Overview
This topic describes the steps to configure the Proofpoint on Demand through Third Party API.
Prerequisites
Before You Begin
a. Please create the New Cloud Admin user with the name ‘Cloud Admin’, as same as your email domain which is in Active Directory.
Example: cloudadmin@yourdomain.com or cloudadmin@yourdomain.org
b. Once the new user is created then, login to your PPS Cluster as the podadmin user.
and Go to System > User Management > Users and find the Cloud Admin user.
c. Now select the checkbox next to the User, then go the Options > Sync to Cloud, which will sync this new Cloud Admin.
Collection of API Key, Cluster ID
A. To Collect API Key
After completing the previous steps,
a. Log into the https://admin.proofpoint.com with the New Cloud Admin User
b. Go to Settings > API Key Management > Create New.
c. Type any Unique Name and Save.
B. To Collect Cluster ID
a. The Cluster ID is displayed in the upper-right corner of the management interface next to the release number.
Note: Copy the API Key and Cluster ID to the local machine which is used to add in the Feed.
Configuration in the Feed
1. From the Chronicle menu, select Settings.
2. Click Feeds.
3. Click Add NEW.
4. Type any Unique Name as FEED NAME,
Third party API as the SOURCE TYPE and
Proofpoint On Demand as the LOG TYPE.
5. Click Next.
6. Configure the following input parameters:
- AUTHENTICATION HTTP HEADERS: specify the API key that you obtained previously with the Authorization: Bearer, along with that add the ‘Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==’ also in the below format.
Authorization: Bearer API Key
Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==
Example:
Authorization: Bearer BkUIJ3EMiF9.ghBe1Gshb6ndoK1ehtyinb.lkkgjdhdGHmeGHjs
Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==
- CLUSTER ID: specify the Cluster ID that you obtained previously
Example: apkttransitauthority_hosted
7. Click Next and then click Submit.
Comments
0 comments
Please sign in to leave a comment.