Overview

This article explains how to ingest your ProofPoint TAP and ProofPoint On Demand (PoD) logs to Hunters. Following the guide bellow will allow Hunters to collect your PoD logs and ingest them to our database in a predefined schema, and then use these logs in our dedicated hunting mechanism.

The PoD API enables ingesting of 2 data types, Message and MailLog, which contain all raw email data that is gathered by ProofPoint. For more details on the data and the schema, see here.

ProofPoint On Demand (PoD)

Prerequisites

In order to enable Hunters' collection and ingestion of PoD for your account, you will need to pass to Hunters the PoD Authentication keys in a JSON format, which includes the following keys:

{
  "clusterId": "<CLUSTER_ID>",
  "token": "<TOKEN>",
  "userId": "<USER_ID>"
}
CODE

The Authentication details are generated from the ProofPoint console. Please note that the PoD token is designed to be uniquely used, and will be used permanently by Hunters for ingestion; hence this token cannot be used in any other platform or in manual API requests by any personnel.

ProofPoint Targeted Attack Protection (TAP)

Overview

This article explains how to ingest your ProofPoint Targeted Attack Protection (TAP) logs to Hunters.

Following the guide below will allow Hunters to collect your TAP logs and ingest them to our database in a predefined schema, and then use these logs in the Hunters XDR platform.

The TAP API enables ingesting of 4 data types:

  • Messages Blocked

  • Messages Delivered

  • Clicks Permitted

  • Clicks Blocked

All of which contain all raw email threat data that is gathered by ProofPoint.

Creating Credentials

In order to enable Hunters' collection & ingestion of TAP for your account, you will need to pass to Hunters the TAP Principle and Secret.

In order to generate the API credentials, follow the below steps:

  1. Log onto https://threatinsight.proofpoint.com

  2. Click on the Settings icon > Connected Applications

  3. Click Create New Credentials

  4. Choose a name and then click Generate

  5. Note the Principal and Secret.

Make sure that these are saved, as they are not available after the window is closed.

After generated, share the credentials with your Hunters Sales Engineer and Hunters Support Specialist.