CLOUD CONNECTOR

Proofpoint On Demand

Proofpoint on Demand (POD) delivers Proofpoint’s unified email security and data loss prevention features as a cost-effective, easy-to-adopt and easy-to-manage SaaS (Software-as-a-Service) solution.

Securonix integrates with the Proofpoint POD API for identification of email message, URL-based malware and message part based threat (attachment-based malware, BEC, and phishing) and context enrichment for threat chains.

Proofpoint POD API Schema Proofpoint POD API Event Category Major Logged Details/Event Types Related Threats Details
Message Schema Connection/Session Data Session ID, Country, HELO IP, HELO Hostname, Sender IP, TLS Inbound Cipher, Cipher Strength (Bits), TLS Policy, TLS Protocol Version, Sender IP Resolution Status Phishing, BEC Information about the current message session
Message Schema Envelope Object Data Envelope Recipient, Envelope Sender Phishing, BEC Email envelope object data. To be verified with header data
Message Schema Message Object Data CC Header, From Header, Message ID, Reply To, Return Path, Subject, To Header, Language, Normalized Header, Size in Bytes Phishing, Malware, BEC Message headers for verification
Message Schema Message Parts Object Identified Character Set, Labeled Character Set, Extensions, MIME Type, File Name, Size in Bytes, Disposition, MD5, SHA256, File Type (Archive, Corrupted, Deleted, Password Protected, Virtual, ) Analysis Time Out, Labeled Extension, labeled MIME, Labeled Name, Metadata, Sandbox Status, Decoded Size, URLs Detected, URL Defense Rewritten/Not Rewritten (with reason) Phishing, Malware, BEC Message Parts. Contains URL and attachment information
Message Schema Filter Object Data Actions, Disposition, Quarantine Details, Viruses Detected, Message ID, DMARC/DKIM Details, Proofpoint Dynamic Reputation Score, SPF Details, URL Defense Verdict Details, ZeroHour Threat Score, S/MIME, Timestamp, Recipient/Sender Details Phishing, Malware, BEC Filtered objects. Contains information about threats, if any, detected by the ProofPoint engine
Message Schema PPS Object Data Agent/MFA Host, PPS Version, PPS Cluster ID Phishing, BEC PPS Information
Mail Schema Mail Logs Agent, ID, Message Delay, Relay, Protocol, Sendmail QID, Size in Bytes, Delivery Statistics, TLS Information, Recipients Phishing, Malware, BEC Raw mail log data