Does anyone have experience ingesting PROOFPOINT_ON_DEMAND logs? I found this documentation for Proofpoint TAP and I see Proofpoint On Demand as another API ingestion option under SIEM feeds but couldn't find relevant documentation. The input parameters are also different for ON_DEMAND compared to TAP, so was wondering if anyone had done this before
Ingesting Proofpoint On Demand logs
+1
+10Our feed Management API docs have more details on POD Ingestion: https://cloud.google.com/chronicle/docs/reference/feed-management-api#proofpoint-on-demand
Looks like a user/secret combination along with a Cluster ID.
-mike
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.