Proofpoint CASB¶
About¶
Proofpoint Cloud App Security Broker (Proofpoint CASB) helps you secure applications such as Microsoft Office 365, Google Workspace, Box and more. It gives you people-centric visibility and control over your cloud apps, so you can deploy cloud services with confidence. What’s more, our powerful analytics help you grant the right levels of access to users and third-party add-on apps based on the risk factors that matter to you.
Product Details¶
Vendor URL: Proofpoint CASB
Product Type: CASB
Product Tier: Tier II
Integration Method: Custom
Integration URL: Proofpoint CASB
Log Guide: Sample Logs by Log Type
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 90-100%
Data Label: PROOFPOINT_CASB
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| action | metadata.product_event_type |
| action | security_result.summary |
| applicationName | target.application |
| cloudService | principal.application |
| eventId | metadata.product_log_id |
| fileName | principal.location.city |
| geographicalContextCity | principal.location.city |
| geographicalContextCountry | principal.location.country_or_region |
| geographicalContextState | principal.asset.location.state |
| requestIp | principal.ip |
| resource | target.resource.resource_subtype |
| sysloghost | observer.hostname |
| systemEvent | additional.system_event.value.string_value |
| userAgent | network.http.user_agent |
| userEmail | principal.user.email_addresses |
| VAP | additional.user_is_v_a_p.value.string_value |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all others | GENERIC_EVENT |
| Add | FILE_CREATION |
| Delete | FILE_DELETION |
| File Access,Download | FILE_READ |
| Modify | FILE_MODIFICATION |
| Revoke | RESOURCE_PERMISSIONS_CHANGE |
Log Sample¶
{"action":"File Modify","additionalProperties":[{"key":"fileName","value":"User Name 1:1"},{"key":"userIsVAP","value":"false"}],"cloudService":"Google Apps","eventId":"logid","geographicalContextCity":"Isabel","geographicalContextCountry":"United States of America","geographicalContextLat":"4","geographicalContextLong":"-12","geographicalContextState":"Washington","insertionTimestamp":"2021-11-11T18:05:00.000Z","requestIp":"10.2.192.70","resource":"File/Folder","systemEvent":false,"timestamp":"2021-11-11T18:00:09.636Z","userAgent":"","userEmail":"user.name@domain.com"}
Sample Parsing¶
metadata.product_log_id = "logid"
metadata.event_timestamp = "2021-11-11T18:00:09.636Z"
metadata.event_type = "FILE_MODIFICATION"
metadata.vendor_name = "Proofpoint"
metadata.product_name = "CASB"
metadata.product_event_type = "File Modify"
metadata.ingested_timestamp = "2021-11-11T18:16:32.793845Z"
additional.system_event = "false"
additional.user_is_v_a_p = "false"
principal.user.email_addresses = "user.name@domain.com"
principal.ip = "10.2.192.70"
principal.application = "Google Apps"
principal.location.city = "Isabel"
principal.location.state = "Washington"
principal.location.country_or_region = "United States of America"
principal.asset.ip = "10.2.192.70"
target.file.full_path = "User Name 1:1"
target.resource.resource_subtype = "File/Folder"
security_result.summary = "File Modify"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon