Proofpoint TAP for Sentinel
Solution: ProofPointTap
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Proofpoint, Inc. |
| Support Tier | Partner |
| Support Link | https://proofpoint.my.site.com/community/s/ |
| Categories | domains |
| Version | 3.1.3 |
| Author | Proofpoint, Inc. - azure-support@proofpoint.com |
| First Published | 2022-05-23 |
| Last Updated | 2026-04-22 |
| Solution Folder | ProofPointTap |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (0%) |
The Proofpoint TAP solution for Microsoft Sentinel enables you to ingest Proofpoint TAP logs into Microsoft Sentinel.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
• Microsoft Sentinel Codeless Connector Framework
Contents
Data Connectors
This solution provides 1 data connector(s) (plus 1 discovered⚠️):
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 8 table(s):
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 6 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 2 |
| Playbooks | 2 |
| Workbooks | 1 |
| Parsers | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Malware Link Clicked | Medium | InitialAccess | ProofPointTAPClicksPermittedV2_CL |
| Malware attachment delivered | Medium | InitialAccess | ProofPointTAPMessagesDeliveredV2_CL |
Workbooks
| Name | Tables Used |
|---|---|
| ProofpointTAP | ProofPointTAPClicksBlockedV2_CLProofPointTAPClicksPermittedV2_CLProofPointTAPMessagesBlockedV2_CLProofPointTAPMessagesDeliveredV2_CL |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| ProofpointTAP-CheckAccountInVAP | Once a new sentinel incident is created, this playbook gets triggered and performs the following act... | - |
| ProofpointTAP-AddForensicsInfoToIncident | Once a new sentinel incident is created, this playbook gets triggered and performs the following act... | - |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| ProofpointTAPEvent | - | ProofPointTAPClicksBlockedV2_CL (read)ProofPointTAPClicksBlocked_CL (read)ProofPointTAPClicksPermittedV2_CL (read)ProofPointTAPClicksPermitted_CL (read)ProofPointTAPMessagesBlockedV2_CL (read)ProofPointTAPMessagesBlocked_CL (read)ProofPointTAPMessagesDeliveredV2_CL (read)ProofPointTAPMessagesDelivered_CL (read)ProofpointTAPNativePoller_CL (read) |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.1.3 | 19-03-2026 | Update ProofpointTAP_PollingConfig.json to pass user-agent header with solution package version. |
| 3.1.2 | 22-01-2026 | Removed Playbook GetProofpointTAPEvents for TAP connector. |
| 3.1.1 | 03-11-2025 | Update support url in SolutionMetadata.json. |
| 3.1.0 | 31-07-2025 | Updated Support details and publisherId in SolutionMetadata.json, updated Author details and Logo in Solution_ProofTap.json from Microsoft to Proofpoint. |
| 3.0.10 | 28-07-2025 | Removed Deprecated Data Connector. |
| 3.0.9 | 20-06-2025 | Expanded the query for ProofpointTAPEvent Parser to include additional columns and data sources (V2). |
| 3.0.8 | 06-05-2025 | Launching CCP Data Connector Proofpoint TAP (via Codeless Connector Platform) from Public Preview to Global Availability. |
| 3.0.7 | 21-04-2025 | Correction in CCP Connector DCR File to resolve deployment issue. |
| 3.0.6 | 04-04-2025 | New CCP Connector added Proofpoint TAP (via Codeless Connector Platform). |
| 3.0.5 | 12-01-2025 | Updated Analytic Rule MalwareLinkClicked.yaml. |
| 3.0.4 | 26-04-2024 | Repackaged for fix on parser in maintemplate to have old parsername and parentid. |
| 3.0.3 | 16-04-2024 | Repackaged for parser issue in maintemplate. |
| 3.0.2 | 10-04-2024 | Added Azure Deploy button for government portal deployments. |
| 3.0.1 | 10-10-2023 | Manual deployment instructions updated for Data Connector. |
| 3.0.0 | 01-08-2023 | Updated solution logo with Microsoft Sentinel logo. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