CIM mapping
Added support for both HTTP and HTTPS proxy.
Updated Splunk SDK
Fixed cloud compatibility issues.
Updates to meet Splunk Cloud compatibility
jQuery 3.5 update
Non-ASCII character support
Minor bugfix to previous release .138, which added compatibility for Splunk 8.0 and Python 3.
Updated to support Splunk 8.0 and Python 3
This update corrects an issue which could occur when creating a new data input using proxy authentication.
This update uses the eventTime attribute as the primary timestamp for events, rather than the messages' or clicks' timestamps. This ensures that older events about newly-recognized threats are consistently surfaced in searches.
Please report any issues you encounter to support@proofpoint.com.
This version contains many stability improvements, bug fixes, and logging enhancements. Support for HTTP proxies was added.
Within the Splunk administrative interface, navigate to Settings > Data Inputs. Locate the "Proofpoint TAP SIEM Modular Input" row, and click the "Add New" action. You'll be asked for a name for the input source, your service principal, and secret. In addition, under 'More settings', you'll need to specify an interval in seconds.
The interval determines how frequently your Splunk instance will poll for new events. The recommended setting is 600 seconds, or 10 minutes. Intervals below 300 seconds are not recommended.
You can create a service principal by visiting the Settings page on the TAP Dashboard. (https://threatinsight.proofpoint.com/settings)
Please report any issues you encounter to support@proofpoint.com.
This is the initial release of the Proofpoint TAP Modular Input. After installation, you will create an input source retrieve the events. to supply a service principal and secret so that the modular input can authenticate itself to Proofpoint.
Within the Splunk administrative interface, vavigate to Settings > Data Inputs. Locate the "Proofpoint TAP SIEM Modular Input" row, and click the "Add New" action. You'll be asked for a name for the input source, your service principal, and secret. In addition, under 'More settings', you'll need to specify an interval in seconds.
The interval determines how frequently your Splunk instance will poll for new events. The recommended setting is 600 seconds, or 10 minutes. Intervals below 300 seconds are not recommended.
You can create a service principal by visiting the Settings page on the Threat Insight Dashboard. (https://threatinsight.proofpoint.com/settings)
Please report any issues you encounter to support@proofpoint.com.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.