If you're having trouble at any stage please contact us at email@example.com.
More than 90% of targeted attacks start with email, and these security threats are always evolving. Proofpoint Email Protection provides multiple layers of security to stop malware and non-malware threats, such as email fraud. It can control all aspects of inbound and outbound email to detect and block threats, and prevent confidential information from getting into the wrong hands.
The main challenges and needs are to:
- Get all alerts and events from Proofpoint cloud
- The granular alerts and events should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.
- Detect security threats and policy violations
What is it
SkyFormation for Proofpoint ATP Cloud Connector, is part of the SkyFormation Collect (c) module.
It continuously retrieves events and alerts from the different sources in the Proofpoint cloud account, unifies the events into a common application events format, enriches the events with needed detection context and send the events to any existing SIEM/SOC system.
How it works
SkyFormation for Proofpoint ATP Cloud Connector retrieves the events from the Proofpoint service through its APIs. Before sending the events to the existing SIEM/SOC system the connector will
- Unify the events into the SkyFormation unified application events format
- Embed the origin event into the SkyFormation event as a blob
- Parse the origin event into a set of dedicated key-value fields
- Enrich the event with detection context (e.g. AD identity information)
- Encode the resulted event into the target SIEM/SOC system standard format (e.g. CEF)
- Send the event to the existing SIEM/SOC system over syslog
Connector's API/Audit Sources & Events Supported
|Audit Source (API)||Service/Module Covered||Event Included|
|SIEM||Messages Delivered, Messages Blocked, Clicks Permitted, Clicks Blocked||All|
How to on-board Proofpoint ATP Connector to SkyFormation app