PROOFPOINT

Instructions for forwarding Proofpoint logs to your Log Management device

PREREQUISITES

Proofpoint
  • Proofpoint Enterprise Protection 8.0 or Proofpoint on Demand (PoD)
  • Administrator Credentials to access the Proofpoint solution
Clone Systems Log Management Device
  • The IP Address for the Clone Systems Log Management device
Instructions

1. Navigate a browser to the Proofpoint solution.

https://threatinsight.proofpoint.com/auth/new

2. On the Sign in screen of your Proofpoint Portal login with your Administrator account.

Email Address: Your Admin Account Email Address

Click Continue.

Password: Your Admin password

Click Sign In

3. On the TAP Dashboard click the Settings button.

Locate the left side menu on the AP Dashboard.

Click the Settings icon button.

4. On the Settings screen click on the Connected Applications tab.

Locate the tabs at the top of the Settings page.

Click the Connected Applications tab.

5. On the Connected Applications tab click the Create New Credentials link.

Click the Create New Credentials link in the bottom left corner of the Connected Applications tab.

6. Create the credentials that will be sued to access the API.

Note: Record the Principle and Secret.

Enter the information to create the API Credentials.

7. Please provide the following values to Clone Systems to complete the configuration for forwarding Proofpoint logs to your Log Management device:

  • The Principle
  • The Secret

Note: The URL used to access your Proofpoint API is:

https://tap-api-v2.proofpoint.com/v2/siem/all