Skip to content

Proofpoint Browser Isolation

Proofpoint Browser Isolation

About

Digital Threats not only attack your users via corporate work emails, but also when they engage in personal browsing from their corporate devices. Proofpoint Browser Isolation is web isolation built with simplicity, based on intelligence from Targeted Attack Protection (TAP) Isolation. It helps lower your attack surface and provides complete browser security. Browser Isolation integrates with TAP to provide you with adaptive controls that allow corporate email to isolate URL clicks based on the risk profile of user or URL being clicked.

Product Details

Vendor URL: Proofpoint Browser Isolation

Product Type: Browser Isolation

Product Tier: Tier II

Integration Method: Custom

Integration URL: Proofpoint Browser Isolation - Cyderes Documentation

Log Guide: N/A

Parser Details

Log Format: JSON

Expected Normalization Rate: Near 100%

Data Label: PROOFPOINT_WEB_BROWSER_ISOLATION

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
Hard-Coded: ProofPoint metadata.vendor_name
Hard-Coded: ProofPoint Browser Isolation metadata.product_name
version metadata.product_version
category metadata.product_event_type
Hard-Coded: GENERIC_EVENT metadata.event_type
userName principal.user.userid
userId principal.user.product_object_id
region principal.location.country_or_region
zone principal.location.name
url target.url
disposition security_result.action

Product Event Types

Description metadata.event_type
Hard-Coded GENERIC_EVENT

Log Sample

{"categories":["BUSINESS AND ECONOMY"],"date":"2022-01-12T15:51:06.000+0000","disposition":"ALLOW","region":"US","url":"website.domain.com","userId":"a2447886-7bcc-4e18-ad9b-8REDACTED","userName":"john_smith@company.com","zone":"CENTRAL"}

Sample Parsing

metadata.event_timestamp.seconds: 1642002666
metadata.event_type: GENERIC_EVENT
metadata.vendor_name: "ProofPoint"
metadata.product_name: "ProofPoint Browser Isolation"
metadata.product_event_type: "BUSINESS AND ECONOMY"
principal.user.product_object_id: "a2447886-7bcc-4e18-ad9b-8REDACTED"
principal.user.userid: "john_smith@company.com"
principal.location.country_or_region: "US"
principal.location.name: "CENTRAL"
target.url: "website.domain.com"
security_result.action: ALLOW

Parser Alerting

This product currently does not have any Parser-based Alerting.