Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Proofpoint Isolation Add-on app icon

Proofpoint Isolation Add-on

Customers interested in integrating Proofpoint Isolation logs with Splunk can utilize this custom-built add-on. This technology add-on focuses on normalizing the isolation logs based on the Splunk Common Information Model (CIM) for web and email URL isolation.

splunk product badge

Latest Version 1.4.4
February 24, 2025
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1
CIM Version: 5.x, 4.x
Rating

0

(0)

Log in to rate this app
Support
Proofpoint Isolation Add-on support icon
Developer Supported addon
Customers interested in integrating Proofpoint Isolation logs with Splunk can utilize this custom-built add-on. This technology add-on focuses on normalizing the isolation logs based on the Splunk Common Information Model (CIM) for web and email URL isolation. Isolation Reporting API: The isolation reporting API provides a feed for all user request activity within the Browser/Email and URL Isolation products. For each entry within the API, the result contains a URL with an associated classification and disposition. Available Dispositions: EXIT_ISOLATION – User exited Isolation. BLOCK – Isolation blocked the URL. ALLOW – Isolation allows the URL to be displayed. BLOCK_DOWNLOAD – Isolation blocked a download attempt. BLOCK_UPLOAD – Isolation blocked an upload attempt. BLOCK_IFRAME – Isolation blocked the URL from being displayed inside the iFrame. ALLOW_DOWNLOAD – Isolation allowed a download. ALLOW_UPLOAD – Isolation allowed an upload. ALLOW_IFRAME – Isolation allowed the URL to be displayed inside the iFrame. Available Classifications: USER – Action performed by a user. MALWARE – Classified as malware. CONTENT_FILTERING – Classified as URL defined as should block in the content filtering configuration. PHISH – Classified as a phishing URL. BLOCKED_BY_POLICY – Classified as should be blocked by the policy defined in the Mail security product (valid only in URL isolation). DLP – Blocked by DLP policy. API Endpoints: Web Isolation URI: https://proofpointisolation.com/api/v2/reporting/usage-data](https://proofpointisolation.com/api/v2/reporting/usage-data URL Isolation URI: https://urlisolation.com/api/v2/reporting/usage-data](https://urlisolation.com/api/v2/reporting/usage-data

Categories

Created By

Proofpoint Splunk Integrations

Type

addon

Downloads

1,507

Resources

Log in to report this app listing