Hello, we have a requirement for this as well. Is there any update to this discussion? We have a need to integrate data sourced from ThreatResponse into our splunk solution.
... View more
After configuring pps and receiving data:
Data input -> Proofpoint TAP SIEM Modular Input
Name, Principal,Secret,
Siem url host=tap-api-v2.proofpoint.com
Sourcetype=proofpoint_tap_siem
index (we were limited in choices for some reason, which caused us to update the macro set up in pps config)
... View more
Please follow this guide:
https://splunkbase.splunk.com/app/3727/#/details
You should be installing this both on the search head and a heavy forwarder. You do not need to edit the conf file if you do this.
... View more
Hi,
Could be data-model acceleration problem. If it is newly installed add-on, kindly check whether the data-model is accelerated 100%. Please also check your indexer name is matching with your data-model constrain macro. By default that macro takes index=main, if it is different index, then please update with your latest index details to data get populated.
Thanks.
... View more
Thanks Mary. This code change should occur in a future version release to permanently correct this issue but your method is a valid work around for now.
... View more
Proofpoint now has a beta app that will allow you report on and visualze your Proofpoint Protection Server and TAP data! Check out the new app here:
https://splunkbase.splunk.com/app/3727/#/details
Be sure to follow the instructions listed in the details to get all the needed TA's etc that the app needs to work correctly.
... View more
Proofpoint now has a beta app that will allow you report on and visualze your Proofpoint Protection Server and TAP data! Check out the new app here:
https://splunkbase.splunk.com/app/3727/#/details
Be sure to follow the instructions listed in the details to get all the needed TA's etc that the app needs to work correctly.
... View more
Proofpoint now has a beta app that will allow you report on and visualze your Proofpoint Protection Server and TAP data! Check out the new app here:
https://splunkbase.splunk.com/app/3727/#/details
Be sure to follow the instructions listed in the details to get all the needed TA's etc that the app needs to work correctly.
... View more
Proofpoint now has a beta app that will allow you report on and visualze your Proofpoint Protection Server and TAP data! Check out the new app here:
https://splunkbase.splunk.com/app/3727/#/details
Be sure to follow the instructions listed in the details to get all the needed TA's etc that the app needs to work correctly.
There are pre-built dashboards to aid in searching for message events.
... View more