Proofpoint Email Protection helps. you secure and control inbound and. outbound email through an easy- to-use cloud-based solution.
This document provides information about the FortiSOAR™ connector, which facilitates automated interactions, with a Proofpoint Email Gateway server using FortiSOAR™ playbooks. Add the Proofpoint Email Gateway connector as a step in FortiSOAR™ playbooks and perform automated operations such as searching for quarantined messages and performing actions on quarantined messages.
Connector Version: 1.0.0
Authored By: Community
Certified: No
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root
user to install connectors:
yum install cyops-connector-proofpoint-email-gateway
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Proofpoint Email Gateway connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of the Proofpoint Email Gateway server to which you will connect and perform automated operations. |
Port | Port number used to access the Proofpoint Email Gateway server to which you will connect and perform automated operations. |
Username | Username used to access the Proofpoint Email Gateway server to which you will connect and perform the automated operations. |
Password | Password used to access the Proofpoint Email Gateway server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ version 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Search Quarantine Messages | Searches for quarantined messages on your Proofpoint Email Gateway server, based on input parameters, such as the email address of the sender of the message, the subject of the message, the query ID of the messager, etc, that you have specified. | search_quarantine_messages Investigation |
Quarantine Message Actions | Performs actions such as release, forward, move, etc on specified quarantine messages on your Proofpoint Email Gateway server, based on the quarantine folder, local GUID, and action specified. | quarantine_message_actions Investigation |
Parameter | Description |
---|---|
Messages |
Select multiple options based on which you want to filter quarantined messages to be retrieved from the Proofpoint Email Gateway server. You can choose from the following options: From, Receipt, or Subject.
|
Query ID | ID of the query based on which you want to retrieve quarantined messages from the Proofpoint Email Gateway server. |
Start Date | Start date and time from when you want to retrieve quarantined messages from the Proofpoint Email Gateway server. |
End Date | End date and time till when you want to retrieve quarantined messages from the Proofpoint Email Gateway server. |
Folder | Name of the folder from which you want to retrieve quarantined messages from the Proofpoint Email Gateway server. If you do not specify any folder name, then by default the "Quarantine" folder is set. |
Global Unique Identifier | Global Unique identifier of the message for which you want to retrieve raw data for a quarantined message from the Proofpoint Email Gateway server. If you specify the global unique identifier and its corresponding message is found on the Proofpoint Email Gateway server, then the response body contains the raw data of the message instead of the JSON document. |
DLP Violation | Retrieves DLP Violation data for the quarantined messages retrieved from the Proofpoint Email Gateway server. You can choose from the following options: Number of Smart Identifiers or Actual Smart Identifiers. |
Message Status | If you select this option then the quarantined messages retrieved from the Proofpoint Email Gateway server also contain the message status and comments. |
The output contains the following populated JSON schema:
{
"count": "",
"records": [
{
"processingserver": "",
"date": "",
"subject": "",
"messageid": "",
"folder": "",
"size": "",
"rcpts": [],
"from": "",
"spamscore": "",
"guid": "",
"host_ip": "",
"localguid": ""
}
],
"meta": {
"fqin": "",
"queryid": "",
"query_params": {
"pretty": "",
"subject": "",
"from": ""
},
"limit": "",
"duration": ""
}
}
Parameter | Description |
---|---|
Action to Process the Message |
Select the action that you want to perform on the specified quarantined message on the Proofpoint Email Gateway server. You can choose from the following options: Release Message, Resubmit Message, Forward Message, Move Message, Forward Message, or Delete Message. Note: For the 'Resubmit Message' and 'Delete Message', you do not require to provide any additional parameters.
If you choose 'Forward Message', then you can specify the following parameters:
|
Quarantine Folder | Quarantine folder in the Proofpoint Email Gateway server on which you want to perform the specified action. |
Local GUID | Local GUID of the message in the Quarantine folder message in the Proofpoint Email Gateway server on which you want to perform the specified action. |
The output contains a non-dictionary value.
The Sample - Proofpoint Email Gateway - 1.0.0
playbook collection comes bundled with the Proofpoint Email Gateway connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Proofpoint Email Gateway connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
Proofpoint Email Protection helps. you secure and control inbound and. outbound email through an easy- to-use cloud-based solution.
