search
WebsiteBlogLogin

Clicks permitted

Clicks permitted counts instances where Proofpoint URL Defense allowed users to access clicked links after determining they were safe or acceptable based on security policies, representing successful navigation to legitimate resources.

hashtag
Configuration

hashtag
Parameters

No parameters needed

hashtag
Secrets

These secrets will correspond to the username and password fields in the authentication phase.

  • Username (Value: pp_sp) ${secrets.pp_sp}

  • Password (Value: pp_secret) ${secrets.pp_secret}

To add a Secret, open the Secret fields and click New secret:

  • Give the secret a Name.

  • Turn off the Expiration date option.

  • Click Add new value and paste the secret corresponding to the value.

  • Click Save.

circle-info

Learn more about secrets in Onum in this article.

You can now select the secret you just created in the corresponding fields.

After entering the required secrets, you can choose to manually enter the fields, or simply paste the desired YAML.

hashtag
Configure as YAML

hashtag
Manually Configure

hashtag
Temporal Window

Toggle ON to add a temporal window for events. This repeatedly shifts the time window over which data is collected.

  • Duration - 5 minutes (5m) as default, adjust based on your needs.

  • Offset - 5m

  • Format - RFC3339

hashtag
Authentication Phase

Toggle ON to configure the authentication parameters

  • Type* - basic

  • Username* - ${secrets.pp_sp}

  • Password* - ${secrets.pp_secret}

hashtag
Enumeration Phase

OFF

hashtag
Collection Phase

  • Pagination Type* - none

  • Request

    • Method* - GET

    • URL* - https://tap-api-v2.proofpoint.com/v2/siem/clicks/permitted

    • Headers

      • Name - interval

      • Format - ${temporalWindow.from}/${temporalWindow.to}

      • Name - format

      • Value - json

  • Output

    • Select - .clicksPermitted

    • Map - .

    • Filter - .

    • Output Mode - element

PreviousClicks blockedNextMessages blocked

Last updated

Was this helpful?