ProofpointThreatResponseEventCollector

Use the Proofpoint Threat Response integration to orchestrate and automate incident response.

Analytics & SIEM · Proofpoint Threat Response

Configuration parameters

  • url — Server URL (e.g., https://192.168.0.1) (required)
  • credentials — (required)
  • first_fetch — First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
  • fetch_limit — Fetch limit - maximum number of incidents per fetch
  • fetch_delta — Fetch delta - The delta time in each batch. e.g., 1 hour, 3 minutes.
  • event_sources — Fetch incidents with specific event sources. Can be a list of comma-separated values.
  • abuse_disposition — Fetch incidents with specific 'Abuse Disposition' values. Can be a list of comma-separated values.
  • states — Fetch incident with specific states.
  • post_url_id — POST URL of the JSON alert source.
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (1)

  • proofpoint-trap-get-events

    Retrieves all incident metadata from Threat Response by specifying filter criteria such as the state of the incident or time of closure.