Proofpoint Integration Guide for Right-Hand Cybersecurity Human Risk Management Platform
This guide explains how to integrate Proofpoint’s Email Security and Protection product with the Right-Hand Cybersecurity Human Risk Management Platform. After completing the integration, Proofpoint data will become accessible within the Human Risk Management section of your console. You can use this data to create targeted campaigns and to enable real-time coaching campaigns.
Obtaining Your Proofpoint Service Principal and Secret
To configure the integration, you first need to retrieve your Proofpoint Service Principal and Secret. Proofpoint uses these credentials to authenticate access to its SIEM API.
Follow these steps to obtain your credentials:
Log in to the TAP dashboard.
Navigate to Settings > Connected Applications.
Click Create New Credential.
Name the new credential set and click Generate.
Copy the Service Principal and Secret and save them for later use.
For the more information on generating TAP credentials please follow the steps mentioned in the link Generate TAP Service Credentials.
Setting Up the Integration in Your Console
Once you have your Proofpoint credentials, you can proceed to configure the integration in the Right-Hand Cybersecurity Human Risk Management console:
Log in to your console and go to Right-hand Portal > Human Risk Management > Settings. Find Proofpoint in the list of integrations and click Configure.
Enter your Service Principal and Secret
Click Save and Authorize to complete the setup.
Once the Setup is complete click on the Detection Rules section and select the rules for which you want to enable Nudges or Targeted Campaigns.
Security Events Supported by Right-hand Proofpoint Integration
Imposter Threat directed at employee
This event is considered by Right-hand when following conditions are met in the received alerts
- the alert has to be a part of messagesBlocked category
- Attribute classification should have value “Impostor (for BEC/Message Text threats)"
Malware sent to an employee via Email
This event is considered by Right-hand when following conditions are met in the received alerts
- the alert has to be a part of messagesBlocked category
- Attribute classification should have value “Malware"
- Attribute threatType has no value
Spam directed at employee
This event is considered by Right-hand when following conditions are met in the received alerts
- the alert has to be a part of messagesBlocked category
- Attribute classification should have value "Spam"
Phishing Email directed at an employee
This event is considered by Right-hand when following conditions are met in the received alerts
- the alert has to be a part of messagesBlocked category
- Attribute classification should have value “Phish"
Unsafe Attachments sent to an employee via email
This event is considered by Right-hand when following conditions are met in the received alerts
- the alert has to be a part of messagesBlocked category
- Attribute classification should have value “Malware"
- Attribute threatType has value "Attachment"
URL redirecting to a site hosting malware sent to employee via Email
This event is considered by Right-hand when following conditions are met in the received alerts
- the alert has to be a part of messagesBlocked category
- Attribute classification should have value “Malware"
- Attribute threatType has value of "URL"
Employee clicked on a URL containing Malware sent via an email
This event is considered by Right-hand when following conditions are met in the received alerts
- the alert has to be a part of clicksBlocked category
- Attribute classification should have value “Malware"
Spam Containing Unsafe Attachment Detected by Proofpoint
This event is considered by Right-hand when following conditions are met in the received alerts
- the alert has to be a part of messagesBlocked category
- Attribute classification should have value “Spam"
- Attribute threatType has value "Attachment"
Employee clicked on a URL containing Phishing Link sent via an email
This event is considered by Right-hand when following conditions are met in the received alerts
- the alert has to be a part of clicksBlocked category
- Attribute classification should have value “Phish"
Employee clicked on a URL in a spam email
This event is considered by Right-hand when following conditions are met in the received alerts
- the alert has to be a part of clicksBlocked category
- Attribute classification should have value “Spam"