Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Proofpoint TAP Integration with ADR

            Modified on Wed, 8 Apr at 5:01 PM

            TABLE OF CONTENTS

            Overview

            This document provides the steps to integrate Proofpoint Targeted Attack Protection (TAP) with ADR/aiXDR, allowing ingestion of threat and message security data via API.

            Prerequisites

            • Administrative access to Proofpoint TAP Dashboard

            • Valid Service Principal (Principal) and Secret credentials for API access

            • Network access from ADR CCE to Proofpoint TAP API endpoint:
              https://tap-api.proofpoint.com/v2

            • A valid CCE Host IP (or 127.0.0.1 for local setup)

            Step 1: Generate Proofpoint TAP API Credentials

            1. Log in to the Proofpoint TAP Dashboard as an Administrator.

            2. Navigate to:
              Settings → Connected Applications (or API Access / Credential Management).

            3. Click on Create New Credential or Generate Credentials.

            4. Provide a name for the new credential set (e.g., ARIA Integration).

            5. Click Generate to create API credentials.

            6. The system will display two values:

              • Service Principal (Principal)

              • Secret

            7. Copy and store both values securely, as the Secret will only be shown once.

            Step 2: Configure in ADR

            1. Login to the ADR UI with administrative credentials.

            2. Navigate to:
              Administration → Device Management → Add Device

            3. In the Add Device form, fill in as follows:

            FieldValue
            DeviceProofpoint
            Nameproofpoint
            CCE HostEnter valid CCE IP (e.g., 192.168.x.x) or 127.0.0.1
            Access ID / User NameEnter Principal
            Password / Secret KeyEnter Secret
            Config{} (empty JSON)

            Example:

            {}

            1. Click Save to complete configuration.

            Step 3: Validation

            • Go to Device Management → confirm Proofpoint device status shows Active.

            • Check Logs / Threat Data section to confirm ingestion of TAP alert data.

            • Verify logs and indicators (malicious URLs, attachments, campaigns) under Device Type: proofpoint.

            Troubleshooting

            IssuePossible CauseResolution
            Invalid JSONIncorrect Config formatUse {} exactly
            Authentication ErrorInvalid principal/secretRegenerate credentials in Proofpoint
            No data receivedInsufficient permissionsEnsure API credential has TAP API access scope
            Connection failedIncorrect CCE host or network blockUse valid CCE IP or check outbound connectivity

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0