Proofpoint Threat Response

Integrate with the Proofpoint Threat Response. Handles retrieving and updating incidents and alerts

Actions

Proofpoint TR List Incidents

List Proofpoint Threat Response incidents

Input

Name Description Type Required Syntax
Name Display name for the action object. input false false
Enabled Enable / Disable this action object. checkbox false false
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input false false
Variables Variables to define when triggering an event. var false true
URL Proofpoint API URL input true true
API Token Proofpoint API token access to proofpoint threat response API password-input true true
Comment User defined comments. input false false

Output

Name Description Type always_present values
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}

Proofpoint TR List New Incidents

List Proofpoint New Threat Response incidents

Input

Name Description Type Required Syntax
Name Display name for the action object. input false false
Enabled Enable / Disable this action object. checkbox false false
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input false false
Variables Variables to define when triggering an event. var false true
URL Proofpoint API URL input true true
API Token Proofpoint API token access to proofpoint threat response API password-input true true
last Event Point in time in which the object will retrieve incidents from. If left blank, the object will use current time. input false true
Last ID ID of the last incident which will then be used as a reference and will retrieve incidents from that ID onwards. If left blank, the object will use a default value of '-1'. input false true
Comment User defined comments. input false false

Output

Name Description Type always_present values
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}

Proofpoint TR Get Incident

Get Proofpoint Threat Response incident

Input

Name Description Type Required Syntax
Name Display name for the action object. input false false
Enabled Enable / Disable this action object. checkbox false false
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input false false
Variables Variables to define when triggering an event. var false true
URL Proofpoint API URL input true true
API Token Proofpoint API token access to proofpoint threat response API password-input true true
Incident ID The ID of the incident input true true
Comment User defined comments. input false false

Output

Name Description Type always_present values
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}

Proofpoint TR Get Incident Alerts

Get alerts associated to a Add a Proofpoint Threat Response incident.

Input

Name Description Type Required Syntax
Name Description Type Required Syntax
Name Display name for the action object. input false false
Enabled Enable / Disable this action object. checkbox false false
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input false false
Variables Variables to define when triggering an event. var false true
URL Proofpoint API URL input true true
API Token Proofpoint API token access to proofpoint threat response API password-input true true
Incident ID The ID of the incident input true true
Comment User defined comments. input false false

Output

Name Description Type always_present values
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}

Proofpoint TR Add Incident Comment

Add comment to a Proofpoint Threat Response incident

Input

Name Description Type Required Syntax
Name Display name for the action object. input false false
Enabled Enable / Disable this action object. checkbox false false
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input false false
Variables Variables to define when triggering an event. var false true
URL Proofpoint API URL input true true
API Token Proofpoint API token access to proofpoint threat response API password-input true true
Summary A summary of the information you are adding to the incident input true true
Detail Detailed information to add to the incident input true true
Incident ID The ID of the incident input true true
Comment User defined comments. input false false
Output
Name Description Type always_present values
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}

Proofpoint TR Close Incident

Close a Proofpoint Threat Response incident

Input | Name | Description | Type | Required | Syntax | | --|-- | -- | -- | -- | |Name|Display name for the action object.|input|false|false| |Enabled|Enable / Disable this action object.|checkbox|false|false| |Logic|Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned.|input|false|false| |Variables|Variables to define when triggering an event.|var|false|true| |URL|Proofpoint API URL|input|true|true| |API Token|Proofpoint API token access to proofpoint threat response API|password-input|true|true| |Summary|A summary of the incident closure|input|true|true| |Detail|Detailed information about the incident closure|input|true|true| |Incident ID|The ID of the incident|input|true|true| |Comment|User defined comments.|input|false|false|

Output

Name Description Type always_present values
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}