Up
Previous Next

Sheriff CSMâ„¢

Proofpoint Protection Server

When you configure Proofpoint Protection Server to send log data to Sheriff CSM, you can use the Proofpoint Protection Server plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor Proofpoint
Device Type Unified Threat Management
Connection Type Syslog
Data Source Name Proofpoint-ps
Data Source ID 1875

Integrating Proofpoint Protection Server

Before you configure the Proofpoint Protection Server integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

  1. Log in to the Proofpoint Protection Server management console and navigate to Reports > Log Settings.

  2. Under Remote Log Options, add the following:

    • Syslog Host: Enter the IP address of the Sheriff CSM Sensor.
    • Syslog Port: Enter 514.
    • Syslog Protocol: Specify UDP.
    • Level: Set level to Information.
    • Syslog MTA Enable: Select disabled.

  3. Save the changes.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://community.rsa.com/api/core/v3/contents/25995/data?v=2

For troubleshooting, refer to the vendor documentation:

http://support.proofpointessentials.com/index.php?/Knowledgebase/List/Index/4/support

This topic: Sheriff > UserGuides > SheriffCSMDocumentation > DeploymentGuide > PluginManagement > ConfigureLogForwardingOnCommonlyUsedDataSources > ProofpointProtectionServer
Topic revision: 24 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.