Proofpoint Essentials

Overview

Configuring a cloud source in Scope is a two-step process.

  • Generating Proofpoint Essentials API credentials in the Proofpoint Essentials portal. Please refer to Section 1 – Proofpoint Essentials Setup

  • Setting up the Proofpoint Essentials cloud source in the Scope application. Please refer to Section 2 - Scope Setup

Proofpoint Essentials Setup

To get started, you’ll need to generate the following credentials in the Proofpoint Essentials portal –

  1. API Key
  2. API Secret Key
  3. Base URL

Step 1: Generate API Credentials

  • Navigate to Account Management -> Integrations, then select the Integration Keys tab.

  • Click Add Integration Key in the upper right-hand corner.

  • Enter Key Details:

    • Provide a description to help identify the purpose of the key.

    • In the Access Type dropdown, select either:

      • SIEM Threat Events
      • Security Awareness Reporting API

      Note: Security Awareness Reporting API access is restricted to “My Organisation Only”.

  • Set Scope:

    • If you are part of an organization, the Scope field will be locked to My Organisation Only.

    • If you are a partner, you can choose between:

      • My Organisation Only
      • My Organisation and All Child Organisations

    This determines whether the key can access data for child entities in the partner hierarchy.

  • After clicking Create, you’ll receive two values:

    • API Key
    • API Secret Key

    These are required for authenticating to the Essentials Threat API or Security Awareness Reporting API.

    Note: These values will not be shown again. Please store them securely. The key may take up to 30 minutes to become active.

The generated API Key and API Secret Key are to be configured in Scope Setup: Step 1 for initiating the Proofpoint Essentials log ingestion.

Scope Setup

Step 1: Proofpoint Essentials Cloud Source Registration in the Scope Application

Once the credentials are generated, they must be configured in the Scope application to establish the connection and enable data ingestion from the Proofpoint Essentials environment.

In the Scope application, to register a Proofpoint Essentials cloud source, navigate to the cloud source registration page

  • Log into the Scope application

  • Select the required Organization from the Organization dropdown

  • Navigate to the side menu -> Administration

  • Navigate to the Cloud sources tab

  • Click on the +Add Source button

  • In the Step 1 of the Add Source wizard, search for Proofpoint Essentials, select the cloud source and click Next.

  • In the Step 2 of the Add Source wizard, provide the parameters below.

    • Site: The user defined name for the Proofpoint Essentials cloud source.

    • Base URL: The Base URL of your Proofpoint Essentials Tenant. By default, the value https://us-siem.proofpointessentials.com will be available.

    • API Key: The API Key generated in Step 1.

    • API Secret Key: The API Secret Key generated in Step 1.

    • Polling Interval: The polling interval for making periodic API calls to the Proofpoint Essentials cloud source. The user can select the polling interval from the dropdown.

    • Contact Email: The email address of the person who registers the Proofpoint Essentials cloud source in Scope.

Once the required connection parameters are entered, the Proofpoint Essentials registration is complete in Scope and is ready for ingestion of Proofpoint Essentials logs.