icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Proofpoint Isolation TA for Splunk
SHA256 checksum (proofpoint-isolation-ta-for-splunk_108.tgz) 981d041a647e7fddc382f6314fdc774ef1a27d841173bb02af1d5d4e35b24c60
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Proofpoint Isolation TA for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
The reporting API provides a feed for all user request activity within the Browser/Email and URL Isolation products.

Each entry within the API result contains a URL to the page when allowed (ALLOW) or blocked (BLOCK) for the user. For each blocked page a reason is supplied (CONTENT_FILTER, MALWARE, PHISH).

API Endpoints:

Web Isolation URI: https://proofpointisolation.com/api/reporting/usage-data
URL Isolation URI: https://urlisolation.com/api/reporting/usage-data

Copyright (c) 2021 by Proofpoint, Inc. All Rights Reserved.

Proofpoint, Proofpoint Isolation and the Proofpoint logos are trademarks or registered trademarks of Proofpoint, Inc.

Product Name: Proofpoint Isolation Add-on
Author: Proofpoint Inc
Version: 1.0.8
Date: 2021-05-03
Supported products: Proofpoint URL Isolation and Proofpoint Web Isolation
Splunk requirements: Splunk Enterprise

INTRODUCTION:

The reporting API provides a feed for all user request activity within the Browser/Email and URL Isolation products.

Each entry within the API result contains a URL to the page when allowed (ALLOW) or blocked (BLOCK) for the user. For each blocked page a reason is supplied (CONTENT_FILTER, MALWARE, PHISH).

API Endpoints:

Web Isolation URI: https://proofpointisolation.com/api/reporting/usage-data
URL Isolation URI: https://urlisolation.com/api/reporting/usage-data

PREREQUISITES:

  1. Splunk Enterprise (tested with version 8.x on Windows and Linux Operating Systems).
  2. You will need a reporting API key from https://proofpointisolation.com to use the Isolation Reporting API.

INSTALLATION:

The Proofpoint Isolation add-on can be installed from the Splunkbase App Store or using an installation package from a local system. Both methods are described below.

  1. Installing the Proofpoint Isolation add-on from Splunkbase
    a. In the Splunk Web Home page, on top left corner, click on the "Manage Apps" gear icon.
    b. In the Apps page, click on the "Browse more apps" button.
    c. In the Browse More Apps page, search for "Proofpoint Isolation", which should appear at the top of the search result. Click on Install button.
    d. Upon successful installation, the add-on will be in the listing in the Apps page.

  2. Installing the TAP add-on from an installation file:
    a. In the Splunk Web Home page, on the top left corner, click on the "Manage Apps" gear icon.
    b. In the Apps page, click on the "Install app from file" button.
    c. To install, select the add-on package file (for example, ta-proofpoint-isolation.tar.gz).
    d. Upon successful installation, the add-on will be in the listing in the Apps page.

Add an input to collect events from Isolation Reporting API. It can be done using following steps:

  1. Using Splunk web UI:
    - Go to "App: Proofpoint Isolation" -> "Inputs" tab
    - Click on “Create New Input” and select Proofpoint Web Isolation or Proofpoint URL Isolation
    - Enter the name of your input (eg. corp_url_isoation or corp_web_isolation depending on the solution)
    - Enter the polling interval (eg. 600 is the recommended default)
    - Select the index where data should be stored
    - Enter the API Key
    - Enter the desired page size (eg. 10000 is the recommended default)
    - Enter the desired chunk size (eg. 10000 is the recommended default)
    - Once your inputs have been created successfully, click on start searching.

The interval determines how frequently your Splunk instance will poll for new events. The recommended(and default) setting is 600 seconds, or 10 minutes. Intervals below 300 seconds are not recommended.

THIRD PARTY COMPONENTS:

This modular input is packaged with the following third-party modules:

splunklib - http://dev.splunk.com/python

Release Notes

Version 1.0.8
May 3, 2021

Minor fix to internal versioning
Minor fix to datetime ISO format for API calls

7
Installs
5
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.