Skip to main content

Proofpoint Protection Server (Deprecated)

beta

This is a beta Integration, which lets you implement and test pre-release software. Since the integration is beta, it might contain bugs. Updates to the integration during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the integration to help us identify issues, fix them, and continually improve.

Deprecated

The integration uses an unsupported scraping API. Use Proofpoint Protection Server v2 instead.

Overview#


Use the Proofpoint Protection Server integration to manage your email security appliances.

This integration was integrated and tested with version 8.11.12 of Proofpoint Protection Server.

Users must be assigned to the podadmin role to use this integration.

This integration does not support SAML protocol for authentication.

Use Cases#


  1. Manage senders list.
  2. Run operations on emails, such as release and download.
  3. Manage quarantined messages and folder.

Configure Proofpoint Protection Server on Cortex XSOAR#


  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Proofpoint Protection Server.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Server URL (e.g., https://192.168.0.1:10000)
    • Username
    • Password
    • Proofpoint Protection Server Version (e.g., 8.14.2)
    • Trust any certificate (not secure)
    • Use system proxy settings
  4. Click Test to validate the URLs, token, and connection.

Commands#


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. proofpoint-download-email
  2. proofpoint-quarantine-messages
  3. proofpoint-smart-search
  4. proofpoint-quarantine-folders
  5. proofpoint-release-email
  6. proofpoint-add-to-blocked-senders-list
  7. proofpoint-add-to-safe-senders-list
  8. proofpoint-remove-from-blocked-senders-list
  9. proofpoint-remove-from-safe-senders-list

1. proofpoint-download-email#


Download email message by ID.

Base Command#

proofpoint-download-email

Input#
Argument NameDescriptionRequired
message_idThe GUID of the email message to download.Required
Context Output#

There is no context output for this command.

Command Example#

!proofpoint-download-email message_id=37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com

2. proofpoint-quarantine-messages#


Retrieves quarantined email messages.

Base Command#

proofpoint-quarantine-messages

Input#
Argument NameDescriptionRequired
folderFolder name to quarantine.Optional
senderMessages from sender to quarantine.Optional
subjectMessages subject to quarantine.Optional
recipientMessages to recipient to quarantine.Optional
Context Output#
PathTypeDescription
Proofpoint.Quarantine.Message.IDStringMessage ID
Proofpoint.Quarantine.Message.DateDateMessage date
Proofpoint.Quarantine.Message.RecipientStringMessage recipient
Proofpoint.Quarantine.Message.SenderStringMessage sender
Proofpoint.Quarantine.Message.SubjectStringMessage subject
Proofpoint.Quarantine.Message.FolderStringMessage folder
Command Example#

!proofpoint-quarantine-messages recipient=user1@demisto.com

Context Example#
{
"Proofpoint.Quarantine.Message": {
"ID": "37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com",
"Date": "2020-01-25 11:30:00",
"Recipient": "user1@demisto.com",
"Sender": "bwillis@email.com",
"Subject": "[External] Welcome !"
"Folder": "Inbox
}
}
Human Readable Output#

Proofpoint Protection Server Quarantine Search Messages Results#

IDDateRecipientSenderSubjectFolder
37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com2020-01-25 11:30:00user1@demisto.combwillis@email.comExternal Welcome !Inbox

3. proofpoint-smart-search#


Searches for emails.

Base Command#

proofpoint-smart-search

Input#
Argument NameDescriptionRequired
processMax resultsOptional
senderEmail sender.Optional
subjectEmail subject.Optional
recipientEmail recipient.Optional
sender_hostnameSender hostname/IP addressOptional
attachmentAttachment nameOptional
qidQIDOptional
timeTime period in which the email was recieved.Optional
message_idEmail message ID.Optional
virus_nameVirus name.Optional
sidSIDOptional
guidGUIDOptional
Context Output#
PathTypeDescription
Proofpoint.SmartSearch.SMIMERecipientsStringSearch results SMIME recipients
Proofpoint.SmartSearch.FIDStringSearch results FID
Proofpoint.SmartSearch.MessageIDStringSearch results email message ID
Proofpoint.SmartSearch.SuborgStringSearch results sub organization
Proofpoint.SmartSearch.AgentStringSearch results email agent
Proofpoint.SmartSearch.AttachmentNamesStringSearch results email attachment names
Proofpoint.SmartSearch.MoudleIDStringSearch results module ID
Proofpoint.SmartSearch.MessageSizeStringSearch results email message size
Proofpoint.SmartSearch.SpamScoreStringSearch results email spam score
Proofpoint.SmartSearch.GUIDStringSearch results GUID
Proofpoint.SmartSearch.RecipientsStringSearch results send mail to
Proofpoint.SmartSearch.DateStringSearch results date
Proofpoint.SmartSearch.SenderStringSearch results email sender
Proofpoint.SmartSearch.SubjectStringSearch results email subject
Command Example#

