Ctrlk
WebsiteBlogLogin
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Clicks permitted

Clicks permitted counts instances where Proofpoint URL Defense allowed users to access clicked links after determining they were safe or acceptable based on security policies, representing successful navigation to legitimate resources.

Configuration

Parameters

No parameters needed

Secrets

These secrets will correspond to the username and password fields in the authentication phase.

  • Username (Value: pp_sp) ${secrets.pp_sp}

  • Password (Value: pp_secret) ${secrets.pp_secret}

To add a Secret, open the Secret fields and click New secret:

  • Give the secret a Name.

  • Turn off the Expiration date option.

  • Click Add new value and paste the secret corresponding to the value.

  • Click Save.

Learn more about secrets in Onum in this article.

You can now select the secret you just created in the corresponding fields.

After entering the required secrets, you can choose to manually enter the fields, or simply paste the desired YAML.

Configure as YAML

Manually Configure

Temporal Window

Toggle ON to add a temporal window for events. This repeatedly shifts the time window over which data is collected.

  • Duration - 5 minutes (5m) as default, adjust based on your needs.

  • Offset - 5m

  • Format - RFC3339

Authentication Phase

Toggle ON to configure the authentication parameters

  • Type* - basic

  • Username* - ${secrets.pp_sp}

  • Password* - ${secrets.pp_secret}

Enumeration Phase

OFF

Collection Phase

  • Pagination Type* - none

  • Request

    • Method* - GET

    • URL* - https://tap-api-v2.proofpoint.com/v2/siem/clicks/permitted

    • Headers

      • Name - interval

      • Format - ${temporalWindow.from}/${temporalWindow.to}

      • Name - format

      • Value - json

  • Output

    • Select - .clicksPermitted

    • Map - .

    • Filter - .

    • Output Mode - element

PreviousClicks blockedNextMessages blocked

Last updated

Was this helpful?