This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Proofpoint event source guide

FernandoHAranda
New Contributor
New Contributor

‎2019-04-01 11:00 AM

Hello All,

 

I was not able to find event source configuration guide for integrating Proofpoint TRAP to RSA Netwitness. 

 

Please let me know if there are any documentation about this integration.

 

Thank you

Fernando H Aranda
0 Likes
4 REPLIES 4

JohnKisner
Valued Contributor Valued Contributor
Valued Contributor

‎2019-04-01 05:22 PM

Fernando,

 

As of now we do not have support for Proofpoint TAP. Looking at the integration guides at: https://community.rsa.com/community/products/netwitness/parser-network/event-sources the only Proofpoint event source we support is Proofpoint Email Security. If you would like to request this event source be added to the platform I highly suggest heading over to the RSA Ideas area: https://community.rsa.com/community/products/netwitness/ideas where you can put in a request to have it added.

 

I'm sorry we don't currently support the event source but I hope the items provided will help you with getting the event source supported.

0 Likes

FernandoHAranda
New Contributor
New Contributor
In response to JohnKisner

‎2019-04-02 10:15 AM

Thank you for your reply John. Let me clear my typo mistake, its Proofpoint TRAP not TAP. Would the response be the same? Thanks again.

Fernando H Aranda
0 Likes

JacobDorval
Beginner
Beginner
In response to FernandoHAranda

‎2019-04-02 10:27 AM

Hi Fernando,

Yes, unfortunately it's the same.  There is not an out of the box log parser for this event source yet.  If you'd prefer to have an RSA-built log parser for this, I'd highly recommend submitting the request on the RSA Ideas page that Jay shared. 

 

What version of RSA NetWitness are you using?  Are you on version 11.x?  If so, you may not need to wait for a parser to be developed by RSA to onboard this event source like you did in the 10.6.x version.  A lot of our customers have been leveraging the new out of the box dynamic parsing capabilities which parses out the more critical fields of log messages without having to develop a custom parser.  It might be worth trying.  If that doesn't meet your needs for this use case you could create a custom parser using the Log Parser Tool, which is very easy to use.

 

Just thought I'd try to share a couple of additional options for you to explore so that you can bring logs from this device into RSA NetWitness.  

0 Likes

FernandoHAranda
New Contributor
New Contributor
In response to JacobDorval

‎2019-04-02 11:34 AM

Thank you Jacob. 

We still using 10.6 soon moving to 11.x I will explore other options as you mentioned. Let you guys know any updates.

 

Thank you all for the quick responses. 

Fernando H Aranda
0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.