Proofpoint TAP v2

Use the Proofpoint Targeted Attack Protection (TAP) integration to protect against and provide additional visibility into phishing and other malicious email attacks.

Email · Proofpoint TAP

Configuration parameters

  • url — Server URL (required)
  • credentials — Service Principal (required)
  • api_version — API Version
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • threat_type — Threat type
  • threat_status — Threat status
  • events_type — Events to fetch
  • limit — Maximum number of incident per fetch
  • fetch_time — First fetch time range
  • raw_json_encoding — Advanced: Raw message encoding
  • look_back_minutes — Events Fetch Look-Back (minutes)
  • isFetch — Fetch incidents
  • incidentType — Incident type

Commands (12)

  • proofpoint-get-campaign

    Gets details for a given campaign.

  • proofpoint-get-events

    Fetches events for all clicks and messages relating to known threats within the specified time period. Details as per clicks/blocked.

  • proofpoint-get-events-clicks-blocked

    Gets events for clicks to malicious URLs blocked in the specified time period. Must provide either the interval or time_range arguments.

  • proofpoint-get-events-clicks-permitted

    Get events for clicks to malicious URLs permitted in the specified time period. Must provide either the interval or time_range arguments.

  • proofpoint-get-events-messages-blocked

    Get events for blocked messages in the specified time period. Must provide either the interval or time_range arguments.

  • proofpoint-get-events-messages-delivered

    Get events for delivered messages in the specified time period. Must provide either the interval or time_range arguments.

  • proofpoint-get-forensics

    Returns forensics evidence.

  • proofpoint-get-top-clickers

    Gets a list of the top clickers in the organization for a specified time period.

  • proofpoint-list-campaigns

    Gets a list of IDs of campaigns active in a specified time period. Must provide either the interval or time_range arguments.

  • proofpoint-list-issues

    Get events for clicks to malicious URLs permitted and messages delivered containing a known attachment threat within the specified time period. Must provide either the interval or time_range arguments.

  • proofpoint-list-most-attacked-users

    Gets a list of the most attacked users in the organization.

  • proofpoint-url-decode

    Decodes URLs that have been rewritten by TAP to their original, target URL.