integration-docs
Loading

Proofpoint TAP

Stack 9.0.0 Serverless Observability Serverless Security

Version 1.28.0 (View all)
Subscription level
What's this?
Basic
Level of support
What's this?
Elastic
Ingestion method(s) API

The Proofpoint TAP integration collects and parses data from the Proofpoint TAP REST APIs.

Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to Agentless integrations and the Agentless integrations FAQ.

Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.

This module has been tested against SIEM API v2.

The service principal and secret are used to authenticate to the SIEM API. To generate TAP Service Credentials please follow the following steps.

  1. Log in to the TAP dashboard.
  2. Navigate to Settings > Connected Applications.
  3. Click Create New Credential.
  4. Name the new credential set and click Generate.
  5. Copy the Service Principal and Secret and save them for later use.
    For the more information on generating TAP credentials please follow the steps mentioned in the link Generate TAP Service Credentials.

This is the clicks_blocked dataset.

Note

For the clicks_blocked dataset, source.ip corresponds to the Proofpoint senderIP — the IP of the email sender — and destination.ip corresponds to clickIP — the IP of the click destination.

This is the clicks_permitted dataset.

Note

For the clicks_permitted dataset, source.ip corresponds to the Proofpoint senderIP — the IP of the email sender — and destination.ip corresponds to clickIP — the IP of the click destination.

This is the message_blocked dataset.

This is the message_delivered dataset.

This integration includes one or more Kibana dashboards that visualizes the data collected by the integration. The screenshots below illustrate how the ingested data is displayed.