Proofpoint TAP

Integration version: 8.0

Configure Proofpoint TAP integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name Type Default Value Is Mandatory Description
API Root String https://tap-api-v2.proofpoint.com Yes API root of the Proofpoint Targeted Attack Protection (TAP) instance.
Username String N/A Yes

Username of the Proofpoint TAP instance.

Password Password N/A Yes

API Key of the Proofpoint TAP instance.

Verify SSL Checkbox Checked No If enabled, verify that the SSL certificate for the connection to the Proofpoint TAP server is valid.

Actions

Decode URL

Description

Decode Proofpoint's encoded URLs.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the URL entity.

Action Results

Entity Enrichment
Enrichment Field Name Logic - When to apply
encodedUrl The URL will be marked as encoded, if the encoding process from decoded URL is successful.
decodedUrl The URL will be marked as decoded, if the decoding process from encoded URL is successful.
Insights

N/A

Script Result
Script Result Name Value Options Example
decoded_urls N/A N/A
JSON Result
N/A

Get Campaign

Description

Get campaign information by the campaign ID.

Parameters

Parameter Type Default Value Description
Campaign ID String N/A The ID of the campaign to get info about.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
campaign_info N/A N/A
JSON Result
N/A

Ping

Description

Test ProofPoint TAP connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A