Overview
Blumira’s cloud SIEM platform integrates with Proofpoint Advanced Threat Detection to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected on an endpoint.
When configured, the Blumira integration with Proofpoint Advanced Threat Detection will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Configuring Proofpoint
Proofpoint provides an API to access Targeted Attack Prevention (TAP) logs. Complete the steps in Configuring the Proofpoint TAP Event Source to obtain the API Service Principle and API Key to use in the steps below.
Configuring Blumira
To add a module on an existing sensor and provide credentials:
- In Blumira, click Settings.
- Click Sensors.
- Click the sensor on which you want to add a module.
- On the detail page for the sensor, scroll down and click Add Module.
- In the Add New Module window, select the relevant module.
- Enter the credentials that you gathered in previous steps.
- (Optional) Type a name for this log deployment in the Log Source Name box.
Note: Use alphanumeric characters, periods, and hyphens. Spaces and underscores are not allowed. This name will appear in the "device_address" column in the results of your event data queries. If you add more modules to collect logs for other integrations, this name will help you to identify them. - Click Install.