Getting Data In

Resource/guide sought for ProofPoint TRAP [ThreatResponse] integration with Splunk

SunilMaharishi
Path Finder

Hello Team ,

we have requirement to integrete the proofpoint threat response [ TRAP] appliance logs within splunk. i have checked and gone through documentation here and it seems we have options to integrate proofpoint email gateway and tap appliances but it seems there is no info i could find on how to integrate proofpoint Trap within spunk .

Kindly help to understand this , may be what i suspect is all logs we can capture using proofpoint email gateway itself and trap integration is not required or there is way to integrate the trap appliances logs , i dont have much idea how proofpoint exactly functions which is causing more confusion

Help is appreciated , currently we have proofpoint email gateway and TAP appliances and trap implemented in the organization and we are planning to integrate all 3 with splunk

1 Solution

eckolp2003
Path Finder

There is not currently an integration with Splunk to send the TRAP logs into Splunk. We are working on adding this in a future release but do not have a firm timeline yet.

You are correct, only the email gateway and TAP have an integration with Splunk currently.

You can download the APP and related TA's here-

App:
https://splunkbase.splunk.com/app/3727/#/details

Gateway TA:
https://splunkbase.splunk.com/app/3080/

TAP TA:
https://splunkbase.splunk.com/app/3681/

View solution in original post

0 Karma

eckolp2003
Path Finder

There is not currently an integration with Splunk to send the TRAP logs into Splunk. We are working on adding this in a future release but do not have a firm timeline yet.

You are correct, only the email gateway and TAP have an integration with Splunk currently.

You can download the APP and related TA's here-

App:
https://splunkbase.splunk.com/app/3727/#/details

Gateway TA:
https://splunkbase.splunk.com/app/3080/

TAP TA:
https://splunkbase.splunk.com/app/3681/

0 Karma

jbuckner85
Path Finder

Hello, we have a requirement for this as well. Is there any update to this discussion? We have a need to integrate data sourced from ThreatResponse into our splunk solution.

0 Karma

SunilMaharishi
Path Finder

Thank you . So is integrating the gateway and tap solve the issue or trap does provide significant logs which aren't captured at email gateway end .

I mean email gateway also can send quarantine email and other logs . If you have any idea will be helpful

0 Karma

eckolp2003
Path Finder

TRAP will have just logging of incidents which are basically pulled emails related to threats. This will still only be logged in the TRAP console but you can see the TAP related events in Splunk.

0 Karma

lpanella
New Member

Hello! Any news about TRAP the integration?

0 Karma

manderson7
Contributor

I know this is a very old thread, but I'm looking for a proofpoint TRAP add-on for Splunk. I see that the data can come in via syslog, but I'm concerned about field extractions. Is there one yet, or is there documentation for it yet?

skyelowryvancit
Explorer

I am also looking for this, Any updates from Proofpoint on this one?

ylucena
Explorer

Same here... Looking forward to integrate TRAP with splunk

riegelo
Engager

Just checking in to see if there has been any updates on proofpoint TRAP integration. I have been able to get the events into Splunk via syslog, but parsing is another matter. Unless I missed something I don't see any TA currently available in Splunkbase.

lpino
Path Finder

Hi there,

I know it passed quite a long time, but I am struggling to import TRAP logs into Splunk too.
Any news about this? Where did you set up syslog forwarding?

Thanks in advance

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...