the connection parameters.
  • Test the integration with Test connection link.
  • Perform searches for malicious emails using to, cc, and subject as search parameters.

Overview

Proofpoint TAP is a cloud-based threat detection and response platform that helps organizations protect against cyber attacks. By integrating with Query, you can search for:

  • Search for malicious emails, blocked clicks, and top attacked users.

Prerequisites:

Make sure you have the following connection parameters from from Proofpoint(TAP) to add it as a connection source in Query.

  • API URL - Provide a Proofpoint endpoint if different from the default, tap-api-v2.proofpoint.com.
  • API Secret - Provide the Proofpoint API Secret for authenticating collection requests.
  • Service Principal - Provide the Proofpoint Service Principal for authenticating collection requests.

Adding a connection source in Query

  1. Go to the Connections page, click Add Connections, and select Proofpoint(TAP) from Email Security category.
  2. In the General tab, add the following details.
  • API URL - Provide a Proofpoint endpoint if different from the default, tap-api-v2.proofpoint.com.
  • API Secret - Provide the Proofpoint API Secret for authenticating collection requests.
  • Service Principal - Provide the Proofpoint Service Principal for authenticating collection requests.
  1. Click the Save button on the top right corner of the screen to save the connection source.
  2. To test the connection credentials, click on 'Test Connection.' You will see a successful connection message if the credentials are valid. If the test connection fails, then check if the connection parameters are correct. If necessary, change appropriately and retest.

Resources

  • Proofpoint API Documentation -[<https://help.proofpoint.com/Threat_Insight_Dashboard/API_Documentation>]

Updated about 1 year ago