Proofpoint TAP v2
Use the Proofpoint Targeted Attack Protection (TAP) integration to protect against and provide additional visibility into phishing and other malicious email attacks.
Email · Proofpoint TAP
Configuration parameters
url— Server URL (required)credentials— Service Principal (required)api_version— API Versioninsecure— Trust any certificate (not secure)proxy— Use system proxy settingsthreat_type— Threat typethreat_status— Threat statusevents_type— Events to fetchlimit— Maximum number of incident per fetchfetch_time— First fetch time rangeraw_json_encoding— Advanced: Raw message encodinglook_back_minutes— Events Fetch Look-Back (minutes)isFetch— Fetch incidentsincidentType— Incident type
Commands (12)
-
proofpoint-get-campaignGets details for a given campaign.
-
proofpoint-get-eventsFetches events for all clicks and messages relating to known threats within the specified time period. Details as per clicks/blocked.
-
proofpoint-get-events-clicks-blockedGets events for clicks to malicious URLs blocked in the specified time period. Must provide either the interval or time_range arguments.
-
proofpoint-get-events-clicks-permittedGet events for clicks to malicious URLs permitted in the specified time period. Must provide either the interval or time_range arguments.
-
proofpoint-get-events-messages-blockedGet events for blocked messages in the specified time period. Must provide either the interval or time_range arguments.
-
proofpoint-get-events-messages-deliveredGet events for delivered messages in the specified time period. Must provide either the interval or time_range arguments.
-
proofpoint-get-forensicsReturns forensics evidence.
-
proofpoint-get-top-clickersGets a list of the top clickers in the organization for a specified time period.
-
proofpoint-list-campaignsGets a list of IDs of campaigns active in a specified time period. Must provide either the interval or time_range arguments.
-
proofpoint-list-issuesGet events for clicks to malicious URLs permitted and messages delivered containing a known attachment threat within the specified time period. Must provide either the interval or time_range arguments.
-
proofpoint-list-most-attacked-usersGets a list of the most attacked users in the organization.
-
proofpoint-url-decodeDecodes URLs that have been rewritten by TAP to their original, target URL.