Getting Data In
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to I retrieve proofpoint data?

danielbb
Motivator
‎02-03-2025 08:30 AM

Looking at Splunk base, and there are quite a lot of Proofpoint apps/TAs, which one should I install in order to connect to the Proofpoint endpoint and receive the data? 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-03-2025 08:35 AM

Hi @danielbb ,

there are many ProofPoint modules and many ways to take logs (syslogs, scripts, etc...)

see here to be guided: https://www.proofpoint.com/us/partners/splunk

Ciao.

Giuseppe

Reply

danielbb
Motivator
‎02-10-2025 10:26 AM

Thank you @gcusello. Our Proofpoint account manager said the following - 

"There is an API but no mail flow API so Splunk wouldn't have anything on the Essentials side. Enterprise side - Remote Syslog gets them all sorts of mail flow details!
 Having said that, the only way to get an integration with Splunk would be to upgrade from Essentials to our Enterprise email."

Is there a way to get the Proofpoint data without an upgrade?
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-11-2025 01:24 AM

Proofpoint Essentials is - as far as I remember - a simplified Proofpoint on Demand service.

Proofpoint Enterprise can be deployed as either Proofpoint-managed Proofpoint on Demand service or an on-premise Proofpoint Protection Server installation.

As I understand, you're using Essentials so you're not interested in an on-premise installation. So your only way to get the detailed email flow info would be to upgrade to Enterprise and license the Remote Syslog Forwarding feature. Then you can set up your own TLS-secured "syslog" receiver and push the events from your PoD instance.

Essentials is a simplified service for small businesses and therefore doesn't have all the bells and whistles that "full" Enterprise setup has. But is way cheaper as I remember.

Reply

danielbb
Motivator
‎02-11-2025 10:08 AM

Thank you Rick for the information!

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-10-2025 11:20 PM

Hi @danielbb ,

I don't think it's possible with that ProofPoint, due to a problem at the source of it.
I have integrated many ProofPoints, but honestly I couldn't tell you what version or type of PP there was.

Ciao.

Giuseppe

Reply

danielbb
Motivator
‎02-11-2025 10:08 AM

Thanks a lot!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...
Top