Proofpoint Protection Server (Deprecated)

This Integration is part of the Proofpoint Protection Server Pack.#

Deprecated

Use Proofpoint Protection Server V2 instead.

Overview#

Use the Proofpoint Protection Server integration to manage your email security appliances.

This integration was integrated and tested with version 8.11.12 of Proofpoint Protection Server.

Users must be assigned to the podadmin role to use this integration.

This integration does not support SAML protocol for authentication.

Use Cases#

Manage senders list.
Run operations on emails, such as release and download.
Manage quarantined messages and folder.

Configure Proofpoint Protection Server on Cortex XSOAR#

Navigate to Settings > Integrations > Servers & Services.
Search for Proofpoint Protection Server.
Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Server URL (e.g., https://192.168.0.1:10000)
- Username
- Password
- Proofpoint Protection Server Version (e.g., 8.14.2)
- Trust any certificate (not secure)
- Use system proxy settings
Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

proofpoint-download-email
proofpoint-quarantine-messages
proofpoint-smart-search
proofpoint-quarantine-folders
proofpoint-release-email
proofpoint-add-to-blocked-senders-list
proofpoint-add-to-safe-senders-list
proofpoint-remove-from-blocked-senders-list
proofpoint-remove-from-safe-senders-list

1. proofpoint-download-email#

Download email message by ID.

Base Command#

proofpoint-download-email

Input#

Argument Name	Description	Required
message_id	The GUID of the email message to download.	Required

Context Output#

There is no context output for this command.

Command Example#

!proofpoint-download-email message_id=37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com

2. proofpoint-quarantine-messages#

Retrieves quarantined email messages.

Base Command#

proofpoint-quarantine-messages

Input#

Argument Name	Description	Required
folder	Folder name to quarantine.	Optional
sender	Messages from sender to quarantine.	Optional
subject	Messages subject to quarantine.	Optional
recipient	Messages to recipient to quarantine.	Optional

Context Output#

Path	Type	Description
Proofpoint.Quarantine.Message.ID	String	Message ID
Proofpoint.Quarantine.Message.Date	Date	Message date
Proofpoint.Quarantine.Message.Recipient	String	Message recipient
Proofpoint.Quarantine.Message.Sender	String	Message sender
Proofpoint.Quarantine.Message.Subject	String	Message subject
Proofpoint.Quarantine.Message.Folder	String	Message folder

Command Example#

!proofpoint-quarantine-messages recipient=user1@demisto.com

Context Example#

{
    "Proofpoint.Quarantine.Message": {
        "ID": "37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com",
        "Date": "2020-01-25 11:30:00",
        "Recipient": "user1@demisto.com",
        "Sender": "bwillis@email.com",
        "Subject": "[External] Welcome !"
        "Folder": "Inbox
    }
}

Human Readable Output#

Proofpoint Protection Server Quarantine Search Messages Results#

ID	Date	Recipient	Sender	Subject	Folder
37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com	2020-01-25 11:30:00	user1@demisto.com	bwillis@email.com	External Welcome !	Inbox

3. proofpoint-smart-search#

Searches for emails.

Base Command#

proofpoint-smart-search

Input#

Argument Name	Description	Required
process	Max results	Optional
sender	Email sender.	Optional
subject	Email subject.	Optional
recipient	Email recipient.	Optional
sender_hostname	Sender hostname/IP address	Optional
attachment	Attachment name	Optional
qid	QID	Optional
time	Time period in which the email was recieved.	Optional
message_id	Email message ID.	Optional
virus_name	Virus name.	Optional
sid	SID	Optional
guid	GUID	Optional

