In this article, you will learn how to integrate Proofpoint’s Email Security and Protection product with SecurityCoach. Once the integration is complete, data provided by Proofpoint will be available for use under the SecurityCoach tab of your KSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.
Obtain Your Proofpoint Client ID and API Key
Before you set up the integration in your KSAT console, you will need to obtain your Proofpoint Client ID and API key. Proofpoint uses a service principal and secret to authenticate to the SIEM API.
To obtain these items, follow the steps below:
- Log in to your Proofpoint console and navigate to the Threat Insight Dashboard.
- Find the settings page.
- Locate your Client ID and API Key and save them to a place that you can easily access. You will need these items to complete the integration setup in the Set Up the Integration in Your KSAT Console section of this article.
Set Up the Integration in Your KSAT Console
Once you have your Proofpoint Client ID and API key, you can set up the integration in your KSAT console. To register Proofpoint with SecurityCoach in your KSAT console, follow the steps below:
- Log in to your KSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
- Locate Proofpoint and click Configure.
- Enter the Client ID and the API Key.
- Click Authorize.
Map Your Users
After you’ve finished integrating Proofpoint, you can map your users either through mapping rules (recommended) or through a CSV file upload. For more information about user mapping, see our Mapping Users in SecurityCoach article.
Once you’ve successfully authorized this integration, you can manage detection rules for Proofpoint on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.