Proofpoint Isolation Add-on

Customers interested in integrating Proofpoint Isolation logs with Splunk can utilize this custom-built add-on. This technology add-on focuses on normalizing the isolation logs based on the Splunk Common Information Model (CIM) for web and email URL isolation. Isolation Reporting API: The isolation reporting API provides a feed for all user request activity within the Browser/Email and URL Isolation products. For each entry within the API, the result contains a URL with an associated classification and disposition. Available Dispositions: EXIT_ISOLATION – User exited Isolation. BLOCK – Isolation blocked the URL. ALLOW – Isolation allows the URL to be displayed. BLOCK_DOWNLOAD – Isolation blocked a download attempt. BLOCK_UPLOAD – Isolation blocked an upload attempt. BLOCK_IFRAME – Isolation blocked the URL from being displayed inside the iFrame. ALLOW_DOWNLOAD – Isolation allowed a download. ALLOW_UPLOAD – Isolation allowed an upload. ALLOW_IFRAME – Isolation allowed the URL to be displayed inside the iFrame. Available Classifications: USER – Action performed by a user. MALWARE – Classified as malware. CONTENT_FILTERING – Classified as URL defined as should block in the content filtering configuration. PHISH – Classified as a phishing URL. BLOCKED_BY_POLICY – Classified as should be blocked by the policy defined in the Mail security product (valid only in URL isolation). DLP – Blocked by DLP policy. API Endpoints: Web Isolation URI: https://proofpointisolation.com/api/v2/reporting/usage-data](https://proofpointisolation.com/api/v2/reporting/usage-data URL Isolation URI: https://urlisolation.com/api/v2/reporting/usage-data](https://urlisolation.com/api/v2/reporting/usage-data