Proofpoint Threat Protection Integration

Proofpoint Threat Protection is an email security gateway that analyzes and classifies email to protect against various kinds of email-borne threats including malware, BEC, and more. In Cisco XDR, Proofpoint provides information about detected security threats for correlation and analysis.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the Proofpoint Threat Protection integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The Proofpoint Threat Protection integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Proofpoint Threat Protection integration in Cisco XDR.

Incidents are groups of correlated events generated using data ingested from your integrated products. By correlating events which could be part of a larger threat into an incident, it reduces the time typically required to investigate individual security alerts or detections. For more information about Cisco XDR Incidents feature, see Incidents.

When you enable the Proofpoint Threat Protection integration, Cisco XDR ingests detected security threats from Proofpoint for incident correlation.

To view incidents with Proofpoint Threat Protection data:

  1. In the Cisco XDR navigation menu, choose Incidents.

  2. Look for Proofpoint in the Source column to find incidents generated with Proofpoint Threat Protection data.

  3. Select an incident and open the Incident Detail page.

  4. Click on the Detection page to see events from Proofpoint and other sources.

If you do not have any incidents with Proofpoint data, you can verify that Cisco XDR is receiving data from Proofpoint using the Detection Ingest Status card on the Dashboards page. For more information about Cisco XDR Dashboards, see Dashboards.

To create a new dashboard that includes Detection Ingest Status card:

  1. In the Cisco XDR navigation menu, choose Control Center > Dashboards and click Customize in the upper right corner of the Dashboards page.

  2. In the My Dashboards area, click Create new dashboard and enter a unique dashboard name in the Dashboard Name field.

  3. In the list of integrations, find the Secure Cloud Analytics integration and click the (Expand) icon.

  4. Check the Detection Ingest Status check box to add the card to the dashboard.

  5. Click Save.

    The new customized dashboard is displayed on the Dashboards page. If no data is displayed in the Detection Ingest Status card for Proofpoint, check your integration configuration.