您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

将 Proofpoint on demand 点播电子邮件安全 (POD) 解决方案连接到 Azure SentinelConnect your Proofpoint On Demand Email Security (POD) solution to Azure Sentinel

重要

Proofpoint on demand 点播电子邮件安全连接器当前为 预览版The Proofpoint On Demand Email Security connector is currently in PREVIEW. 请参阅 Microsoft Azure 预览版的补充使用条款 ,了解适用于 Azure 功能的其他法律条款,这些功能适用于 beta 版、预览版或其他情况下尚未公开上市。See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

本文介绍了如何将 Proofpoint on demand 点播电子邮件安全设备连接到 Azure Sentinel。This article explains how to connect your Proofpoint On Demand Email Security appliance to Azure Sentinel. POD 数据连接器可让你轻松地将 POD 日志与 Azure Sentinel 连接,以便你可以查看工作簿中的数据,使用它创建自定义警报,并将其合并以改进调查。The POD data connector allows you to easily connect your POD logs with Azure Sentinel, so that you can view the data in workbooks, use it to create custom alerts, and incorporate it to improve investigation. Proofpoint on demand 点播 Email Security 与 Azure Sentinel 之间的集成利用了 Websocket API。Integration between Proofpoint On Demand Email Security and Azure Sentinel makes use of Websocket API.

备注

数据将存储在运行 Azure Sentinel 的工作区的地理位置。Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.

先决条件Prerequisites

配置并连接 Proofpoint on demand 点播电子邮件安全性Configure and connect Proofpoint On Demand Email Security

Proofpoint on demand 点播电子邮件安全可以将日志直接集成到 Azure Sentinel。Proofpoint On Demand Email Security can integrate and export logs directly to Azure Sentinel.

  1. 在 Azure Sentinel 导航菜单中,选择 " 数据连接器"。In the Azure Sentinel navigation menu, select Data connectors.

  2. 数据连接器 库中,选择 "Proofpoint on demand 点播 Email Security (Preview") ,然后单击 " 连接器" 页面From the Data connectors gallery, select Proofpoint On Demand Email Security (Preview) and then Open connector page.

  3. 按照 "连接器" 页的 " 配置 " 部分中所述的步骤进行操作。Follow the steps described in the Configuration section of the connector page.

查找数据Find your data

成功建立连接后,数据将显示在 " 日志" 下的 " 自定义日志" 下面的表中:After a successful connection is established, the data appears in Logs, under Custom Logs, in the following tables:

  • ProofpointPOD_message_CL
  • ProofpointPOD_maillog_CL

请参阅连接器页中的 " 后续步骤 " 选项卡,了解一些有用的示例查询。See the Next steps tab in the connector page for some useful sample queries.

验证连接Validate connectivity

可能需要长达60分钟,直到日志开始出现在 Log Analytics 中。It may take up to 60 minutes until your logs start to appear in Log Analytics.

后续步骤Next steps

本文档介绍了如何将 Proofpoint on demand 点播电子邮件安全连接到 Azure Sentinel。In this document, you learned how to connect Proofpoint On Demand Email Security to Azure Sentinel. 要详细了解 Azure Sentinel,请参阅以下文章:To learn more about Azure Sentinel, see the following articles: