Splunk Partnership

The Proofpoint and Splunk partnership provides security teams a unified way to view insider threats, determine the lateral spread of threats and get visibility into data exfiltration. Read the press release.


Joint customers of Proofpoint and Splunk can leverage the integration and technology add-ons of this partnership to:

  • Obtain visibility into insider threats, lateral, spread and data exfiltration
  • Be alerted of external social risks to the organization
  • Create consolidated reports for both security and compliance
  • Get SIEM visibility into malware-free threats, like credential phishing and BEC/email fraud attacks and related forensics
  • Use Adaptive Response integration that helps defenders leverage Proofpoint intel when threat hunting

Integrations with Splunk include the following Splunk Certified apps and technology add-ons:


Email Security App

The Proofpoint Security Protection App for Splunk provides detailed visibility into advanced threats such as email fraud and credential phishing attacks using customizable reports and dashboards. The Proofpoint Email Protection App incorporates data from the Email Protection Splunk TA and the TAP Modular Input to allow security researchers an easier way to quickly find and act upon threats.

TAP Modular Input

The Proofpoint TAP Modular Input add-on enables a seamless integration between Proofpoint’s Targeted Attack Protection (TAP) service and Splunk. This allows security operations professionals to simplify their workflow by ingesting TAP events for the following scenarios into Splunk:

  • Blocked or permitted clicks to threats recognized by Proofpoint URL Defense
  • Blocked or delivered messages that contain threats recognized by Proofpoint URL Defense or Proofpoint Attachment Defense

Email Protection Splunk TA

The Proofpoint Email Protection TA allows users to search and report on Proofpoint Email Protection logs. By normalizing data produced by Email Protection to Splunk’s Common Information Model (CIM), email data can be correlated with other data sources to detect threats and data exfiltration. Email Security Splunk integration brief.


ET Intelligence Splunk TA

The ET Intelligence TA (ET TA) seamlessly integrates the acclaimed Emerging Threats Intelligence feed into Splunk, and provides predefined macros and lookups to enrich and search any log that Splunk can parse with ET Intelligence reputation data. The ET TA empowers the Splunk admin to create custom searches, dashboards, panels, pivots, reports, and alerts enriched with Emerging Threats intelligence data. Read the ET Intelligence TA technical brief. Also see "the Splunk Integration with Proofpoint Threat Response and ET Intelligence product overview."


Social Media Protection Splunk TA

The Proofpoint Social Media Protection TA enables the ingestion of social media data into the Splunk dashboard. Proofpoint ingests millions of data points from social media networks and social application activity. Over 125 algorithmic classifiers, including Proofpoint’s patented Deep Social Linguistic Analysis, categorize social media incidents and activity, which can then be correlated with other data in the Splunk dashboard. Read Social Media Protection TA Datasheet.