ProofpointPODMailLog_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

Attribute	Value
Ingestion API Supported	✓ Yes

Contents

Schema
Solutions
Connectors
Content Items
Parsers

Schema (8 columns)

Source: Connector definition

Column Name	Type
data	string
eventTime	datetime
id	string
metadata	dynamic
pps	dynamic
sm	dynamic
TimeGenerated	datetime
tls	dynamic

Solutions (1)

This table is used by the following solutions:

Proofpoint On demand(POD) Email Security

Connectors (2)

This table is ingested by the following connectors:

Connector	Selection Criteria
Proofpoint On Demand Email Security (via Codeless Connector Platform)
[Deprecated] Proofpoint On Demand Email Security

Content Items Using This Table (23)

Analytic Rules (10)

In solution Proofpoint On demand(POD) Email Security:

Analytic Rule	Selection Criteria
ProofpointPOD - Binary file in attachment
ProofpointPOD - Email sender IP in TI list
ProofpointPOD - Email sender in TI list
ProofpointPOD - High risk message not discarded
ProofpointPOD - Multiple archived attachments to the same recipient
ProofpointPOD - Multiple large emails to the same recipient
ProofpointPOD - Multiple protected emails to unknown recipient
ProofpointPOD - Possible data exfiltration to private email
ProofpointPOD - Suspicious attachment
ProofpointPOD - Weak ciphers

Hunting Queries (10)

In solution Proofpoint On demand(POD) Email Security:

Hunting Query	Selection Criteria
ProofpointPOD - Emails with high score of 'adult' filter classifier value
ProofpointPOD - Emails with high score of 'malware' filter classifier value
ProofpointPOD - Emails with high score of 'phish' filter classifier value
ProofpointPOD - Emails with high score of 'spam' filter classifier value
ProofpointPOD - Emails with high score of 'suspect' filter classifier value
ProofpointPOD - Large size outbound emails
ProofpointPOD - Recipients with high number of discarded or rejected emails
ProofpointPOD - Recipients with large number of corrupted emails
ProofpointPOD - Senders with large number of corrupted messages
ProofpointPOD - Suspicious file types in attachments

Workbooks (3)

In solution Proofpoint On demand(POD) Email Security:

Workbook	Selection Criteria
ProofpointPOD

GitHub Only:

Workbook	Selection Criteria
ProofPointThreatDashboard
ProofpointPOD

Parsers Using This Table (1)

Other Parsers (1)

Parser	Solution	Selection Criteria
ProofpointPOD	Proofpoint On demand(POD) Email Security

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index