Proofpoint TAP (via Codeless Connector Platform)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | ProofpointTAPv2 |
| Publisher | Proofpoint |
| Used in Solutions | ProofPointTap |
| Collection Method | CCF |
| Connector Definition Files | ProofpointTAP_defination.json |
| CCF Configuration | ProofpointTAP_pollingconfig.json |
| CCF Capabilities | Basic |
The Proofpoint Targeted Attack Protection (TAP) connector provides the capability to ingest Proofpoint TAP logs and events into Microsoft Sentinel. The connector provides visibility into Message and Click events in Microsoft Sentinel to view dashboards, create custom alerts, and to improve monitoring and investigation capabilities.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
ProofPointTAPClicksBlockedV2_CL |
? | ✓ | ? |
ProofPointTAPClicksPermittedV2_CL |
? | ✓ | ? |
ProofPointTAPMessagesBlockedV2_CL |
? | ✓ | ? |
ProofPointTAPMessagesDeliveredV2_CL |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions on the workspace are required.
Custom Permissions: - Proofpoint TAP API Key: A Proofpoint TAP API service principal and secret is required to access Proofpoint's SIEM API. See the documentation to learn more about Proofpoint SIEM API.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
Configuration steps for the Proofpoint TAP API
- Log into the Proofpoint TAP dashboard
- Navigate to Settings and go to Connected Applications tab
- Click on Create New Credential
- Provide a name and click Generate
- Copy Service Principal and Secret values
NOTE: This connector depends on a parser based on Kusto Function to work as expected ProofpointTAPEvent which is deployed with the Microsoft Sentinel Solution.
- Service Principal: 123456
- Secret: (password field)
- Click 'Connect' to establish connection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