This topic describes the steps to configure the Proofpoint TAP Alerts (PROOFPOINT_MAIL) through a third-party API.
Prerequisites
- Administrator login credentials
Configuring Proofpoint TAP alerts
1. Sign in to the Proofpoint Threat Insight Portal at https://threatinsight.proofpoint.com.
2. Navigate to the Settings tab > Select Connected Applications > Click Create New Credential
3. Enter a Unique Name for the New Credential set and click Generate
Now, the Service Principal and Secret values are generated
Now go to the Chronicle feed and add the below fields:
1. From the Chronicle menu, select Settings.
2. Click Feeds.
3. Click Add New.
4. Select third-party API as the source type, and select Proofpoint TAP alerts as the log type to create a feed.
6. Click Next.
7. Configure the following input parameters:
- Username: specify the service principle that you obtained previously.
- Secret: specify the secret that you obtained previously.
8. Click Next, and then click Submit.
Comments
0 comments
Please sign in to leave a comment.