CCX Extensions for Proofpoint Products (PoD/TAP/TRAP)

About Us: CyberCX is Australia’s greatest force of cyber security experts. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk. Description: CCX Security Operations has taken it upon ourselves to improve the existing Splunk Add-ons "Proofpoint On Demand Email Security Add On" and "Proofpoint TAP Modular Input" as to ensure it is as CIM compliant as possible. This TA does not replace the public Splunk Add-ons for "Proofpoint On Demand Email Security Add On" and "Proofpoint TAP Modular Input", but works as an additional extension to be deployed on Search Heads (only). Currently, this add-on provides additional field extraction and CIM compliance for sourcetypes: - pps_messagelog (Proofpoint On Demand Email Security) - proofpoint_tap_siem (Proofpoint Targeted Attack Protection - TAP) - ccx:proofpoint:trap:hec (Proofpoint Threat Response Auto-Pull - TRAP) Fully compatible with Splunk Enterprise and Splunk Cloud, built by an Ops team for Ops teams. Features: - This TA currently supports logtypes tagged under the following CIM datamodels: Email, Intrusion Detection (IDS), and Malware.