Details
Content
Dependencies
Version History

Proofpoint Cloud Threat Response (CTR) is the cloud-based alternative to TRAP (Threat Response Auto-Pull). known for its effective post-delivery remediation capabilities. Not only is this solution easy to use, but it also automates post-detection incident response and remediation tasks that slow down security teams.

Proofpoint Cloud Threat Response

Proofpoint Cloud Threat Response (CTR) is the cloud-based alternative to Proofpoint TRAP (Threat Response Auto-Pull). It automates post-detection incident response and remediation tasks.

What does this pack do?

Fetches Proofpoint Cloud Threat Response incidents into Cortex for case management.
Lists and filters incidents by source, verdict, disposition, confidence, state, time range, or specific IDs.
Retrieves detailed metadata (activities, summary, dispositions) for a specific incident.

Use Cases

Case management: Fetch CTR incidents to work inside Cortex. Closure of incidents is performed in the CTR UI (the CTR API does not currently expose a close-incident endpoint).

Proofpoint Cloud Threat Response

Proofpoint Cloud Threat Response (CTR) is the cloud-based alternative to Proofpoint TRAP (Threat Response Auto-Pull). It automates post-detection incident response and remediation tasks.

What does this pack do?

Fetches Proofpoint Cloud Threat Response incidents into Cortex for case management.
Lists and filters incidents by source, verdict, disposition, confidence, state, time range, or specific IDs.
Retrieves detailed metadata (activities, summary, dispositions) for a specific incident.

Use Cases

Case management: Fetch CTR incidents to work inside Cortex. Closure of incidents is performed in the CTR UI (the CTR API does not currently expose a close-incident endpoint).

Classifiers

Name	Description
Proofpoint Cloud Threat Response - Incoming Mapper	Maps incoming Proofpoint Cloud Threat Response incident fields to Cortex XSOAR Common Type fields.

Incident Types

Name	Description
Cloud Threat Response Incident

Integrations

Name	Description
Proofpoint Cloud Threat Response	Fetches Proofpoint Cloud Threat Response (CTR) incidents into Cortex XSOAR for case management, and exposes commands to list and retrieve incident details.

Layouts

Name	Description
Cloud Threat Response Incident	Layout for Proofpoint Cloud Threat Response incidents.

Classifiers

Name	Description
Proofpoint Cloud Threat Response - Incoming Mapper	Maps incoming Proofpoint Cloud Threat Response incident fields to Cortex Common Type fields.

Incident Types

Name	Description
Cloud Threat Response Incident

Integrations

Name	Description
Proofpoint Cloud Threat Response	Fetches Proofpoint Cloud Threat Response (CTR) incidents into Cortex for case management, and exposes commands to list and retrieve incident details.

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	June 4, 2026
Last Release	June 4, 2026

Case Management

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.