!proofpoint-smart-search recipient=user1@demisto.com process=100 time=Last24Hours

Context Example#
{
"Proofpoint.SmartSearch": {
"Date": "2020-01-25 11:30:00",
"Recipients": "user1@demisto.com",
"Sender": "bwillis@email.com",
"Subject": "[External] Welcome !",
"MessageSize": "20750"
}
}
Human Readable Output#

Proofpoint Protection Server Smart Search Results#

IDDateRecipientSenderSubjectMessageSize
37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com2020-01-25 11:30:00user1@demisto.combwillis@email.comExternal Welcome !20750

4. proofpoint-quarantine-folders#


Returns a list of quarantined folders.

Base Command#

proofpoint-quarantine-folders

Input#

There are no input arguments for this command.

Context Output#
PathTypeDescription
Proofpoint.Quarantine.Folder.NameStringFolder name
Command Example#

!proofpoint-quarantine-folders

Context Example#
{
"Proofpoint.Quarantine.Folder": [
{
"Name": "Adult",
"Name": "Audit",
"Name": "Blocked",
"Name": "Malware"
}
]
}
Human Readable Output#

Proofpoint Protection Server Quarantine Folders#

Name
Adult
Audit
Blocked
Malware

5. proofpoint-release-email#


Release email with virus scan

Base Command#

proofpoint-download-email

Input#
Argument NameDescriptionRequired
message_idEmail message ID to release.Required
folderEmail folder to release.Required
Context Output#

There is no context output for this command.

Command Example#

!proofpoint-download-email message_id=37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com folder=Blocked

Human Readable Output#

Released message 37b6d02m-63e0-495e-kk92-7c21511adc7a@SB2APC01FT091.outlook.com successfully

6. proofpoint-add-to-blocked-senders-list#


Adds an email address to blocked senders list.

Base Command#

proofpoint-add-to-blocked-senders-list

Input#
Argument NameDescriptionRequired
emailEmail to add to blocked senders listRequired
Context Output#

There is no context output for this command.

Command Example#

!proofpoint-add-to-blocked-senders-list email=bwillis@email.com

Human Readable Output#

Successfully added bwillis@email.com to the Blocked Senders list

7. proofpoint-add-to-safe-senders-list#


Adds an email address to safe senders list.

Base Command#

proofpoint-add-to-safe-senders-list

Input#
Argument NameDescriptionRequired
emailEmail to add to safe senders listRequired
Context Output#

There is no context output for this command.

Command Example#

!proofpoint-add-to-safe-senders-list email=bwillis@email.com

Human Readable Output#

Successfully added bwillis@email.com to the Safe Senders list

8. proofpoint-remove-from-blocked-senders-list#


Removes an email address from blocked senders list.

Base Command#

proofpoint-remove-from-blocked-senders-list

Input#
Argument NameDescriptionRequired
emailEmail to remove from blocked senders listRequired
Context Output#

There is no context output for this command.

Command Example#

!proofpoint-remove-from-blocked-senders-list email=bwillis@email.com

Human Readable Output#

Successfully removed bwillis@email.com from the Blocked Senders list

8. proofpoint-remove-from-safe-senders-list#


Removes an email address from safe senders list.

Base Command#

proofpoint-remove-from-safe-senders-list

Input#
Argument NameDescriptionRequired
emailEmail to remove from safe senders listRequired
Context Output#

There is no context output for this command.

Command Example#

!proofpoint-remove-from-safe-senders-list email=bwillis@email.com

Human Readable Output#

Successfully removed bwillis@email.com from the Safe Senders list