This document provides information about the FortiSOAR™ connector, which facilitates automated interactions, with a Proofpoint Email Gateway server using FortiSOAR™ playbooks. Add the Proofpoint Email Gateway connector as a step in FortiSOAR™ playbooks and perform automated operations such as searching for quarantined messages and performing actions on quarantined messages.
Connector Version: 1.0.0
Authored By: Community
Certified: No
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root
user to install connectors:
yum install cyops-connector-proofpoint-email-gateway
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Proofpoint Email Gateway connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of the Proofpoint Email Gateway server to which you will connect and perform automated operations. |
Port | Port number used to access the Proofpoint Email Gateway server to which you will connect and perform automated operations. |
Username | Username used to access the Proofpoint Email Gateway server to which you will connect and perform the automated operations. |
Password | Password used to access the Proofpoint Email Gateway server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ version 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Search Quarantine Messages | Searches for quarantined messages on your Proofpoint Email Gateway server, based on input parameters, such as the email address of the sender of the message, the subject of the message, the query ID of the messager, etc, that you have specified. | search_quarantine_messages Investigation |
Quarantine Message Actions | Performs actions such as release, forward, move, etc on specified quarantine messages on your Proofpoint Email Gateway server, based on the quarantine folder, local GUID, and action specified. | quarantine_message_actions Investigation |
Parameter | Description |
---|---|
Messages |
Select multiple options based on which you want to filter quarantined messages to be retrieved from the Proofpoint Email Gateway server. You can choose from the following options: From, Receipt, or Subject.
|
Query ID | ID of the query based on which you want to retrieve quarantined messages from the Proofpoint Email Gateway server. |
Start Date | Start date and time from when you want to retrieve quarantined messages from the Proofpoint Email Gateway server. |
End Date | End date and time till when you want to retrieve quarantined messages from the Proofpoint Email Gateway server. |
Folder | Name of the folder from which you want to retrieve quarantined messages from the Proofpoint Email Gateway server. If you do not specify any folder name, then by default the "Quarantine" folder is set. |
Global Unique Identifier | Global Unique identifier of the message for which you want to retrieve raw data for a quarantined message from the Proofpoint Email Gateway server. If you specify the global unique identifier and its corresponding message is found on the Proofpoint Email Gateway server, then the response body contains the raw data of the message instead of the JSON document. |
DLP Violation | Retrieves DLP Violation data for the quarantined messages retrieved from the Proofpoint Email Gateway server. You can choose from the following options: Number of Smart Identifiers or Actual Smart Identifiers. |
Message Status | If you select this option then the quarantined messages retrieved from the Proofpoint Email Gateway server also contain the message status and comments. |
The output contains the following populated JSON schema:
{
"count": "",
"records": [
{
"processingserver": "",
"date": "",
"subject": "",
"messageid": "",
"folder": "",
"size": "",
"rcpts": [],
"from": "",
"spamscore": "",
"guid": "",
"host_ip": "",
"localguid": ""
}
],
"meta": {
"fqin": "",
"queryid": "",
"query_params": {
"pretty": "",
"subject": "",
"from": ""
},
"limit": "",
"duration": ""
}
}
Parameter | Description |
---|---|
Action to Process the Message |
Select the action that you want to perform on the specified quarantined message on the Proofpoint Email Gateway server. You can choose from the following options: Release Message, Resubmit Message, Forward Message, Move Message, Forward Message, or Delete Message. Note: For the 'Resubmit Message' and 'Delete Message', you do not require to provide any additional parameters.
If you choose 'Forward Message', then you can specify the following parameters:
|
Quarantine Folder | Quarantine folder in the Proofpoint Email Gateway server on which you want to perform the specified action. |
Local GUID | Local GUID of the message in the Quarantine folder message in the Proofpoint Email Gateway server on which you want to perform the specified action. |
The output contains a non-dictionary value.
The Sample - Proofpoint Email Gateway - 1.0.0
playbook collection comes bundled with the Proofpoint Email Gateway connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Proofpoint Email Gateway connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.