The Proofpoint TAP (Targeted Attack Protection) CDF allows you to ingest and relate the emails of users who have clicked on malicious links, as well as these malicious links and their senders from the Proofpoint TAP SIEM endpoint.

The integration provides the following feed:

• Proofpoint TAP Events - ingests and relates the emails of users who have clicked on malicious links.
• Proofpoint TAP Campaigns - ingests data about campaigns.
• Proofpoint TAP Emails - ingests data about emails

The integration ingests the following system objects:

• Adversary
• Campaigns
• Corporate Emails (custom object)
• Events
• Incidents
• Indicators
  • Indicator Attributes
• Malware
• TTP