autobotAI

Proofpoint Email Security

Overview

The Proofpoint Email Security (Targeted Attack Protection - TAP) integration enables autobotAI to securely interact with the Proofpoint TAP API. This integration allows automated workflows to pull SIEM events, query forensics data, and track email campaigns to enhance your threat intelligence and incident response operations.

This guide provides instructions for setting up Proofpoint Email Security integration in your autobotAI account. By completing this process, you will connect your Proofpoint TAP instance to the platform.

Prerequisites

Before starting, ensure you have:

  • Access to the Proofpoint Threat Insight Dashboard.
  • A Service Principal and Secret generated specifically for API access.

Steps to Set Up Proofpoint Email Security Integration

Step 1:
Navigate to the Integrations page by selecting Integrations in the menu. Click the + Add Integration button in the top-right corner to view available integrations. Navigate to Integrations
Step 2:
Use the search bar to search for the keyword proofpoint, and select Proofpoint Email Security + Add from the results to create the integration. Search and Select Proofpoint Email Security

Step 3:
Fill in the required fields as follows:

Note: Fields marked with an asterisk (*) are mandatory.

  • Alias: Provide a meaningful name or alias for this integration (e.g., EmailSecurity-Global).
  • Groups: Use groups to organize multiple integrations.
  • Service Principal: Provide your Proofpoint TAP Service Principal ID (e.g., 9b3a...).
  • Secret: Enter the Secret associated with your Service Principal (e.g., s3cr3tKey...).
Fill Proofpoint Email Security Form

Double-check the information, then click Create to complete the integration.

Step 4:
After creating the integration, locate it under Integrations. Click on the three dots next to it, select Test, and ensure your integration is configured correctly. The test will query the /v2/siem/all endpoint for the last 60 seconds of data to strictly verify your credentials.

Additional Information

How to Retrieve TAP Credentials

To generate your Proofpoint Service Principal and Secret:

  1. Log in to Proofpoint TAP:
    Go to your Proofpoint Threat Insight Dashboard and sign in.
  2. Access Connected Applications:
    • Navigate to Settings > Connected Applications.
  3. Generate Credentials:
    • Create a new Service Principal for autobotAI.
    • Ensure it has the necessary permissions (e.g., SIEM, Forensics access).
  4. Copy the Credentials:
    Copy the generated Principal and Secret immediately, as the secret will not be visible again after you leave the page.

Paste these into the respective fields on the autobotAI platform to complete the integration.