Using Proofpoint with TruSTAR
Proofpoint provides inbound email security, outbound data loss prevention, digital risk, email encryption, and email archiving. TruSTAR's Enclave Email Inbox functionality enables users with Proofpoint to ingest these emails and enrich suspicious IOCs with additional intelligence and pull that into their workflow tools.
- Proofpoint licensed user
- Permissions to configure forwarding rules.
- You must by a Company Administrator to set up Enclave email inboxes.
After you have retrieved your Proofpoint API key, follow these steps:
- Log into TruSTAR Station and navigate to User Settings -> Settings -> Enclave inbox.
- Follow the configuration instructions to set-up or update an Enclave email inbox.
- In the accepted sender field, include: email@example.comTip: Leaving the accepted prefix field blank will allow all emails to be ingested without a filter on the subject line
- Click Submit (new inbox) or Update (editing an existing inbox).
After the set-up is complete, reports from Proofpoint TAP will be submitted into your private enclave. You should expect to see reports populate within 15 minutes of a successful configuration.
What IOCs are supported when emails are forwarded from Proofpoint?
You can find the whole list here.
How can I set up my Proofpoint TAP to forward phishing emails to my enclave in TruSTAR ?
Refer to video for directions on setting up Proofpoint to forward phishing emails via TruSTAR enclave inbox: https://www.youtube.com/watch?v=sMRDghZ0xIo
How do I configure Proofpoint to unwind the encoding URL so it becomes extractable in TruSTAR?
Navigate to the 'Email Protection' tab in the Proofpoint configuration panel (see screenshot) and configure the rewrite settings. This is explained in further detail at the 2:10 mark in the configuration video: https://www.youtube.com/watch?v=sMRDghZ0xIo
Please reach out to firstname.lastname@example.org for any additional questions.