Document toolboxDocument toolbox

cabs.proofpoint

Introduction

The tags beginning with casb.proofpoint identify events generated by CASB Proofpoint.

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed as casb.proofpoint. The third level identifies the type of events sent.

Technology

Brand

Type

Technology

Brand

Type

casb

proffpoint

  • alert

  • event

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

Tag

Data table

casb.netskope.alert

casb.netskope.alert

casb.proofpoint.event

casb.proofpoint.event

Table structure

[casb.proofpoint.alert][casb.proofpoint.event]

casb.proofpoint.alert

Field

Type

Extra Label

Field

Type

Extra Label

eventdate

timestamp

-

hostname

str

-

id

str

-

timestamp

timestamp

-

description

str

-

related_events__user_email

str

-

related_events__user_id

str

-

related_events__event_id

str

-

related_events__geo_location

str

-

related_events__user_agent

str

-

related_events__intelligence

str

-

related_events__timestamp

int8

-

related_events__cloud_service

str

-

related_events__location

str

-

related_events__meta_data

json

-

related_events__meta_data__extracted_fields

str

-

related_events__event_classification__id

str

-

related_events__event_classification__sub_category

str

-

related_events__event_classification__threat

str

-

related_events__event_classification__category

str

-

related_events__full_name

str

-

tenantId

str

-

severity

str

-

type

str

-

title

str

-

subType

str

-

related_events_found

int4

-

related_events_id

int4

-

at_devo_environment

str

-

at_devo_pulling_id

str

-

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

casb.proofpoint.event

Field

Type

Extra Label

Field

Type

Extra Label

eventdate

timestamp

-

hostname

str

-

id

str

-

timestamp

timestamp

-

description

str

-

related_events__user_email

str

-

related_events__user_id

str

-

related_events__event_id

str

-

related_events__geo_location

str

-

related_events__user_agent

str

-

related_events__intelligence

str

-

related_events__timestamp

int8

-

related_events__cloud_service

str

-

related_events__location

str

-

related_events__meta_data

json

-

related_events__meta_data__extracted_fields

str

-

related_events__event_classification__id

str

-

related_events__event_classification__sub_category

str

-

related_events__event_classification__threat

str

-

related_events__event_classification__category

str

-

related_events__full_name

str

-

tenantId

str

-

severity

str

-

type

str

-

title

str

-

subType

str

-

related_events_found

int4

-

related_events_id

int4

-

at_devo_environment

str

-

at_devo_pulling_id

str

-

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

How is the data sent to Devo?

Logs generated by CASB Proofpoint are forwarded to Devo using a dedicated collector. Contact us if you need to forward these events to your Devo domain so we can guide you through the process.