Details
Content
Dependencies
Version History

Proofpoint Cloud Threat Response (CTR) is the cloud-based alternative to TRAP (Threat Response Auto-Pull). known for its effective post-delivery remediation capabilities. Not only is this solution easy to use, but it also automates post-detection incident response and remediation tasks that slow down security teams.

Proofpoint Cloud Threat Response

Proofpoint Cloud Threat Response (CTR) is the cloud-based alternative to Proofpoint TRAP (Threat Response Auto-Pull). It automates post-detection incident response and remediation tasks.

What does this pack do?

Fetches Proofpoint Cloud Threat Response incidents into Cortex for case management.
Lists and filters incidents by source, verdict, disposition, confidence, state, time range, or specific IDs.
Retrieves detailed metadata (activities, summary, dispositions) for a specific incident.

Use Cases

Case management: Fetch CTR incidents to work inside Cortex. Closure of incidents is performed in the CTR UI (the CTR API does not currently expose a close-incident endpoint).

Proofpoint Cloud Threat Response

Proofpoint Cloud Threat Response (CTR) is the cloud-based alternative to Proofpoint TRAP (Threat Response Auto-Pull). It automates post-detection incident response and remediation tasks.

What does this pack do?

Fetches Proofpoint Cloud Threat Response incidents into Cortex for case management.
Lists and filters incidents by source, verdict, disposition, confidence, state, time range, or specific IDs.
Retrieves detailed metadata (activities, summary, dispositions) for a specific incident.

Use Cases

Case management: Fetch CTR incidents to work inside Cortex. Closure of incidents is performed in the CTR UI (the CTR API does not currently expose a close-incident endpoint).

Classifiers

Name	Description
Proofpoint Cloud Threat Response - Incoming Mapper	Maps incoming Proofpoint Cloud Threat Response incident fields to Cortex XSOAR Common Type fields.

Incident Types

Name	Description
Cloud Threat Response Incident

Integrations

Name	Description
Proofpoint Cloud Threat Response	Fetches Proofpoint Cloud Threat Response (CTR) incidents into Cortex XSOAR for case management, and exposes commands to list and retrieve incident details.

Layouts

Name	Description
Cloud Threat Response Incident	Layout for Proofpoint Cloud Threat Response incidents.

Classifiers

Name	Description
Proofpoint Cloud Threat Response - Incoming Mapper	Maps incoming Proofpoint Cloud Threat Response incident fields to Cortex Common Type fields.

Incident Types

Name	Description
Cloud Threat Response Incident

Integrations

Name	Description
Proofpoint Cloud Threat Response	Fetches Proofpoint Cloud Threat Response (CTR) incidents into Cortex for case management, and exposes commands to list and retrieve incident details.

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	June 4, 2026
Last Release	June 4, 2026

Case Management

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.