Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

About the Device

 Proofpoint Email Protection is available as an on-premise or cloud based solution. It blocks unwanted malicious, and impostor email with granular search capabilities and visibility into all messages. Outbound controls include encryption and data loss prevention, while continuity capabilities ensure business communications can continue as normal in the event of an email outage.

Device Information

 Entity

Particulars

Vendor Name

Proofpoint

Product Name

Email Protection

Type of Device

Cloud/Hosted

Collection Method

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log Collection Method

Data Source

 Proofpoint On Demand

PROOFPOINT_ON_DEMAND

Prop Vendor API - JSON

 C2C

https://cloud.google.com/chronicle/docs/reference/feed-management-api#proofpoint-on-demand

Device Configuration

  1. To request a token, contact Proofpoint support, or log in to the Email Protection portal, and navigate to Settings > API Key Management.

  2. Click Create New.

  3. In Create New API Key, type a name and generate the API Key.

  4. Select View Details from the ellipsis menu on the generated API Key and copy the key/token.

image-20220511-052206.png
  1. The CLUSTER_ID is displayed in the upper-right corner of the management interface next to the release number. 

Integration Parameters:

Property

Default Value

Description

AUTHENTICATION HTTP HEADERS

N/A

The HTTP header used to authenticate logstream.proofpoint.com in the key-value format.
Eg -
Authorization:Bearer <JSON web token>
Sec-WebSocket-Key:SGVsbG8sIHdvcmxkIQ==

(Use the same value mentioned here for Sec-WebSocket-Key)

CLUSTER ID

N/A

The cluster ID, which is a user group string.

  • No labels