Proofpoint Browser Isolation¶
About¶
Digital Threats not only attack your users via corporate work emails, but also when they engage in personal browsing from their corporate devices. Proofpoint Browser Isolation is web isolation built with simplicity, based on intelligence from Targeted Attack Protection (TAP) Isolation. It helps lower your attack surface and provides complete browser security. Browser Isolation integrates with TAP to provide you with adaptive controls that allow corporate email to isolate URL clicks based on the risk profile of user or URL being clicked.
Product Details¶
Vendor URL: Proofpoint Browser Isolation
Product Type: Browser Isolation
Product Tier: Tier II
Integration Method: Custom
Integration URL: Proofpoint Browser Isolation - Cyderes Documentation
Log Guide: N/A
Parser Details¶
Log Format: JSON
Expected Normalization Rate: Near 100%
Data Label: PROOFPOINT_WEB_BROWSER_ISOLATION
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| Hard-Coded: ProofPoint | metadata.vendor_name |
| Hard-Coded: ProofPoint Browser Isolation | metadata.product_name |
| version | metadata.product_version |
| category | metadata.product_event_type |
| Hard-Coded: GENERIC_EVENT | metadata.event_type |
| userName | principal.user.userid |
| userId | principal.user.product_object_id |
| region | principal.location.country_or_region |
| zone | principal.location.name |
| url | target.url |
| disposition | security_result.action |
Product Event Types¶
| Description | metadata.event_type |
|---|---|
| Hard-Coded | GENERIC_EVENT |
Log Sample¶
{"categories":["BUSINESS AND ECONOMY"],"date":"2022-01-12T15:51:06.000+0000","disposition":"ALLOW","region":"US","url":"website.domain.com","userId":"a2447886-7bcc-4e18-ad9b-8REDACTED","userName":"john_smith@company.com","zone":"CENTRAL"}
Sample Parsing¶
metadata.event_timestamp.seconds: 1642002666
metadata.event_type: GENERIC_EVENT
metadata.vendor_name: "ProofPoint"
metadata.product_name: "ProofPoint Browser Isolation"
metadata.product_event_type: "BUSINESS AND ECONOMY"
principal.user.product_object_id: "a2447886-7bcc-4e18-ad9b-8REDACTED"
principal.user.userid: "john_smith@company.com"
principal.location.country_or_region: "US"
principal.location.name: "CENTRAL"
target.url: "website.domain.com"
security_result.action: ALLOW
Parser Alerting¶
This product currently does not have any Parser-based Alerting.
Rules¶
Coming Soon.