ProofpointThreatResponseEventCollector
Use the Proofpoint Threat Response integration to orchestrate and automate incident response.
Analytics & SIEM · Proofpoint Threat Response
Configuration parameters
url— Server URL (e.g., https://192.168.0.1) (required)credentials— (required)first_fetch— First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)fetch_limit— Fetch limit - maximum number of incidents per fetchfetch_delta— Fetch delta - The delta time in each batch. e.g., 1 hour, 3 minutes.event_sources— Fetch incidents with specific event sources. Can be a list of comma-separated values.abuse_disposition— Fetch incidents with specific 'Abuse Disposition' values. Can be a list of comma-separated values.states— Fetch incident with specific states.post_url_id— POST URL of the JSON alert source.insecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (1)
-
proofpoint-trap-get-eventsRetrieves all incident metadata from Threat Response by specifying filter criteria such as the state of the incident or time of closure.