Proofpoint
Overview
Coralogix integration for Proofpoint TAP SIEM logs.
For more information about this integration, click here.
How to use with Terraform
To deploy this integration using Terraform, you can use the coralogix_integration resource provided by the Coralogix Terraform provider. Below is an example configuration:
resource "coralogix_integration" "proofpoint-collector" {
integration_key = "proofpoint-collector"
version = "0.1.0"
parameters = {
IntegrationName = "Proofpoint"
ApplicationName = "<ApplicationName>"
SubsystemName = "Proofpoint"
Principal = "<Principal>"
Secret = "<Secret>"
EventType = ["All"]
ThreatStatus = ["Active", "Cleared", "FalsePositive"]
}
}
Replace the placeholder values with your actual configuration parameters. Refer to the parameter table below for required fields and their descriptions.
Revisions
Initial release
Proofpoint TAP SIEM API integration with multi-event-type selection.
| Name | Type | Required | Description |
|---|---|---|---|
| IntegrationName | String | Yes | Name of the integration. Defaults to Proofpoint. |
| ApplicationName | String | Yes | The application name that the integration will be used with. |
| SubsystemName | String | Yes | The subsystem name that the integration will be used with. Defaults to Proofpoint. |
| Principal | String | Yes | Proofpoint TAP Service Principal (an identifier — not the secret). |
| Secret | String | Yes | Proofpoint TAP Service Secret. Mint this in the Proofpoint Threat Insight Dashboard alongside the Service Principal. |
| EventType | List | Yes | Which Proofpoint TAP events to ingest. Valid values: All, Issues, MessagesDelivered, MessagesBlocked, ClicksPermitted, ClicksBlocked. All cannot be combined with anything else; Issues cannot be combined with MessagesDelivered or ClicksPermitted. |
| ThreatStatus | List | Yes | Which Proofpoint threat statuses to include in fetched events. Valid values: Active, Cleared, FalsePositive. |
Last updated on