Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to I retrieve proofpoint data?

danielbb
Motivator
‎02-03-2025 08:30 AM

Looking at Splunk base, and there are quite a lot of Proofpoint apps/TAs, which one should I install in order to connect to the Proofpoint endpoint and receive the data? 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-03-2025 08:35 AM

Hi @danielbb ,

there are many ProofPoint modules and many ways to take logs (syslogs, scripts, etc...)

see here to be guided: https://www.proofpoint.com/us/partners/splunk

Ciao.

Giuseppe

Reply

danielbb
Motivator
‎02-10-2025 10:26 AM

Thank you @gcusello. Our Proofpoint account manager said the following - 

"There is an API but no mail flow API so Splunk wouldn't have anything on the Essentials side. Enterprise side - Remote Syslog gets them all sorts of mail flow details!
 Having said that, the only way to get an integration with Splunk would be to upgrade from Essentials to our Enterprise email."

Is there a way to get the Proofpoint data without an upgrade?
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-11-2025 01:24 AM

Proofpoint Essentials is - as far as I remember - a simplified Proofpoint on Demand service.

Proofpoint Enterprise can be deployed as either Proofpoint-managed Proofpoint on Demand service or an on-premise Proofpoint Protection Server installation.

As I understand, you're using Essentials so you're not interested in an on-premise installation. So your only way to get the detailed email flow info would be to upgrade to Enterprise and license the Remote Syslog Forwarding feature. Then you can set up your own TLS-secured "syslog" receiver and push the events from your PoD instance.

Essentials is a simplified service for small businesses and therefore doesn't have all the bells and whistles that "full" Enterprise setup has. But is way cheaper as I remember.

Reply

danielbb
Motivator
‎02-11-2025 10:08 AM

Thank you Rick for the information!

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-10-2025 11:20 PM

Hi @danielbb ,

I don't think it's possible with that ProofPoint, due to a problem at the source of it.
I have integrated many ProofPoints, but honestly I couldn't tell you what version or type of PP there was.

Ciao.

Giuseppe

Reply

danielbb
Motivator
‎02-11-2025 10:08 AM

Thanks a lot!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...