Proofpoint Targeted Attack Protection integration overview
You can integrate Proofpoint Targeted Attack Protection (TAP) with Sophos Central so that it sends alerts to Sophos for analysis.
This page gives you an overview of the integration.
Proofpoint TAP product overview
Proofpoint TAP is a cloud-based email security tool that safeguards users from advanced email threats, such as targeted phishing attacks, malware, and BEC (Business Email Compromise). It leverages advanced analytics and machine learning to detect and block threats that typically bypass conventional defenses, offering a holistic approach to email threat prevention.
Sophos documents
Integrate Proofpoint Targeted Attack Protection
What we ingest
Sample alerts seen by Sophos:
messages - malwaremessages - phishmessages - spammessages - impostorclicks - malwareclicks - phishclicks - spammessages - toadclicks - impostormessages - undefined
Alerts ingested in full
We ingest email activity from these endpoints:
/v2/threat/summary//v2/forensics
Filtering
We filter messages as follows:
- We ALLOW only messages in the correct format.
- We DENY messages that aren't in the correct format and don't DROP the data.
Sample threat mappings
We define the alert type from the field classification and add clicks - or messages - before the mapping, depending on the type received.
Sample mappings:
{"alertType": "clicks - malware", "threatId": "T1598.003", "threatName": "Spearphishing Link"}
{"alertType": "clicks - phish", "threatId": "T1598.003", "threatName": "Spearphishing Link"}
{"alertType": "messages - malware", "threatId": "T1598.003", "threatName": "Spearphishing Link"}
{"alertType": "messages - impostor", "threatId": "T1199", "threatName": "Trusted Relationship"}
{"alertType": "messages - toad", "threatId": "T1566.003", "threatName": "Spearphishing via Service"}