TA-proofpoint_TAP
Splunk TA for proofpoint TAP alerts
brf2010@med.cornell.edu, bryan.fisher797@gmail.com)
TA Created by Bryan Fisher (Requirements:
- python 3.3+ (only tested on 3.4 and 3.5)
- Unix-y OS
- The super-awesome requests library (pip install requests)
Setup:
On the box that will be doing the data collection:
- Install the TA
- Copy default/inputs.conf to local/inputs.conf
- In inputs.conf, change
disabled = true
todisabled = false
- Examine bin/starter_script.sh and make sure that the paths to the app directory and to the python3 executable are correct
- Edit bin/PP_TAP_logs.py to add your API credentials to the
username
andpassword
fields. - (re)start splunk
On the search head:
- Install the TA
- Enjoy Proofpoint logs responsibly