Documentation Center
AlienVault® USM Appliance™

Proofpoint Protection Server

When you configure Proofpoint Protection Server to send log data to USM Appliance, you can use the Proofpoint Protection Server plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Proofpoint
Device Type Unified Threat Management
Connection Type Syslog
Data Source Name Proofpoint-ps
Data Source ID 1875

Integrating Proofpoint Protection Server

Before you configure the Proofpoint Protection Server integration, you must have the IP Address of the USM ApplianceSensor.

  1. Log into the Proofpoint Protection Server management console and navigate to Reports > Log Settings.
  2. Under Remote Log Options, add the following:
    • Syslog Host: Enter the IP address of the USM Appliance Sensor.
    • Syslog Port: Enter 514.
    • Syslog Protocol: Specify UDP.
    • Level: Set level to Information.
    • Syslog MTA Enable: Select disabled.
  3. Save the changes.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://community.rsa.com/api/core/v3/contents/25995/data?v=2

For troubleshooting, refer to the vendor documentation:

http://support.proofpointessentials.com/index.php?/Knowledgebase/List/Index/4/support