Solved: Resource/guide sought for ProofPoint TRAP [ThreatR...

SunilMaharishi · ‎01-03-2018

Hello Team ,

we have requirement to integrete the proofpoint threat response [ TRAP] appliance logs within splunk. i have checked and gone through documentation here and it seems we have options to integrate proofpoint email gateway and tap appliances but it seems there is no info i could find on how to integrate proofpoint Trap within spunk .

Kindly help to understand this , may be what i suspect is all logs we can capture using proofpoint email gateway itself and trap integration is not required or there is way to integrate the trap appliances logs , i dont have much idea how proofpoint exactly functions which is causing more confusion

Help is appreciated , currently we have proofpoint email gateway and TAP appliances and trap implemented in the organization and we are planning to integrate all 3 with splunk

eckolp2003 · ‎01-03-2018

There is not currently an integration with Splunk to send the TRAP logs into Splunk. We are working on adding this in a future release but do not have a firm timeline yet.

You are correct, only the email gateway and TAP have an integration with Splunk currently.

You can download the APP and related TA's here-

App:
https://splunkbase.splunk.com/app/3727/#/details

Gateway TA:
https://splunkbase.splunk.com/app/3080/

TAP TA:
https://splunkbase.splunk.com/app/3681/

View solution in original post

rferg06 · ‎07-03-2024

Any chance that there will be a Splunk integration for TRAP?

eckolp2003 · ‎01-03-2018

There is not currently an integration with Splunk to send the TRAP logs into Splunk. We are working on adding this in a future release but do not have a firm timeline yet.

You are correct, only the email gateway and TAP have an integration with Splunk currently.

You can download the APP and related TA's here-

App:
https://splunkbase.splunk.com/app/3727/#/details

Gateway TA:
https://splunkbase.splunk.com/app/3080/

TAP TA:
https://splunkbase.splunk.com/app/3681/

jbuckner85 · ‎12-08-2023

Hello, we have a requirement for this as well. Is there any update to this discussion? We have a need to integrate data sourced from ThreatResponse into our splunk solution.

SunilMaharishi · ‎01-03-2018

Thank you . So is integrating the gateway and tap solve the issue or trap does provide significant logs which aren't captured at email gateway end .

I mean email gateway also can send quarantine email and other logs . If you have any idea will be helpful

eckolp2003 · ‎01-03-2018

TRAP will have just logging of incidents which are basically pulled emails related to threats. This will still only be logged in the TRAP console but you can see the TAP related events in Splunk.

lpanella · ‎04-20-2023

Hello! Any news about TRAP the integration?

manderson7 · ‎03-20-2019

I know this is a very old thread, but I'm looking for a proofpoint TRAP add-on for Splunk. I see that the data can come in via syslog, but I'm concerned about field extractions. Is there one yet, or is there documentation for it yet?

skyelowryvancit · ‎10-31-2019

I am also looking for this, Any updates from Proofpoint on this one?

ylucena · ‎12-03-2019

Same here... Looking forward to integrate TRAP with splunk

riegelo · ‎07-15-2020

Just checking in to see if there has been any updates on proofpoint TRAP integration. I have been able to get the events into Splunk via syslog, but parsing is another matter. Unless I missed something I don't see any TA currently available in Splunkbase.

lpino · ‎04-19-2023

Hi there,

I know it passed quite a long time, but I am struggling to import TRAP logs into Splunk too.
Any news about this? Where did you set up syslog forwarding?

Thanks in advance

Resource/guide sought for ProofPoint TRAP [ThreatResponse] integration with Splunk

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!