Quick Start Security for ProofPoint Meta
Thank you!
We got your information.
Coralogix Extension For ProofPoint Meta Includes:
Alerts - 4
Stay on top of ProofPoint Meta key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
Proofpoint Meta - More than 3 failed login attempts
This rule monitors unsuccessful login attempts and triggers alert on more than 3 failed login attempts under 5 minutes. Impact Many failed login attempt in a short time frame might indicate a brute force attack against the relevant account. Mitigation Implement rate limit at the unsuccessful login attempts. MITRE Tactic: TA0006 MITRE Technique: T1110
Proofpoint Meta - Detected user login after 1 month
This rule monitors user login after one month of inactivity. This alert is triggered when a user logs in after 1 month of no logins. Impact An adversary may gain access with the archived credential of the dormant user. Mitigation Investigate the new login and validate the user and the action performed were authorized. MITRE Technique: T1098
Proofpoint Meta - More than usual 4XX error code received
This rule monitors if notify/create/delete action request results in returning 4XX error code. Impact Many forbidden attempt in a short time frame might indicate a brute force attack against the relevant account. Mitigation Investigate the unsuccessful notify/create/delete action request results in returning 4XX error code MITRE Tactic: TA0006 MITRE Technique: T1110
Proofpoint Meta - Delete action detected
This rule monitors delete action and triggers an alert on more than 10 delete action by the same user under 5 minutes as this could be an indicator of malicious activity. Impact More than 10 delete action by the same user as this could be an indicator of malicious activity. Mitigation Validate that the action was approved and investigate further and revert changes if not. MITRE Tactic: TA0040 MITRE Technique: T1531
Integration
Learn more about Coralogix's out-of-the-box integration with ProofPoint Meta in our documentation.