Exploring the Proofpoint Integration for Security Operations
You can configure event profiles in SIR to ingest events from Proofpoint. SIR creates an incident for each ingested event which analysts can review or work on.
Proofpoint Integration for Security Operations users
| User | Description |
|---|---|
| Security admin |
Create event profiles for filtering the ingested events. SIR creates incidents for these the ingested events. |
Proofpoint Integration for Security Operations benefits
| Benefit | Feature | Users |
|---|---|---|
| Pull event data into your instance and create security incidents. Review security incidents from a single location for events deemed suspicious or malicious. |
If the delivered email messages and permitted clicks are later deemed malicious, chances are these messages were opened and interacted with by your employees. To track these messages for review, automatically create security incidents based on the event profiles you create and configure for message traffic for the integration. Additionally, you can also enable creating security incidents for the blocked messages and clicks for audit purposes. |
Managers |
What to explore next
To learn more about configuring and using Proofpoint, see: