Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for ProofPoint Meta

ProofPoint Meta
ProofPoint Meta icon

Out-of-the-Box Security For ProofPoint Meta Includes:

Alerts - 5

Stay on top of ProofPoint Meta key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Proofpoint Meta - More than 3 failed login attempts

This rule monitors unsuccessful login attempts and triggers alert on more than 3 failed login attempts under 5 minutes. Impact Many failed login attempt in a short time frame might indicate a brute force attack against the relevant account. Mitigation Implement rate limit at the unsuccessful login attempts. MITRE Tactic: TA0006 MITRE Technique: T1110

Proofpoint Meta - Detected user login after 1 month

This rule monitors user login after one month of inactivity. This alert is triggered when a user logs in after 1 month of no logins. Impact An adversary may gain access with the archived credential of the dormant user. Mitigation Investigate the new login and validate the user and the action performed were authorized. MITRE Technique: T1098

Proofpoint Meta - More than usual 4XX error code received

This rule monitors if notify/create/delete action request results in returning 4XX error code. Impact Many forbidden attempt in a short time frame might indicate a brute force attack against the relevant account. Mitigation Investigate the unsuccessful notify/create/delete action request results in returning 4XX error code MITRE Tactic: TA0006 MITRE Technique: T1110

Proofpoint Meta - Delete action detected

This rule monitors delete action and triggers an alert on more than 10 delete action by the same user under 5 minutes as this could be an indicator of malicious activity. Impact More than 10 delete action by the same user as this could be an indicator of malicious activity. Mitigation Validate that the action was approved and investigate further and revert changes if not. MITRE Tactic: TA0040 MITRE Technique: T1531

Proofpoint Meta - No logs from Proofpoint Meta

This rule detects if there are no logs in the last 24 hours for Proofpoint Meta in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Documentation

Learn more about Coralogix's out-of-the-box integration with ProofPoint Meta in our documentation.

Read More
Schedule Demo