Blumira’s cloud SIEM platform integrates with Proofpoint Advanced Threat Detection to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected on an endpoint.
When configured, the Blumira integration with Proofpoint Advanced Threat Detection will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.
Proofpoint TAP logs into security solutions like Blumira. To configure Blumira to ingest your Proofpoint TAP logs, follow these steps.
Proofpoint provides an API to access TAP logs. The documentation can be found here . You will need to follow the directions on that page (under “Security”) to obtain service credentials to access the API. Those credentials will be needed in the below steps.
Next, you’ll need to enable your Blumira sensor to connect to Proofpoint, using the API credentials you obtained.
Here’s how to add the Proofpoint module:
For the API Service Principal and API Secret fields, enter the API service credentials you received from Proofpoint via the earlier steps. For Log Source Name, you may optionally enter a string to identify this Proofpoint log configuration.