Skip to main content

Proofpoint

Overview

Coralogix integration for Proofpoint TAP SIEM logs.

For more information about this integration, click here.

How to use with Terraform

To deploy this integration using Terraform, you can use the coralogix_integration resource provided by the Coralogix Terraform provider. Below is an example configuration:

resource "coralogix_integration" "proofpoint-collector" {
integration_key = "proofpoint-collector"
version = "0.1.0"

parameters = {
IntegrationName = "Proofpoint"
ApplicationName = "<ApplicationName>"
SubsystemName = "Proofpoint"
Principal = "<Principal>"
Secret = "<Secret>"
EventType = ["All"]
ThreatStatus = ["Active", "Cleared", "FalsePositive"]
}
}

Replace the placeholder values with your actual configuration parameters. Refer to the parameter table below for required fields and their descriptions.

Revisions

Initial release

Proofpoint TAP SIEM API integration with multi-event-type selection.

NameTypeRequiredDescription
IntegrationNameStringYesName of the integration. Defaults to Proofpoint.
ApplicationNameStringYesThe application name that the integration will be used with.
SubsystemNameStringYesThe subsystem name that the integration will be used with. Defaults to Proofpoint.
PrincipalStringYesProofpoint TAP Service Principal (an identifier — not the secret).
SecretStringYesProofpoint TAP Service Secret. Mint this in the Proofpoint Threat Insight Dashboard alongside the Service Principal.
EventTypeListYesWhich Proofpoint TAP events to ingest. Valid values: All, Issues, MessagesDelivered, MessagesBlocked, ClicksPermitted, ClicksBlocked. All cannot be combined with anything else; Issues cannot be combined with MessagesDelivered or ClicksPermitted.
ThreatStatusListYesWhich Proofpoint threat statuses to include in fetched events. Valid values: Active, Cleared, FalsePositive.
Last updated on
Was this page helpful?