Proofpoint Threat Response
Integrate with the Proofpoint Threat Response. Handles retrieving and updating incidents and alerts
Actions
Proofpoint TR List Incidents
List Proofpoint Threat Response incidents
Input
Name | Description | Type | Required | Syntax |
---|---|---|---|---|
Name | Display name for the action object. | input | false | false |
Enabled | Enable / Disable this action object. | checkbox | false | false |
Logic | Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. | input | false | false |
Variables | Variables to define when triggering an event. | var | false | true |
URL | Proofpoint API URL | input | true | true |
API Token | Proofpoint API token access to proofpoint threat response API | password-input | true | true |
Comment | User defined comments. | input | false | false |
Output
Name | Description | Type | always_present | values |
---|---|---|---|---|
rc | Returns the exit code for the action. | number | True | {"0": {"description": "Successful."}} |
result | Returns True when successful. | boolean | True | {"True": {"description": "Successful."}, "False": {"description": "Failure."}} |
Proofpoint TR List New Incidents
List Proofpoint New Threat Response incidents
Input
Name | Description | Type | Required | Syntax |
---|---|---|---|---|
Name | Display name for the action object. | input | false | false |
Enabled | Enable / Disable this action object. | checkbox | false | false |
Logic | Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. | input | false | false |
Variables | Variables to define when triggering an event. | var | false | true |
URL | Proofpoint API URL | input | true | true |
API Token | Proofpoint API token access to proofpoint threat response API | password-input | true | true |
last Event | Point in time in which the object will retrieve incidents from. If left blank, the object will use current time. | input | false | true |
Last ID | ID of the last incident which will then be used as a reference and will retrieve incidents from that ID onwards. If left blank, the object will use a default value of '-1'. | input | false | true |
Comment | User defined comments. | input | false | false |
Output
Name | Description | Type | always_present | values |
---|---|---|---|---|
rc | Returns the exit code for the action. | number | True | {"0": {"description": "Successful."}} |
result | Returns True when successful. | boolean | True | {"True": {"description": "Successful."}, "False": {"description": "Failure."}} |
Proofpoint TR Get Incident
Get Proofpoint Threat Response incident
Input
Name | Description | Type | Required | Syntax |
---|---|---|---|---|
Name | Display name for the action object. | input | false | false |
Enabled | Enable / Disable this action object. | checkbox | false | false |
Logic | Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. | input | false | false |
Variables | Variables to define when triggering an event. | var | false | true |
URL | Proofpoint API URL | input | true | true |
API Token | Proofpoint API token access to proofpoint threat response API | password-input | true | true |
Incident ID | The ID of the incident | input | true | true |
Comment | User defined comments. | input | false | false |
Output
Name | Description | Type | always_present | values |
---|---|---|---|---|
rc | Returns the exit code for the action. | number | True | {"0": {"description": "Successful."}} |
result | Returns True when successful. | boolean | True | {"True": {"description": "Successful."}, "False": {"description": "Failure."}} |
Proofpoint TR Get Incident Alerts
Get alerts associated to a Add a Proofpoint Threat Response incident.
Input
Name | Description | Type | Required | Syntax |
---|---|---|---|---|
Name | Description | Type | Required | Syntax |
Name | Display name for the action object. | input | false | false |
Enabled | Enable / Disable this action object. | checkbox | false | false |
Logic | Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. | input | false | false |
Variables | Variables to define when triggering an event. | var | false | true |
URL | Proofpoint API URL | input | true | true |
API Token | Proofpoint API token access to proofpoint threat response API | password-input | true | true |
Incident ID | The ID of the incident | input | true | true |
Comment | User defined comments. | input | false | false |
Output
Name | Description | Type | always_present | values |
---|---|---|---|---|
rc | Returns the exit code for the action. | number | True | {"0": {"description": "Successful."}} |
result | Returns True when successful. | boolean | True | {"True": {"description": "Successful."}, "False": {"description": "Failure."}} |
Proofpoint TR Add Incident Comment
Add comment to a Proofpoint Threat Response incident
Input
Name | Description | Type | Required | Syntax |
---|---|---|---|---|
Name | Display name for the action object. | input | false | false |
Enabled | Enable / Disable this action object. | checkbox | false | false |
Logic | Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. | input | false | false |
Variables | Variables to define when triggering an event. | var | false | true |
URL | Proofpoint API URL | input | true | true |
API Token | Proofpoint API token access to proofpoint threat response API | password-input | true | true |
Summary | A summary of the information you are adding to the incident | input | true | true |
Detail | Detailed information to add to the incident | input | true | true |
Incident ID | The ID of the incident | input | true | true |
Comment | User defined comments. | input | false | false |
Output |
Name | Description | Type | always_present | values |
---|---|---|---|---|
rc | Returns the exit code for the action. | number | True | {"0": {"description": "Successful."}} |
result | Returns True when successful. | boolean | True | {"True": {"description": "Successful."}, "False": {"description": "Failure."}} |
Proofpoint TR Close Incident
Close a Proofpoint Threat Response incident
Input | Name | Description | Type | Required | Syntax | | --|-- | -- | -- | -- | |Name|Display name for the action object.|input|false|false| |Enabled|Enable / Disable this action object.|checkbox|false|false| |Logic|Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned.|input|false|false| |Variables|Variables to define when triggering an event.|var|false|true| |URL|Proofpoint API URL|input|true|true| |API Token|Proofpoint API token access to proofpoint threat response API|password-input|true|true| |Summary|A summary of the incident closure|input|true|true| |Detail|Detailed information about the incident closure|input|true|true| |Incident ID|The ID of the incident|input|true|true| |Comment|User defined comments.|input|false|false|
Output
Name | Description | Type | always_present | values |
---|---|---|---|---|
rc | Returns the exit code for the action. | number | True | {"0": {"description": "Successful."}} |
result | Returns True when successful. | boolean | True | {"True": {"description": "Successful."}, "False": {"description": "Failure."}} |