Proofpoint

This runtime app ingests the Proofpoint ET Intelligence Reputation Lists indicators and context into the Dataminr platform. The Dataminr playbook app automates data enrichment with Proofpoint ET Intelligence. The runtime integration allows users to ingest Address and Host based reputation lists as IOCs along with all available context from Proofpoint into the Dataminr platform. The Playbook app allows users to retrieve enrichment information on IOCs from Proofpoint’s Emerging Threats data source. The following actions are available in the new playbook app

• Get current domain reputation
• Get domain malware-requested URLs
• Get domain-related malware samples
• Get domain-related IPs
• Get domain-related IDS events
• Get domain nameserver info
• Get domain whois info
• Get domain geolocation info
• Get current IP reputation
• Get IP malware-requested URLs
• Get IP related malware samples
• Get IP related domains
• Get IP related IDS events
• Get IP geolocation info
• Get sample details
• Get sample connections
• Get sample dns lookups
• Get sample http requests
• Get sample IDS events

The Job app that will retrieve Signature objects from Proofpoint’s ET Pro intelligence feed.

These apps can be found in the Dataminr App Catalog under the names: Proofpoint ET Intelligence (Playbook), Proofpoint ET Pro Signatures (Organization).

The runtime app ingests the Proofpoint ET Intelligence Reputation Lists indicators and context into the Dataminr platform. The runtime integration allows users to ingest Address and Host-based reputation lists as IOCs along with all available context from Proofpoint into the Dataminr platform.

This app can be found in the Dataminr App Catalog under the name: Proofpoint ET Intelligence Reputation List.

The Investigation Insights – Proofpoint URL Decoder integration enables analysts to lookup TAP encoded URLs to get the full actual URL before it was encoded. Allowing analysts to quickly get the full picture of what the indicators are.