Context Output#

Path	Type	Description
Proofpoint.SmartSearch.SMIMERecipients	String	Search results SMIME recipients
Proofpoint.SmartSearch.FID	String	Search results FID
Proofpoint.SmartSearch.MessageID	String	Search results email message ID
Proofpoint.SmartSearch.Suborg	String	Search results sub organization
Proofpoint.SmartSearch.Agent	String	Search results email agent
Proofpoint.SmartSearch.AttachmentNames	String	Search results email attachment names
Proofpoint.SmartSearch.MoudleID	String	Search results module ID
Proofpoint.SmartSearch.MessageSize	String	Search results email message size
Proofpoint.SmartSearch.SpamScore	String	Search results email spam score
Proofpoint.SmartSearch.GUID	String	Search results GUID
Proofpoint.SmartSearch.Recipients	String	Search results send mail to
Proofpoint.SmartSearch.Date	String	Search results date
Proofpoint.SmartSearch.Sender	String	Search results email sender
Proofpoint.SmartSearch.Subject	String	Search results email subject

Command Example#

!proofpoint-smart-search recipient=user1@demisto.com process=100 time=Last24Hours

Context Example#

{
    "Proofpoint.SmartSearch": {
        "Date": "2020-01-25 11:30:00",
        "Recipients": "user1@demisto.com",
        "Sender": "bwillis@email.com",
        "Subject": "[External] Welcome !",
        "MessageSize": "20750"
    }
}

Human Readable Output#

Proofpoint Protection Server Smart Search Results#

ID	Date	Recipient	Sender	Subject	MessageSize
37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com	2020-01-25 11:30:00	user1@demisto.com	bwillis@email.com	External Welcome !	20750

4. proofpoint-quarantine-folders#

Returns a list of quarantined folders.

Base Command#

proofpoint-quarantine-folders

Input#

There are no input arguments for this command.

Context Output#

Path	Type	Description
Proofpoint.Quarantine.Folder.Name	String	Folder name

Command Example#

!proofpoint-quarantine-folders

Context Example#

{
    "Proofpoint.Quarantine.Folder": [
        {
            "Name": "Adult",
            "Name": "Audit",
            "Name": "Blocked",
            "Name": "Malware"
        }
    ]
}

Human Readable Output#

Proofpoint Protection Server Quarantine Folders#

Name
Adult
Audit
Blocked
Malware

5. proofpoint-release-email#

Release email with virus scan

Base Command#

proofpoint-download-email

Input#

Argument Name	Description	Required
message_id	Email message ID to release.	Required
folder	Email folder to release.	Required

Context Output#

There is no context output for this command.

Command Example#

!proofpoint-download-email message_id=37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com folder=Blocked

Human Readable Output#

Released message 37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com successfully

6. proofpoint-add-to-blocked-senders-list#

Adds an email address to blocked senders list.

Base Command#

proofpoint-add-to-blocked-senders-list

Input#

Argument Name	Description	Required
email	Email to add to blocked senders list	Required

Context Output#

There is no context output for this command.

Command Example#

!proofpoint-add-to-blocked-senders-list email=bwillis@email.com

Human Readable Output#

Successfully added bwillis@email.com to the Blocked Senders list

7. proofpoint-add-to-safe-senders-list#

Adds an email address to safe senders list.

Base Command#

proofpoint-add-to-safe-senders-list

Input#

Argument Name	Description	Required
email	Email to add to safe senders list	Required

Context Output#

There is no context output for this command.

Command Example#

!proofpoint-add-to-safe-senders-list email=bwillis@email.com

Human Readable Output#

Successfully added bwillis@email.com to the Safe Senders list

8. proofpoint-remove-from-blocked-senders-list#

Removes an email address from blocked senders list.

Base Command#

proofpoint-remove-from-blocked-senders-list

Input#

Argument Name	Description	Required
email	Email to remove from blocked senders list	Required

Context Output#

There is no context output for this command.

Command Example#

!proofpoint-remove-from-blocked-senders-list email=bwillis@email.com

Human Readable Output#

Successfully removed bwillis@email.com from the Blocked Senders list

8. proofpoint-remove-from-safe-senders-list#

Removes an email address from safe senders list.

Base Command#

proofpoint-remove-from-safe-senders-list

Input#

Argument Name	Description	Required
email	Email to remove from safe senders list	Required

Context Output#

There is no context output for this command.

Command Example#

!proofpoint-remove-from-safe-senders-list email=bwillis@email.com

Human Readable Output#

Successfully removed bwillis@email.com from the Safe Senders list