Proofpoint Targeted Attack Protection (TAP)

[jamiehynds]

Description

Proofpoint Targeted Attack Protection (TAP) helps detect, mitigate, and block advanced threats that target people through email. TAP detects both known and new attacks that use malicious attachments and URLs to install malware on a device or trick users to share their passwords or other sensitive information.

Architecture

Proofpoint SIEM API can be leveraged to pull events from TAP. Both URL Defense and Attachment Defense logs are covered by this API. Relevant documentation available here.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.

All changes

• [ ] Change follows the contributing guidelines
• [ ] Supported versions of the monitoring target are documented
• [ ] Supported operating systems are documented (if applicable)
• [ ] Integration or System tests exist
• [ ] Documentation exists
• [ ] Fields follow ECS and naming conventions
• [ ] At least a manual test with ES / Kibana / Agent has been performed.
• [ ] Required Kibana version set to:

New Package

• [ ] Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

• [ ] Dashboards exists
• [ ] Screenshots added or updated
• [ ] Datastream filters added to visualizations

Log dataset changes

• [ ] Pipeline tests exist (if applicable)
• [ ] Generated output for at least 1 log file exists
• [ ] Sample event (sample_event.json) exists

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)