SkyFormation Helpdesk: email@example.com.
Proofpoint Email Protection detects threats by processing email messages and protects against malware and cyber-attacks by offering multiple layers of security. It controls each aspect of inbound and outbound email to detect and block threats and prevent leakage of confidential information. For more information visit Proofpoint’s website.
The following table displays audit source API and security events supported by the connector.
Audit source API and security events supported by the connector
Audit Source: API
Service or Module Covered
ATP - SIEM
PoD (Proofpoint on Demand) - LogAPI
Before you configure the Proofpoint connector you must obtain the following Proofpoint account information:
- Service Principal and Service Principal Secret for the SIEM endpoint
- Cluster ID and Access Token for the LogAPI endpoint
To create an Access Token or LogAPI credentials, contact Proofpoint support. Ensure that you have the license for Remote Syslog.
To obtain Proofpoint service principal and service principal secret string:
- Log in to the ProofPoint portal by accessing https://threatinsight.proofpoint.com/.
- Click the Settings icon in the upper right corner, then click Connected Applications.
- Click Create New Credential.
- Specify a name and click Generate.
Note the Service Principal and Secret.
Use these values, represented by a string of letters and numbers, to configure the Proofpoint cloud connector.
Configuring the Proofpoint Cloud Connector
To configure the Proofpoint Connector to import data into SkyFormation Cloud Connector Platform:
- Log in to the SkyFormation Cloud Connector platform with your registered credentials.
- Navigate to Settings > Accounts > Add Account.
- Click Select Service to Add, then select Proofpoint from the list.
- In the Accounts section, enter the required information:
- Account Name – Specify a name for the cloud connector. For example, Corporate Proofpoint.
- Description – Describe the Proofpoint account (optional).
- Service Principal – Enter the value for the service principal that you obtained while completing prerequisites.
- Secret – Enter the value for the secret that you obtained while completing prerequisites.
- Cluster ID – Enter the value for the cluster ID that you obtained while completing prerequisites.
- Access Token – Enter the value for the access token that you obtained while completing prerequisites.
Note: Required fields are indicated with a red bar.
- Click Test Connection to confirm that SkyFormation Cloud Connector platform can communicate with Proofpoint.
- Click DONE.
The Proofpoint connector is now set up and connected to the SkyFormation Cloud Connector platform to collect data.
- To ensure that the connector is set up and ready to send and collect data, click Start to start the connector and check if the status shows OK.