Proofpoint TAP
Version: 3.0.0
Proofpoint TAP (Targeted Attack Protection) detects and prevents threats in email.
Connect Proofpoint TAP with LogicHub
- Navigate to Automations > Integrations.
- Search for Proofpoint TAP.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- API User: API User name for Proofpoint's SIEM API.
- API Key: The API key to connect to the Proofpoint TAP.
- After you've entered all the details, click Connect.
Actions for Proofpoint TAP
Get TAP Events
Get events from Proofpoint TAP via Proofpoint's SIEM API.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Event Type | Type of events to query. | Required |
| Threat Type | Type of threat to query. | Required |
| Threat Status | Status of threat to query. | Required |
| Query Window | Window of time to query, from one minute ("1m") to 24 hours ("24h"). | Required |
Release Notes
v3.0.0- Updated architecture to support IO via filesystemv2.1.6- Added documentation link in the automation library.
Updated 6 months ago