Proofpoint TAP

Integrations

Proofpoint TAP v2

• Added type validations and other internal code improvements.

Integrations

Proofpoint TAP v2

• Added the Raw message encoding integration parameter to control the character encoding of the fetched messages.

Incident Fields

Incident Fields

• Proofpoint TAP User Agent

Incident Fields

Proofpoint TAP Sender Address
Maintenance and stability enhancements.

Mappers

Proofpoint TAP Mapper

• Added mapping to the PhishingAlerts incident type.

Integrations

Proofpoint TAP v2

• Updated the Docker image to: demisto/python3:3.9.8.24399.

Integrations

Proofpoint TAP v2

• Documentation fixes

Scripts

ProofpointTAPMostAttackedUsers

• Updated the Docker image to: demisto/python3:3.9.7.24076.

ProofpointTapTopClickers

• Updated the Docker image to: demisto/python3:3.9.7.24076.

Integrations

Proofpoint TAP v2

• Updated the Docker image to: demisto/python3:3.9.7.24076.

Integrations

Proofpoint TAP v2

• Upgraded the Docker image to: demisto/python3:3.9.5.21272.

Integrations

Proofpoint TAP v2

• Added the commands:
  • proofpoint-get-events-clicks-blocked
  • proofpoint-get-events-clicks-permitted
  • proofpoint-get-events-messages-blocked
  • proofpoint-get-events-messages-delivered
  • proofpoint-list-issues
  • proofpoint-list-campaigns
  • proofpoint-get-campaign
  • proofpoint-list-most-attacked-users
  • proofpoint-get-top-clickers
  • proofpoint-url-decode
• Updated the test-module command.
• Added:
  • Proofpoint TAP Mapper
  • Proofpoint TAP Classifier
  • Proofpoint TAP Message Layout
  • Proofpoint TAP Clicks Layout
  • Weekly Report
  • Proofpoint TAP dashboard

Incident Types

Added the incident types:

• Proofpoint TAP - Click Blocked
• Proofpoint TAP - Click Permitted
• Proofpoint TAP - Message Delivered
• Proofpoint TAP - Message Blocked

Incident Fields

Added the incident fields:

• Proofpoint TAP Quarantine Rule
• Proofpoint TAP ID
• Proofpoint TAP Threat Info Map
• Proofpoint TAP Cluster
• Proofpoint TAP Threat URL
• Proofpoint TAP Threat Time
• Proofpoint TAP Phishing Score
• Proofpoint TAP Threat ID
• Proofpoint TAP Message Parts
• Proofpoint TAP Header CC
• Proofpoint TAP Campaign ID
• Proofpoint TAP Suspicious URL
• Proofpoint TAP Reply To Address
• Proofpoint TAP Classification
• Proofpoint TAP SMTP Sender
• Proofpoint TAP Header To
• Proofpoint TAP Spam Score
• Proofpoint TAP Xmailer
• Proofpoint TAP Type
• Proofpoint TAP Imposter Score
• Proofpoint TAP Message ID
• Proofpoint TAP GUID
• Proofpoint TAP Examined By
• Proofpoint TAP Subject
• Proofpoint TAP Malware Score
• Proofpoint TAP Message Layout
• Proofpoint TAP User Agent
• Proofpoint TAP Click Time
• Proofpoint TAP Threat Status
• Proofpoint TAP Sender IP
• Proofpoint TAP Policies
• Proofpoint TAP Quarantine Folder
• Proofpoint TAP Click IP
• Proofpoint TAP Headers Reply To
• Proofpoint TAP Message Size
• Proofpoint TAP Headers From
• Proofpoint TAP Sender Address
• Proofpoint TAP SMTP Recipient

Scripts

ProofpointTAPMostAttackedUsers

Added the ProofpointTAPMostAttackedUsers script to export a list of ProofPointTAP most attacked users to the Cortex
XSOAR widget.

ProofpointTapTopClickers

Added the ProofpointTapTopClickers script to export a list of ProofPointTAP top clickers to XSOAR widget.

Layouts Containers

Added the layouts:

• Proofpoint TAP Message Layout
• Proofpoint TAP Clicks Layout

Layouts

Added the layouts:

• layout-detailsV2-ProofPointTAP_Message_Layout-ProofPointTAP___Message_Delivered.json
• layout-detailsV2-ProofPointTAP_Message_Layout-ProofPointTAP___Message_Blocked.json
• layout-detailsV2-ProofPointTAP_Clicks_Layout-ProofPointTAP___Click_Blocked.json
• layout-detailsV2-ProofPointTAP_Clicks_Layout-ProofPointTAP___Click_Permitted.json

Classifiers

Added the classifiers:

• Proofpoint TAP Classifier - Supported version 6.0.0 of Cortex XSOAR.
• Proofpoint TAP v2 - Supported version 5.5.0 of Cortex XSOAR.

Mappers

Added the Proofpoint TAP Mapper.

Reports

Added the Proofpoint TAP Weekly Report.

Dashboards

Added the Proofpoint TAP dashboard.

Playbooks

Proofpoint TAP - Event Enrichment

Added the Proofpoint TAP - Event Enrichment playbook to get information about the forensics of threats and campaigns
for an event.

Integrations

Proofpoint TAP v2

• Maintenance and stability enhancements.

Integrations

Proofpoint TAP v2

Fixed a bug in the proofpoint-get-forensics command which caused getting a threat by campaignId to fail.

Use the Proofpoint Targeted Attack Protection (TAP) integration to protect against and provide additional visibility into phishing and other malicious email attacks.