Proofpoint SIEM Actions

Actions for Proofpoint SIEM #

Send Data to Proofpoint SIEM. Sends a custom set of Lucidum data to Proofpoint SIEM.

Use Cases #

Below are the possible use cases for these actions:

If you want to run Lucidum “headless”, you can send relevant data to Proofpoint SIEM on a regular schedule.
You can send normalized, enriched Lucidum data to Proofpoint SIEM to be indexed, searched, and analyzed.

Prerequisites #

To execute Proofpoint SIEM actions, you must configure a Proofpoint SIEM API connection beforehand.

NOTE. The specified account should have read and write permissions.

Workflows #

Proofpoint SIEM Configuration #

To create a configuration for Proofpoint SIEM actions:

Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
URL. The URL of the Proofpoint SIEM API, for example, https://tap-api-v2.proofpoint.com/v2/siem/
Principal. The service principal and secret are used to authenticate to the SIEM API. They are generated on the settings page of the Threat Insight Dashboard. To find the service principal:
1. Log in to your Proofpoint console and navigate to the Threat Insight Dashboard.
2. Navigate to the Settings page.
3. Locate your Service Principal and Secret and save them locally.
Secret. The service principal and secret are used to authenticate to the SIEM API. They are generated on the settings page of the Threat Insight Dashboard. To find the service principal:
1. Log in to your Proofpoint console and navigate to the Threat Insight Dashboard.
2. Navigate to the Settings page.
3. Locate your Service Principal and Secret and save them locally.
Max # of Records per Payload. The maximum number of records to send to Proofpoint SIEM in each action. The default value is “50”.

Manage Action Token #

To describe an action token for Proofpoint SIEM actions:

Click the token icon.
In the Manage Action Tokens page, click the plus-sign in the upper right.

Create a New Action #

To create an action for Proofpoint SIEM, contact Lucidum customer care.

Solutions

COMPANY

Resource Library

Ready to Try?

What is Lucidum?

Getting Started with Lucidum

Proxy Server

Managing Users

Connectors

Dashboards

Value-Oriented Dashboards (VODs)

Streamlining Queries with SmartLabels and Tags

Value-Oriented SmartLabels (VOSLs)

Risk

Actions

Use Cases

Viewing Data

Running Headless with Webhooks

Lucidum API v1

Lucidum API v2

Sending Alerts to Slack

Managing Your Lucidum System

Proofpoint SIEM Actions

Actions for Proofpoint SIEM #

Use Cases #

Prerequisites #

Workflows #

Proofpoint SIEM Configuration #

Manage Action Token #

Create a New Action #

What are your Feelings

Quick LInks

SOLUTIONS

COMPANY

RESOURCES

Solutions

COMPANY

Resource Library

Solutions

COMPANY

Resource Library

Ready to Try?

Actions for Proofpoint SIEM #

Use Cases #

Prerequisites #

Workflows #

Proofpoint SIEM Configuration #

Manage Action Token #

Create a New Action #

What are your Feelings

Share This Article :

Still stuck? How can we help?

Quick LInks

SOLUTIONS

COMPANY

RESOURCES

Solutions

COMPANY

Resource Library