Skip to main content

Proofpoint Isolation

The Proofpoint Isolation pack enables automatic fetching and modeling rules for security events, such as Browser and Email Isolation logs.

Proofpoint Isolation

Proofpoint Isolation is a fully managed cloud-based solution that provides secure web browsing by isolating user sessions, protecting against threats like malware, phishing, and data breaches.

Proofpoint Isolation Event Collector:

The Proofpoint Isolation Event Collector fetches Browser and Email Isolation events,
providing details such as user activity, URLs accessed, classifications, and dispositions to
enhance security monitoring and incident response.

Supported Timestamp Formats:

Timestamp is extracted from the date field with the following format - yyyy-mm-ddTHH:MM:SS.SSS

Collect Events from Proofpoint Isolation (XSIAM)

On Proofpoint Isolation side:

  1. Navigate to Product Settings > Reporting API.
  2. Copy the Reporting API Key.

On Cortex XSIAM side:

  1. Navigate to Settings -> Data Sources -> Add Data Source.
  2. Type Proofpoint Isolation on the search bar.
  3. Select the Proofpoint Isolation integration.
  4. Click Connect.
  5. Set the following values:
    • Name as Proofpoint Isolation
    • API Key - Paste the Reporting API Key you copied from the Proofpoint Isolation UI.
  6. Click Connect.

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJanuary 26, 2025
Last ReleaseJanuary 28, 2025
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.