Getting Data In

Resource/guide sought for ProofPoint TRAP [ThreatResponse] integration with Splunk

Path Finder

Hello Team ,

we have requirement to integrete the proofpoint threat response [ TRAP] appliance logs within splunk. i have checked and gone through documentation here and it seems we have options to integrate proofpoint email gateway and tap appliances but it seems there is no info i could find on how to integrate proofpoint Trap within spunk .

Kindly help to understand this , may be what i suspect is all logs we can capture using proofpoint email gateway itself and trap integration is not required or there is way to integrate the trap appliances logs , i dont have much idea how proofpoint exactly functions which is causing more confusion

Help is appreciated , currently we have proofpoint email gateway and TAP appliances and trap implemented in the organization and we are planning to integrate all 3 with splunk

0 Karma
1 Solution

Path Finder

There is not currently an integration with Splunk to send the TRAP logs into Splunk. We are working on adding this in a future release but do not have a firm timeline yet.

You are correct, only the email gateway and TAP have an integration with Splunk currently.

You can download the APP and related TA's here-

App:
https://splunkbase.splunk.com/app/3727/#/details

Gateway TA:
https://splunkbase.splunk.com/app/3080/

TAP TA:
https://splunkbase.splunk.com/app/3681/

View solution in original post

0 Karma

Path Finder

There is not currently an integration with Splunk to send the TRAP logs into Splunk. We are working on adding this in a future release but do not have a firm timeline yet.

You are correct, only the email gateway and TAP have an integration with Splunk currently.

You can download the APP and related TA's here-

App:
https://splunkbase.splunk.com/app/3727/#/details

Gateway TA:
https://splunkbase.splunk.com/app/3080/

TAP TA:
https://splunkbase.splunk.com/app/3681/

View solution in original post

0 Karma

Path Finder

Thank you . So is integrating the gateway and tap solve the issue or trap does provide significant logs which aren't captured at email gateway end .

I mean email gateway also can send quarantine email and other logs . If you have any idea will be helpful

0 Karma

Path Finder

TRAP will have just logging of incidents which are basically pulled emails related to threats. This will still only be logged in the TRAP console but you can see the TAP related events in Splunk.

0 Karma

Contributor

I know this is a very old thread, but I'm looking for a proofpoint TRAP add-on for Splunk. I see that the data can come in via syslog, but I'm concerned about field extractions. Is there one yet, or is there documentation for it yet?

0 Karma

I am also looking for this, Any updates from Proofpoint on this one?

0 Karma

Explorer

Same here... Looking forward to integrate TRAP with splunk

0 Karma

Loves-to-Learn Lots

Just checking in to see if there has been any updates on proofpoint TRAP integration. I have been able to get the events into Splunk via syslog, but parsing is another matter. Unless I missed something I don't see any TA currently available in Splunkbase.

0 Karma