Skip to content

ProofPoint On Demand


This article explains how to ingest your ProofPoint On Demand (PoD) logs to Hunters. Following the guide bellow will allow Hunters to collect your PoD logs and ingest them to our database in a predefined schema, and then use these logs in our dedicated hunting mechanism.

The PoD API enables ingesting of 2 data types, Message and MailLog, which contain all raw email data that is gathered by ProofPoint. For more details on the data and the schema, see here.

Sending data to Hunters


In order to enable Hunters' collection & ingestion of PoD for your account, you will need to pass to Hunters the PoD Authentication keys in a JSON format, which includes the following keys:

  "clusterId": "<CLUSTER_ID>",
  "token": "<TOKEN>",
  "userId": "<USER_ID>"

The Authentication details are generated from the ProofPoint console. Please note that the PoD token is designed to be uniquely used, and will be used permanently by Hunters for ingestion; hence this token can't be used in any other platform or in manual API requests by any personnel.