Proofpoint Log Reference
Log Samples
Space-separated Key-Value Pair Format
<13>Jan 29 10:20:45 Proofpoint <141>2018-01-29T04:20:45.636105-05:00 m0000409 filter_instance1[25629]: rprt s=2ft08x8gs2 mod=session cmd=disconnect module= rule= action= helo=abc14.xxx.group msgs=5 rcpts=5 routes=PRAbsolut,PRAbsolut365,PRAbsolutAD,PRWyborowaO365,ABC_IPSenders,Rpt_o365Emails,WyborowaMembersPolicyRoute,allow_relay,asia_disclaimer_exceptions,default_inbound,firewallsafe,outbound,xxx duration=2.089 elapsed=14.02JSON Format - Message Blocked Event
{
"queryEndTime": "2021-06-09T17:29:00Z+05:00",
"clicksPermitted": [],
"clicksBlocked": [],
"messagesDelivered": [],
"messagesBlocked": [{
"spamScore": 100,
"phishScore": 100,
"threatsInfoMap": [{
"threatID": "cbe157bc7404aebf7931f692a609cf093243037964ab32b31e63bb5609ae0aaf",
"threatStatus": "active",
"classification": "phish",
"threatUrl": "https://threat.com/25xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/threat/email/...",
"threatTime": "2021-06-09T13:30:18.000Z",
"threat": "https://bit.ly/3pD1DF7",
"campaignID": null,
"threatType": "url"
}],
"messageTime": "2021-06-09T17:11:11.000Z",
"impostorScore": 0.0,
"malwareScore": 0,
"cluster": "regent_hosted",
"subject": "=?ISO-8859-1?Q?John_Re=3ASalut=5F?=",
"quarantineFolder": "Phish",
"quarantineRule": "in_regent_phish",
"policyRoutes": ["default_inbound", "allow_relay", "Regent_Only", "pp_spoofsafe"],
"modulesRun": ["access", "av", "zerohour", "spf", "dkimv", "spam", "urldefense"],
"messageSize": 9475,
"headerFrom": "\"Paul\" <[email protected]>",
"fromAddress": ["[email protected]"],
"toAddresses": ["[email protected]", "[email protected]", "[email protected]"]
}]
}Proofpoint Targeted Attack Protection - Click Event
Last updated
Was this helpful?