Splunk Partnership

The Proofpoint and Splunk partnership provides security teams a unified way to view insider threats, determine the lateral spread of threats and get visibility into data exfiltration. Read the press release.

 

Joint customers of Proofpoint and Splunk can leverage the integration and technology add-ons of this partnership to:

  • Obtain visibility into insider threats, lateral, spread and data exfiltration
  • Be alerted of external social risks to the organization
  • Create consolidated reports for both security and compliance
  • Get SIEM visibility into malware-free threats, like credential phishing and BEC/email fraud attacks and related forensics
  • Use Adaptive Response integration that helps defenders leverage Proofpoint intel when threat hunting


Integrations with Splunk include the following Splunk Certified apps and technology add-ons:

 

Email Security App

The Proofpoint Security Protection App for Splunk provides detailed visibility into advanced threats such as email fraud and credential phishing attacks using customizable reports and dashboards. The Proofpoint Email Protection App incorporates data from the Email Protection Splunk TA and the TAP Modular Input to allow security researchers an easier way to quickly find and act upon threats.

TAP Modular Input

The Proofpoint TAP Modular Input add-on enables a seamless integration between Proofpoint’s Targeted Attack Protection (TAP) service and Splunk. This allows security operations professionals to simplify their workflow by ingesting TAP events for the following scenarios into Splunk:

  • Blocked or permitted clicks to threats recognized by Proofpoint URL Defense
  • Blocked or delivered messages that contain threats recognized by Proofpoint URL Defense or Proofpoint Attachment Defense