Copyright (c) 2010-2019 by Proofpoint, Inc. All Rights Reserved.
Proofpoint On Demand, Proofpoint Protection Server and the Proofpoint logos are trademarks or registered trademarks of Proofpoint, Inc.
|About||Proofpoint On Demand Email Security App|
|Technology Add-on (TA)||Proofpoint On Demand Email Security Add On|
|Technology Add-on (TA)||Proofpoint TAP SIEM Modular Input|
|Vendor Products||Proofpoint On Demand 8.0 and above|
|Target Attack Protection|
|Has index-time operations||False|
|Create an index||False|
|Splunk Enterprise versions||6.5, 6.6, 7.0, 7.1, 7.2|
|Requires Splunk Restart||Yes|
In a single server deployment, single instance of Splunk Enterprise functions as data collection node, indexer and search head. In such deployment, install the add-ons Proofpoint Email Security Add-On and Proofpoint TAP SIEM Modular Input. After that, install Proofpoint Email Security App For Splunk.
In a distributed deployment, typically a combination of forwarders are deployed for data collection, separate indexer nodes for data ingestion and search heads for data visualization are deployed. We recommend installing our Add-Ons on both Forwarder and Search heads and the App on the search head.
|Proofpoint On Demand Email Security Add-on||Install||No (Note)||Install|
|Proofpoint TAP SIEM Modular Input 1.0.1 available (TA)||Install||No (Note)||Install|
|Proofpoint On Demand Email Security App||No||No||Install|
Note: When there is no forwarder, you will have to install the Add-on on Indexer.
By default this app uses the "main" index to look for Proofpoint logs. To change this to an index that the Proofpoint On Demand Email Security Add-on uses, you need to edit the get_pps_index macro. Here are the steps:
By default, the data model acceleration is not enabled. You need to enable this to make sure the dashboards show the realtime data.
Note: Please wait few minutes after the changing the Acceleration settings to check the dashboard.
Dec. 17, 2018
This App is designed to work with Proofpoint On Demand Email Security Add On.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.