Skip to content
Find out how we support MDR.

Proofpoint Targeted Attack Protection


You must have the Email integrations license pack to use this feature.

You can integrate Proofpoint Targeted Attack Protection (TAP) with Sophos Central so that it sends audit data to Sophos for analysis.

This integration is API-based.

The key steps are as follows:

  • Generate TAP service credentials for your Proofpoint account.
  • Configure an integration in Sophos Central.

Generate TAP service credentials

TAP service credentials are used in Sophos Central to link to Proofpoint.

To generate these credentials, do as follows:

  1. Sign in to the TAP dashboard. See Welcome to the TAP Dashboard.
  2. Go to Settings > Connected Applications image.
  3. Click Create New Credential.
  4. Copy the Principal ID and Secret.

Configure an integration

To integrate TAP with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
  2. Click Proofpoint Targeted Attack Protection.

    The Proofpoint Targeted Attack Protection page opens. You can configure integrations here and see a list of any you've already configured.

  3. In Data Ingest (Security Alerts), click Add Configuration.


    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, do as follows:

    1. Enter a name and a description.
    2. Enter the Principal ID and Secret name.
    3. Click Save.

We create the integration and it appears in your list. If the status icon shows Healthy, your data should appear in the Sophos Data Lake after validation.