Proofpoint Targeted Attack Protection (TAP) stays ahead of today's attackers with an innovative approach that detects, analyzes, and blocks advanced threats before they reach your inbox.
This document provides information about the Proofpoint TAP connector, which facilitates automated interactions with a Proofpoint TAP server using FortiSOAR™ playbooks. Add the Proofpoint TAP connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving events for clicks to malicious URLs blocked in the specified time period and retrieving details of a campaign based on the specified campaign ID.
Connector Version: 1.0.1
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-proofpoint-tap
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Blocked Malicious URL Events | Retrieves events for clicks to malicious URLs that were blocked within the specified time period. | get_events Investigation |
Get Permitted Malicious URL Events | Retrieves events for clicks to malicious URLs that were permitted within the specified time period. | get_events Investigation |
Get Blocked Threat Message Events | Retrieves events for messages that contained a known threat, and were blocked within the specified time period. | get_events Investigation |
Get Delivered Threat Message Events | Retrieves events for messages that contained a known threat, and were delivered within the specified time period. | get_events Investigation |
Get All Events | Retrieves events for all clicks and all messages related to known threats within the specified time period. | get_events Investigation |
Get Events for All Issues | Retrieves events for all clicks to malicious URLs and all messages delivered that contained a known threat within the specified time period. | get_events Investigation |
Get Campaign Details | Retrieves details of a campaign based on the Campaign ID that you have specified. | |
Get Forensic Details | Retrieves forensic details of a campaign based on the threat or campaign hat you have specified. |
The Sample - Proofpoint TAP - 1.0.1
playbook collection comes bundled with the Proofpoint TAP connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Proofpoint TAP connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
Proofpoint Targeted Attack Protection (TAP) stays ahead of today's attackers with an innovative approach that detects, analyzes, and blocks advanced threats before they reach your inbox.
This document provides information about the Proofpoint TAP connector, which facilitates automated interactions with a Proofpoint TAP server using FortiSOAR™ playbooks. Add the Proofpoint TAP connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving events for clicks to malicious URLs blocked in the specified time period and retrieving details of a campaign based on the specified campaign ID.
Connector Version: 1.0.1
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-proofpoint-tap
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Blocked Malicious URL Events | Retrieves events for clicks to malicious URLs that were blocked within the specified time period. | get_events Investigation |
Get Permitted Malicious URL Events | Retrieves events for clicks to malicious URLs that were permitted within the specified time period. | get_events Investigation |
Get Blocked Threat Message Events | Retrieves events for messages that contained a known threat, and were blocked within the specified time period. | get_events Investigation |
Get Delivered Threat Message Events | Retrieves events for messages that contained a known threat, and were delivered within the specified time period. | get_events Investigation |
Get All Events | Retrieves events for all clicks and all messages related to known threats within the specified time period. | get_events Investigation |
Get Events for All Issues | Retrieves events for all clicks to malicious URLs and all messages delivered that contained a known threat within the specified time period. | get_events Investigation |
Get Campaign Details | Retrieves details of a campaign based on the Campaign ID that you have specified. | |
Get Forensic Details | Retrieves forensic details of a campaign based on the threat or campaign hat you have specified. |
The Sample - Proofpoint TAP - 1.0.1
playbook collection comes bundled with the Proofpoint TAP connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Proofpoint TAP connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.