Back Arrow Back to All Integrations

Proofpoint Advanced Threat Protection

Proofpoint Advanced Threat Protection
Integration Details

Blumira’s cloud SIEM platform integrates with Proofpoint Advanced Threat Detection to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected on an endpoint.

When configured, the Blumira integration with Proofpoint Advanced Threat Detection will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.

Configuration Instructions

Proofpoint Log Collection Configuration

Proofpoint TAP logs into security solutions like Blumira. To configure Blumira to ingest your Proofpoint TAP logs, follow these steps.

Preparing Proofpoint:

Proofpoint provides an API to access TAP logs. The documentation can be found here [1]. You will need to follow the directions on that page (under “Security”) to obtain service credentials to access the API. Those credentials will be needed in the below steps.

Configuring Blumira

Next, you’ll need to enable your Blumira sensor to connect to Proofpoint, using the API credentials you obtained.

Here’s how to add the Proofpoint module:

  1. Once you have chosen or installed a sensor you’d like to add Proofpoint log collection to, access that sensor’s detail page through the sensor UI (Infrastructure > Sensors).
  2. In the “Modules” section for your sensor, click on the “Add Module” button. In the “Module” drop-down, find the “Proofpoint Module”, and select the latest available version.
  3. Fill in the new module form, shown here:

ProofPoint Module

For the API Service Principal and API Secret fields, enter the API service credentials you received from Proofpoint via the earlier steps. For Log Source Name, you may optionally enter a string to identify this Proofpoint log configuration.

  1. Within minutes, the module will be operational and will ingest Proofpoint logs from the last 12 hours into the Blumira platform. It will then poll Proofpoint every 1 minute for the latest available logs and pass those to Blumira.

[1] https://help.proofpoint.com/Threat_Insight_Dashboard/API_Documentation/SIEM_API#Overview