Latest Version 1.4.4
February 24, 2025
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Proofpoint Isolation Add-on
Customers interested in integrating Proofpoint Isolation logs with Splunk can utilize this custom-built add-on. This technology add-on focuses on normalizing the isolation logs based on the Splunk Common Information Model (CIM) for web and email URL isolation. Isolation Reporting API: The isolation reporting API provides a feed for all user request activity within the Browser/Email and URL Isolation products. For each entry within the API, the result contains a URL with an associated classification and disposition. Available Dispositions: EXIT_ISOLATION – User exited Isolation. BLOCK – Isolation blocked the URL. ALLOW – Isolation allows the URL to be displayed. BLOCK_DOWNLOAD – Isolation blocked a download attempt. BLOCK_UPLOAD – Isolation blocked an upload attempt. BLOCK_IFRAME – Isolation blocked the URL from being displayed inside the iFrame. ALLOW_DOWNLOAD – Isolation allowed a download. ALLOW_UPLOAD – Isolation allowed an upload. ALLOW_IFRAME – Isolation allowed the URL to be displayed inside the iFrame. Available Classifications: USER – Action performed by a user. MALWARE – Classified as malware. CONTENT_FILTERING – Classified as URL defined as should block in the content filtering configuration. PHISH – Classified as a phishing URL. BLOCKED_BY_POLICY – Classified as should be blocked by the policy defined in the Mail security product (valid only in URL isolation). DLP – Blocked by DLP policy. API Endpoints: Web Isolation URI: https://proofpointisolation.com/api/v2/reporting/usage-data](https://proofpointisolation.com/api/v2/reporting/usage-data URL Isolation URI: https://urlisolation.com/api/v2/reporting/usage-data](https://urlisolation.com/api/v2/reporting/usage-data
Built by Proofpoint Splunk Integrations
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1
CIM Version: 5.x, 4.x
Rating
0
(0)
Log in to rate this app
Support
Developer Supported addon
Customers interested in integrating Proofpoint Isolation logs with Splunk can utilize this custom-built add-on. This technology add-on focuses on normalizing the isolation logs based on the Splunk Common Information Model (CIM) for web and email URL isolation.
Isolation Reporting API:
The isolation reporting API provides a feed for all user request activity within the Browser/Email and URL Isolation products. For each entry within the API, the result contains a URL with an associated classification and disposition.
Available Dispositions:
EXIT_ISOLATION – User exited Isolation.
BLOCK – Isolation blocked the URL.
ALLOW – Isolation allows the URL to be displayed.
BLOCK_DOWNLOAD – Isolation blocked a download attempt.
BLOCK_UPLOAD – Isolation blocked an upload attempt.
BLOCK_IFRAME – Isolation blocked the URL from being displayed inside the iFrame.
ALLOW_DOWNLOAD – Isolation allowed a download.
ALLOW_UPLOAD – Isolation allowed an upload.
ALLOW_IFRAME – Isolation allowed the URL to be displayed inside the iFrame.
Available Classifications:
USER – Action performed by a user.
MALWARE – Classified as malware.
CONTENT_FILTERING – Classified as URL defined as should block in the content filtering configuration.
PHISH – Classified as a phishing URL.
BLOCKED_BY_POLICY – Classified as should be blocked by the policy defined in the Mail security product (valid only in URL isolation).
DLP – Blocked by DLP policy.
API Endpoints:
Web Isolation URI: https://proofpointisolation.com/api/v2/reporting/usage-data](https://proofpointisolation.com/api/v2/reporting/usage-data
URL Isolation URI: https://urlisolation.com/api/v2/reporting/usage-data](https://urlisolation.com/api/v2/reporting/usage-data
Categories
Created By
Proofpoint Splunk Integrations
Type
addon
Downloads
1,467
Licensing
Splunk Answers
Resources
Login to report this app listing