Integration Details

ThreatQuotient provides the following details for this integration:

Introduction

This connector has been deprecated and replaced by the Proofpoint TAP CDF.

Proofpoint TAP is a service that analyzes, detects and helps mitigate attacks that target people via email. The analysis data for each email that has been flagged as malicious by TAP is available via their API. The API provides multiple endpoints, of which we use the following:

SIEM

The SIEM endpoint allows integration with these solutions by giving administrators the ability to periodically download detailed information about several types of TAP events in a SIEM-compatible, vendor-neutral format. Currently, the following event types are exposed:

• Blocked or permitted clicks to threats recognized by URL Defense
• Blocked or delivered messages that contain threats recognized by URL Defense or Attachment Defense

Campaign

The Campaign endpoint allows administrators to pull specific details about campaigns, including:

• Their description
• The actor, malware family, and techniques associated with the campaign
• The threat variants which have been associated with the campaign

Forensics

The Forensics endpoint allows administrators to pull detailed forensic evidences about individual threats or campaigns observed in their environment. These evidences could be used as indicators of compromise to confirm infection on a host, as supplementary data to enrich and correlate against other security intelligence sources, or to orchestrate updates to security endpoints to prevent exposure and infection.