Ingest Logs from Proofpoint Targeted Attack Protection
Ingest logs from Proofpoint Targeted Attack Protection
Ingesting Logs from Proofpoint Targeted
Attack Protection requires a Cortex XDR Pro per TB license.
receive logs from Proofpoint Targeted Attack Protection (TAP), you
must first configure TAP service credentials in the TAP dashboard,
and then the Collection Integrations settings in Cortex XDR based
on your Proofpoint TAP configuration. After you set up data collection,
Cortex XDR begins receiving new logs and data from the source.
Cortex XDR begins receiving logs, the app creates a new dataset
) that you can use to
initiate XQL Search queries. For
example queries, refer to the in-app XQL Library.
the Proofpoint TAP collection in Cortex XDR.
Generate TAP Service Credentials
in Proofpoint TAP.
TAP service credentials can be generated in the TAP Dashboard,
where you will receive a Proofpoint Service Principal for authentication
and Proofpoint API Secret for authentication. Record these credentials
as you will need to provide them when configuring the