For customers purchasing a subscription for the Proofpoint premium threat intelligence feeds, the Proofpoint IP threat feed is activated for you and made available in your Collect account. This feed leverages the Risk Thresholds configured in your existing policies.
Adding the Proofpoint Domain feed to Collect, however, requires action on your part. With a few easy steps, you can now enable the Proofpoint Domain feed. Here are instructions for adding the feed:
- Log into the threatER portal.
- Click Collect in the left menu.
- In the top right corner, click on the green "+" icon.
- Enter a name (e.g. "Proofpoint Domain Block"), and if you wish a description (description is optional).
- From the Source dropdown, choose the Plugin option.
- For the List Type choose Block, and for the Indicator choose Domain.
- Click the green next arrow.
- To set up the list, choose Proofpoint Domain from the Select Plugin dropdown:
- In the plugin, select "Proofpoint Domain" in the Type dropdown:
- Enter 60 for the Interval (will check for updates every 60 minutes).
- Enter the API Key provided by threatER in the API Key field. Please note this key has been generated explicitly for your account and is not be shared with others.
- Under Thresholds, toggle to select the threat categories you wish to enable and set the desired threshold. We recommend enabling all categories. Note that if the categories are not enabled, no indicators will be pulled by the feed. Our best practice is to initially set the thresholds to 90 and lowering them to 80 over time (confirming there are no unexpected issues).
- Click the green Next button and select the policies where you wish to enable the data set.
- Once you are comfortable and ready to add, click the blue "Create List" button and the list will be added to Collect and enabled for the selected policies.
- Note it may take up to 10 minutes for the list to pull the data from Proofpoint the first time.
If you have any questions or would like support in adding this feed, please contact threatER Support for assistance.
Comments
0 comments
Article is closed for comments.