- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
Proofpoint Cloud Connector
Proofpoint Email Protection detects threats by processing email messages and protects against malware and cyber-attacks by offering multiple layers of security. It controls each aspect of inbound and outbound email to detect and block threats and- prevent leakage of confidential information. For more information visit Proofpoint’s website.
Supported Proofpoint Audit Sources and Events
The following table displays audit source API and security events supported by the connector.
Audit Source: API | Service or Module Covered | Event Included |
|---|---|---|
ATP - SIEM |
| All |
Proofpoint on Demand (PoD) |
| All |
Prerequisites to Configure the Proofpoint Connector
Before you configure the Proofpoint connector you must obtain the following Proofpoint account information:
Service Principal and Service Principal Secret for the SIEM endpoint
Cluster ID and Access Token for Message and Maillog endpoints in the LogAPI endpoint group that are not included in the primary authentication data
To create an Access Token or credentials for Message and Maillog, contact Proofpoint support. Ensure that you have the license for Remote Syslog.
To obtain Proofpoint service principal and service principal secret string:
Log in to the ProofPoint portal by accessing https://threatinsight.proofpoint.com/.
Click the Settings icon in the upper right corner, then click Connected Applications.
Click Create New Credential.
Specify a name and click Generate.
Record the Service Principal and Secret represented by a string of letters and numbers. Use these values to Configure the Proofpoint Cloud Connector.
Configure the Proofpoint Cloud Connector
Proofpoint Email Protection detects threats by processing email messages and protects against malware and cyber-attacks by offering multiple layers of security. It controls each aspect of inbound and outbound email to detect and block threats and- prevent leakage of confidential information. For more information visit Proofpoint’s website.
To configure the Proofpoint Connector to import data into Exabeam Cloud Connector Platform:
Complete the Prerequisites to Configure the Proofpoint Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Proofpoint from the list.
In the Accounts section, enter the required information. Required fields are indicated with a red bar.
Account Name – Specify a name for the cloud connector. For example, Corporate Proofpoint.
Description – (Optional) Describe the Proofpoint account.
Service Principal – Enter the value for the service principal that you obtained while completing prerequisites.
Secret – Enter the value for the secret that you obtained while completing prerequisites.
Cluster ID – (Maillog and Message endpoints only) Enter the value for the cluster ID that you obtained while completing prerequisites.
Access Token – (Maillog and Message endpoints only) Enter the value for the access token that you obtained while completing prerequisites.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.