Fortinet Document Library

Version:


Table of Contents

1.0.1
Copy Link

About the connector

Proofpoint Targeted Attack Protection (TAP) stays ahead of today's attackers with an innovative approach that detects, analyzes, and blocks advanced threats before they reach your inbox.

This document provides information about the Proofpoint TAP connector, which facilitates automated interactions with a Proofpoint TAP server using FortiSOAR™ playbooks. Add the Proofpoint TAP connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving events for clicks to malicious URLs blocked in the specified time period and retrieving details of a campaign based on the specified campaign ID.

 

Version information

Connector Version: 1.0.1

Authored By: Fortinet

Certified: No

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-proofpoint-tap

For the detailed procedure to install a connector, click here.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get Blocked Malicious URL Events Retrieves events for clicks to malicious URLs that were blocked within the specified time period. get_events
Investigation
Get Permitted Malicious URL Events Retrieves events for clicks to malicious URLs that were permitted within the specified time period. get_events
Investigation
Get Blocked Threat Message Events Retrieves events for messages that contained a known threat, and were blocked within the specified time period. get_events
Investigation
Get Delivered Threat Message Events Retrieves events for messages that contained a known threat, and were delivered within the specified time period. get_events
Investigation
Get All Events Retrieves events for all clicks and all messages related to known threats within the specified time period. get_events
Investigation
Get Events for All Issues Retrieves events for all clicks to malicious URLs and all messages delivered that contained a known threat within the specified time period. get_events
Investigation
Get Campaign Details Retrieves details of a campaign based on the Campaign ID that you have specified.  
Get Forensic Details Retrieves forensic details of a campaign based on the threat or campaign hat you have specified.  

 

 

Included playbooks

The Sample - Proofpoint TAP - 1.0.1 playbook collection comes bundled with the Proofpoint TAP connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Proofpoint TAP connector.

 

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Proofpoint Targeted Attack Protection (TAP) stays ahead of today's attackers with an innovative approach that detects, analyzes, and blocks advanced threats before they reach your inbox.

This document provides information about the Proofpoint TAP connector, which facilitates automated interactions with a Proofpoint TAP server using FortiSOAR™ playbooks. Add the Proofpoint TAP connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving events for clicks to malicious URLs blocked in the specified time period and retrieving details of a campaign based on the specified campaign ID.

 

Version information

Connector Version: 1.0.1

Authored By: Fortinet

Certified: No

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-proofpoint-tap

For the detailed procedure to install a connector, click here.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get Blocked Malicious URL Events Retrieves events for clicks to malicious URLs that were blocked within the specified time period. get_events
Investigation
Get Permitted Malicious URL Events Retrieves events for clicks to malicious URLs that were permitted within the specified time period. get_events
Investigation
Get Blocked Threat Message Events Retrieves events for messages that contained a known threat, and were blocked within the specified time period. get_events
Investigation
Get Delivered Threat Message Events Retrieves events for messages that contained a known threat, and were delivered within the specified time period. get_events
Investigation
Get All Events Retrieves events for all clicks and all messages related to known threats within the specified time period. get_events
Investigation
Get Events for All Issues Retrieves events for all clicks to malicious URLs and all messages delivered that contained a known threat within the specified time period. get_events
Investigation
Get Campaign Details Retrieves details of a campaign based on the Campaign ID that you have specified.  
Get Forensic Details Retrieves forensic details of a campaign based on the threat or campaign hat you have specified.  

 

 

Included playbooks

The Sample - Proofpoint TAP - 1.0.1 playbook collection comes bundled with the Proofpoint TAP connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Proofpoint TAP connector.

 

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.