Connect your Proofpoint TAP to Azure Sentinel with Azure Function
The Proofpoint Targeted Attack Protection (TAP) connector allows you to easily connect all your Proofpoint TAP security solution logs with Azure Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between Proofpoint TAP and Azure Sentinel makes use of Azure Functions to pull log data using REST API.
Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.
Configure and connect Proofpoint TAP
Azure Functions can integrate and pull events and logs directly from Proofpoint TAP and forward them to Azure Sentinel.
In the Azure Sentinel portal, click Data connectors and select Proofpoint TAP connector.
Select Open connector page.
Follow the instructions on the Proofpoint TAP page.
Find your data
After a successful connection is established, the data appears in Log Analytics under the ProofpointTAPMessagesBlocked_CL, ProofpointTAPMessagesDelivered_CL, ProofpointTAPClicksPermitted_CL and ProofpointTAPClicksBlocked_CL tables.
It may take upwards of 20 minutes until your logs start to appear in Log Analytics.
In this document, you learned how to connect Proofpoint TAP to Azure Sentinel using Azure Function Apps. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.
- Use workbooks to monitor your data.