Skip to content

Interpres Application - Proofpoint Targeted Attack Protection

  • Type: Email
  • Vendor: Proofpoint

This app integrates with Proofpoint to get Detections and Alerts.

Vendor setup

  1. Generate a Service Principal and a secret

App Configuration

App Parameters:

  • Base URL: The URL To the source instance ('https://:').
  • Username: Service Principal.
  • Password: Secret.
  • Proxy: A valid proxy server and port. This should of the form 'http[s]://:'.
  • Verify Server Cert: If enabled Interpres will verify the SSL certificate of the Proofpoint server.

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • Get Detections: Adds the following detections:
"clicksPermitted": {
        "name": "Email - Malicious URL Permitted",
        "description": "Clicks to malicious URLs that were permitted",
        "level": "High"
},
"clicksBlocked": {
    "name": "Email - Malicious URL Blocked",
    "description": "Clicks to malicious URLs that were blocked by Proofpoint",
    "level": "Low"
},
"messagesDelivered": {
    "name": "Email - Malicious Message Permitted",
    "description": "Messages that contained a known threat that were not blocked",
    "level": "High"
},
"messagesBlocked": {
    "name": "Email - Malicious Message Blocked",
    "description": "Messages that contained a known threat that were blocked by Proofpoint",
    "level": "Low"
}
  • Get Alerts: Gets Alerts - Events for all clicks and messages relating to known threats