Copyright (c) 2010-2017 by Proofpoint, Inc. All Rights Reserved.
Proofpoint, Proofpoint Protection Server and the Proofpoint logos are trademarks or registered trademarks of Proofpoint, Inc.
About | Proofpoint Email Security App For Splunk |
Developer | Proofpoint, Inc. |
App Version | 1.0.3 |
App Build | 54 |
Technology Add-on (TA) | Proofpoint Email Security Add-On for Splunk |
Technology Add-on (TA) | Proofpoint TAP SIEM Modular Input |
Folder Name | pps |
Vendor Products | Proofpoint Enterprise Protection 8.0 and above |
Proofpoint On Demand 8.0 and above | |
Target Attack Protection | |
Has index-time operations | False |
Create an index | False |
Implements summarization | False |
Splunk Enterprise versions | 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 |
CIM | 4.8+ |
Platforms | Platform Independent |
Proofpoint Email Security App For Splunk 1.0.3 available on Splunkbase
Proofpoint Email Security Add-On for Splunk 1.0.9 available on Splunkbase
Proofpoint TAP SIEM Modular Input 1.0.1 available on Splunkbase
In a single server deployment, single instance of Splunk Enterprise functions as data collection node, indexer and search head. In such deployment, install the add-ons Proofpoint Email Security Add-On and Proofpoint TAP SIEM Modular Input. After that, install Proofpoint Email Security App For Splunk.
In a distributed deployment, typically a combination of forwarders are deployed for data collection, separate indexer nodes for data injection and search heads for data visualization are deployed. We recommend installing our TA's on both Forwarder and Search heads and the App on the search head.
Component | Forwarder | Indexer | Search head |
Proofpoint Email Security Add-On for Splunk (TA) | Install | No | Install |
Proofpoint TAP SIEM Modular Input 1.0.1 available (TA) | Install | No | Install |
Proofpoint Email Security App For Splunk (App) | No | No | Install |
Add UDP/TCP input to listen on the port for PPS logs and specify "pps_log" as sourcetype. You can do this from Splunk Admin Console.
By default this app uses the "main" index to look for Proofpoint logs. To change this to an index that the Proofpoint Email Security Add-On uses, you need to edit the get_pps_index macro. Here are the steps:
On the Proofpoint Email Protection admin console, enable syslog to forward to your Splunk instance
Updated Reports with the index macro.
Fixed cloud compatibility.
Updated Logo.
Resolved a name conflict in saved searches.
Fixed an issue with TAP dashboard that used incorrect form of “eventType”
Version 1.0.1
This app is designed to work with Proofpoint Email Security Add-On for Splunk (TA) and Proofpoint TAP SIEM Modular Input (TA) to provide email security dashboards and reports.
Changes:
Updated Proofpoint Email Security Dashboard
Updated Email Summary Dashboard
* Bug fixes
Version 1.0.0 (Beta)
This app is designed to work with Proofpoint Email Security Add-On for Splunk (TA) and Proofpoint TAP SIEM Modular Input (TA) to provide email security dashboards and reports.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.