Proofpoint
Proofpoint
Dropzone AI integrates with Proofpoint, an email-based security solution that analyzes and classifies emails to blocks ransomware and other email-based threats. Dropzone AI can ingest alerts from Proofpoint TAP (Targeted Attack Protection) and Proofpoint TRAP (Threat Response Auto-Pull).
Proofpoint TAP
Proofpoint TAP requires TAP service credentials to enable.
To obtain your TAP service credentials, do the following:
As an administrative user, sign into your TAP Dashboard
Navigate to Settings > Connected Applications
Click "Create New Credentials"
Name the credentials something memorable, such as Dropzone AI, and click "Generate"
Copy the Service Principal and Secret shown for use later in the Dropzone UI where they are called "TAP Service Principal" and "TAP Secret" respectively
Click "Done"
Proofpoint TRAP
Proofpoint TRAP requires Threat Protection credentials to enable.
To obtain your Threat Protection credentials, do the following:
As an administrative user, log into your Proofpoint Threat Protection console
Navigate to System Settings > Customization > API Keys
Next to "API Keys," click the (+) icon
Name the key something memorable, such as "Dropzone AI"
Check "Enabled," then click “Save”
Copy the API and API secret shown for use later in the Dropzone UI where they are called "Threat Protection API Key" and "Threat Protection API Secret," respectively
Enable Proofpoint
To enable the Alert Source integration, you will need the following information:
TAP Service Principle & Secret
The Service Principle and Secret values generated earlier
TAP API URL
Your base TAP API host URL, e.g. https://tap-api-v2.proofpoint.com
Threat Protection API Key & Secret
The API Key and Secret values generated earlier
Threat Protection API URL
Your base TRAP API host URL, e.g. https://threatprotection-api.proofpoint.com
To enable the Alert Source integration, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app
In the bottom left hand corner, click Settings > Integrations
Click "Available"
In the Search bar, search Proofpoint, then click "Configure"
To enable Dropzone to ingest TAP Alerts, check the box labeled "Ingest TAP Alerts"
Input the TAP Service Principle, Secret, and API URL
In the TAP Ingestion Settings section, select the types of alert events you want Dropzone to ingest
If you want Dropzone to be able to investigate the emails associated with TAP alerts, check the box labeled "Investigate Phishing Emails"
This feature requires the Microsoft 365/Defender integration to be enabled.
If you want to Dropzone to be able to investigate threats associated with Proofpoint alerts, check the box labeled "Investigate Threats"
To enable Dropzone to ingest TRAP Incidents, check the box labeled "Ingest TRAP Incidents"
Input the Threat Protection API Key, Secret, and URL
To exclude closed incidents from Dropzone's analysis, check the box labeled "Skip Closed Incidents"
To analyze email messages under quarantine, check the box labeled "Analyze clicked messages in MS Quarantine"
This feature requires the Microsoft 365/Defender integration to be enabled.
Input your desired log ingestion delay, poll interval and poll lookback
If you wish to further filter alerts using the Python CEL package, check the box labeled "Use advanced filtering"
Input your CEL expression, then select whether to include or exclude alerts matching that filter. Add each filter individually using the "Add Item" button
Contact your Dropzone AI support representative for more information about this feature
Click "Test & Save" to finish
If you have any errors or questions, engage your Dropzone AI support representative.
Last updated
Was this helpful?