Proofpoint provides inbound email security, outbound data loss prevention, digital risk, email encryption, and email archiving. TruSTAR's Enclave inbox functionality enables users with Proofpoint to ingest these emails and enrich suspicious IOCs with additional intelligence and pull that into their workflow tools.
This set-up requires TruSTAR users to be users of Proofpoint and able to configure forwarding rules.
After you have retrieved your Flashpoint API key follow these steps:
- Log into TruSTAR Station and navigate to Settings->Enclave inbox (https://station.trustar.co/settings/email).
- Follow the configuration instructions to set-up or update an Enclave inbox: https://support.trustar.co/article/xr5632rgzp-email-ingestNote: An enclave is limited to a single Enclave inbox configuration
- In the accepted sender include: email@example.comTip: Leaving the accepted prefix field blank will allow all emails to be ingested without a filter on the subject line
- Click Submit or Update
TruSTAR will process this request and users can expect to see reports populate within 15 minutes of a successful configuration.
After the set-up is complete you should see reports from Proofpoint TAP being submitted into your configured private enclave.
What IOCs are supported when emails are forwarded from Proofpoint?
You can find the whole list here.
How can I set up my Proofpoint TAP to forward phishing emails to my enclave in TruSTAR ?
Refer to video for directions on setting up Proofpoint to forward phishing emails via TruSTAR enclave inbox: https://www.youtube.com/watch?v=sMRDghZ0xIo
How do I configure Proofpoint to unwind the encoding URL so it becomes extractable in TruSTAR?
Navigate to the 'Email Protection' tab in the Proofpoint configuration panel (see screenshot) and configure the rewrite settings. This is explained in further detail at the 2:10 mark in the configuration video: https://www.youtube.com/watch?v=sMRDghZ0xIo
Please reach out to firstname.lastname@example.org for any additional questions.