Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to I retrieve proofpoint data?

danielbb
Motivator
‎02-03-2025 08:30 AM

Looking at Splunk base, and there are quite a lot of Proofpoint apps/TAs, which one should I install in order to connect to the Proofpoint endpoint and receive the data? 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-03-2025 08:35 AM

Hi @danielbb ,

there are many ProofPoint modules and many ways to take logs (syslogs, scripts, etc...)

see here to be guided: https://www.proofpoint.com/us/partners/splunk

Ciao.

Giuseppe

Reply

danielbb
Motivator
‎02-10-2025 10:26 AM

Thank you @gcusello. Our Proofpoint account manager said the following - 

"There is an API but no mail flow API so Splunk wouldn't have anything on the Essentials side. Enterprise side - Remote Syslog gets them all sorts of mail flow details!
 Having said that, the only way to get an integration with Splunk would be to upgrade from Essentials to our Enterprise email."

Is there a way to get the Proofpoint data without an upgrade?
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-11-2025 01:24 AM

Proofpoint Essentials is - as far as I remember - a simplified Proofpoint on Demand service.

Proofpoint Enterprise can be deployed as either Proofpoint-managed Proofpoint on Demand service or an on-premise Proofpoint Protection Server installation.

As I understand, you're using Essentials so you're not interested in an on-premise installation. So your only way to get the detailed email flow info would be to upgrade to Enterprise and license the Remote Syslog Forwarding feature. Then you can set up your own TLS-secured "syslog" receiver and push the events from your PoD instance.

Essentials is a simplified service for small businesses and therefore doesn't have all the bells and whistles that "full" Enterprise setup has. But is way cheaper as I remember.

Reply

danielbb
Motivator
‎02-11-2025 10:08 AM

Thank you Rick for the information!

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-10-2025 11:20 PM

Hi @danielbb ,

I don't think it's possible with that ProofPoint, due to a problem at the source of it.
I have integrated many ProofPoints, but honestly I couldn't tell you what version or type of PP there was.

Ciao.

Giuseppe

Reply

danielbb
Motivator
‎02-11-2025 10:08 AM

Thanks a lot!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
Top