Proofpoint Targeted Attack Protection - Learn more about the Proofpoint Targeted Attack Protection Standard Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex

Proofpoint Targeted Attack Protection - Learn more about the Proofpoint Targeted Attack Protection Standard Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-11

Category

Administrator Guide

Abstract

Learn more about the Proofpoint Targeted Attack Protection Standard Collector and content pack integrations in Cortex XSIAM.

You can configure collecting Proofpoint Targeted Attack Protection (TAP) logs using a Standard Collector or with a content pack integration:

Box vendor	Description
Standard Collector overview	Forward logs from Proofpoint Targeted Attack Protection to Cortex XSIAM using the Proofpoint Targeted Attack Protection data source.
Link to Standard Collector instructions	Ingest logs from Proofpoint Targeted Attack Protection
Link to content pack/integration details	The Proofpoint TAP content pack protects against phishing and malicious email attacks and provides enriched visibility and automated response capabilities for events detected by the Proofpoint Targeted Attack Protection service. It contains automations, classifiers, dashboards, issue fields, issue types, layouts, modeling rules, parsing rules, playbooks, and reports. It also includes the following integration: Proofpoint TAP v2: Use this integration to protect against and provide additional visibility into phishing and other malicious email attacks. It includes commands that fetch events for clicks and messages related to known threats, return forensics evidence, fetch lists of campaign IDs, and fetch details for campaigns.