# Proofpoint ## Proofpoint Dropzone AI integrates with [Proofpoint](https://www.proofpoint.com/us), an email-based security solution that analyzes and classifies emails to blocks ransomware and other email-based threats. Dropzone AI can ingest alerts from [Proofpoint TAP](https://www.proofpoint.com/us/resources/data-sheets/targeted-attack-protection) (Targeted Attack Protection) and [Proofpoint TRAP](https://www.proofpoint.com/uk/products/email-protection/threat-response-auto-pull) (Threat Response Auto-Pull). ## Proofpoint TAP Proofpoint TAP requires TAP service credentials to enable. To obtain your TAP service credentials, do the following: * As an administrative user, sign into your [TAP Dashboard](https://threatinsight.proofpoint.com/) * Navigate to Settings > Connected Applications

* Click "Create New Credentials"

* Name the credentials something memorable, such as Dropzone AI, and click "Generate"

* Copy the Service Principal and Secret shown for use later in the Dropzone UI where they are called "TAP Service Principal" and "TAP Secret" respectively

* Click "Done" ## Proofpoint TRAP Proofpoint TRAP requires Threat Protection credentials to enable. To obtain your Threat Protection credentials, do the following: * As an administrative user, log into your [Proofpoint Threat Protection console](https://threatprotection.proofpoint.com/) * Navigate to System Settings > Customization > API Keys * Next to "API Keys," click the (+) icon * Name the key something memorable, such as "Dropzone AI" * Check "Enabled," then click “Save” * Copy the API and API secret shown for use later in the Dropzone UI where they are called "Threat Protection API Key" and "Threat Protection API Secret," respectively ### Enable Proofpoint To enable the Alert Source integration, you will need the following information: | Dropzone Field | Source | | ---------------------------------- | ------------------------------------------------------------------------------- | | TAP Service Principle & Secret | The Service Principle and Secret values generated earlier | | TAP API URL | Your base TAP API host URL, e.g. | | Threat Protection API Key & Secret | The API Key and Secret values generated earlier | | Threat Protection API URL | Your base TRAP API host URL, e.g. | To enable the Alert Source integration, do the following: * Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app * In the bottom left hand corner, click Settings > Integrations

* Click "Available"

* In the Search bar, search Proofpoint, then click "Configure"

* To enable Dropzone to ingest TAP Alerts, check the box labeled "Ingest TAP Alerts" * Input the TAP Service Principle, Secret, and API URL

The Proofpoint Alert Configuration (pt 1)

* In the TAP Ingestion Settings section, select the types of [alert events](https://help.proofpoint.com/Threat_Insight_Dashboard/API_Documentation/SIEM_API) you want Dropzone to ingest * If you want Dropzone to be able to investigate the emails associated with TAP alerts, check the box labeled "Investigate Phishing Emails" {% hint style="info" %} This feature requires the [Microsoft 365/Defender integration](https://docs.dropzone.ai/integrations/alert/ms_alert/ms365_alert) to be enabled. {% endhint %} * If you want to Dropzone to be able to investigate threats associated with Proofpoint alerts, check the box labeled "Investigate Threats"

The Proofpoint Alert Configuration (pt 2)

* To enable Dropzone to ingest TRAP Incidents, check the box labeled "Ingest TRAP Incidents" * Input the Threat Protection API Key, Secret, and URL

The Proofpoint Alert Configuration (pt 3)

* To exclude closed incidents from Dropzone's analysis, check the box labeled "Skip Closed Incidents" * To analyze email messages under quarantine, check the box labeled "Analyze clicked messages in MS Quarantine" {% hint style="info" %} This feature requires the [Microsoft 365/Defender integration](https://docs.dropzone.ai/integrations/alert/ms_alert/ms365_alert) to be enabled. {% endhint %}

The Proofpoint Alert Configuration (pt 4)

* Input your desired log ingestion delay, poll interval and poll lookback

The Proofpoint Alert Configuration (pt 5)

* Click "Test & Save" to finish If you have any errors or questions, engage your Dropzone AI support representative. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.dropzone.ai/integrations/alert/proofpoint_alert.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.