Connect your Proofpoint On Demand Email Security (POD) solution to Azure Sentinel
This article explains how to connect your Proofpoint On Demand Email Security appliance to Azure Sentinel. The POD data connector allows you to easily connect your POD logs with Azure Sentinel, so that you can view the data in workbooks, use it to create custom alerts, and incorporate it to improve investigation. Integration between Proofpoint On Demand Email Security and Azure Sentinel makes use of Websocket API.
Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.
You must have read and write permission on the Azure Sentinel workspace.
You must have read permissions to shared keys for the workspace. Learn more about workspace keys.
You must have read and write permissions to Azure Functions in order to create a Function App. Learn more about Azure Functions.
You must have the following Websocket API credentials: ProofpointClusterID, ProofpointToken. Learn more about Websocket API.
Configure and connect Proofpoint On Demand Email Security
Proofpoint On Demand Email Security can integrate and export logs directly to Azure Sentinel.
In the Azure Sentinel navigation menu, select Data connectors.
From the Data connectors gallery, select Proofpoint On Demand Email Security (Preview) and then Open connector page.
Follow the steps described in the Configuration section of the connector page.
Find your data
After a successful connection is established, the data appears in Logs, under Custom Logs, in the following tables:
See the Next steps tab in the connector page for some useful sample queries.
It may take up to 60 minutes until your logs start to appear in Log Analytics.
In this document, you learned how to connect Proofpoint On Demand Email Security to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.
- Use workbooks to monitor your data.