circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Overview

Proofpoint ingests and normalizes logs from Proofpoint's Email Protection Product Suite in Logpoint. Once ingested, you can explore and analyze the data using Logpoint's search capabilities and available analytics for this integration, including search templates and dashboards. This gives you clear visibility into email security threats, targeted attack protection (TAP), malicious URLs, phishing attempts, and clickjacking attacks, enabling faster detection, compliance, and response.

The integration includes:

  • Syslog Collector to retrieve raw logs from Proofpoint services and ingest them into Logpoint for processing.

  • Syslog Parser to extract key fields from raw Proofpoint logs.

  • ProofpointCompiledNormalizer and ProofpointTAPCompiledNormalizer to convert the parsed logs into a standardized format for consistent analysis across Logpoint.

  • Dashboard packages (LP_Proofpoint Targeted Attack Protection - Message Event, LP_Proofpoint Targeted Attack Protection - Click Event, LP_Proofpoint Targeted Attack Protection - Overview), which provide a graphical and interactive overview of Proofpoint TAP activities, highlighting patterns including malicious email delivery, blocked threats, URL rewriting, click events, and attack distribution by geography. It allows you to quickly spot unusual behavior, monitor compliance, and track operational changes over time.

  • Search template (LP_Proofpoint Targeted Attack Protection) that provides pre-built queries for common Proofpoint TAP monitoring and investigation use cases.

Proofpoint TAP monitors the email flow for malicious URLs and objects. When TAP detects malicious content, Logpoint triggers an incident based on a TAP alert to Threat Response for further investigation.

hashtag
Supported Events

  • Proofpoint versions:

    • Email Protection Product Suite

    • Proofpoint Targeted Attack Protection (TAP)

  • Proofpoint log types:

    • Message Events: Email delivery status, blocked emails, delivered emails, URL rewriting, threat detection, spam scoring, phishing detection, malware detection

    • Click Events: URL clicks on malicious links, permitted clicks, blocked clicks, clickjacking attempts, threat isolation

    • Threat Information: Threat types, threat status, threat categories, campaign IDs, threat scores (spam, phish, impostor, malware)

    • Session Events: Connection management, message routing, policy routes, module execution

    • Attack Attribution: Source country tracking, destination country analysis, sender/recipient identification

Last updated

Was this helpful?