Integrations Summary
Info
Today Threat Response supports integrations of various types.
Click on the integration product name in order to learn more.
Currently Supported Integrations¶
| Product | Integration category | Use case | Version |
|---|---|---|---|
| Abuse Mailbox Monitor | Alert Source | Monitor a mailbox for user-submitted messages | N/A |
| Alert ETL (Python Scripting) | Alert Source | Use custom python scripts to ingest alert data from sources not natively supported by Threat Response | |
| Blue Coat ProxySG | Proxy, Dynamic Block Lists | TR can place URLs into a block list, which is then referenced by Blue Coat ProxySG to enforce browsing policies | 6.2 + |
| BMC Remedy Ticketing System | Ticketing | Create BMC Remedy tickets using email notifications generated by Threat Response | N/A |
| Carbon Black EIDR | EDR | IOC Collection | 5.x, 6.x |
| Carbon Black EIDR | EDR | Manual host isolation using Carbon Black IOC Collection |
N/A |
| Centrify | Identity access management | Enforce SSO policies based on the user AD group placement | N/A |
| Check Point | Enforcement device | Synchronize TR local lists to Checkpoint NGFW devices | R75.40 + |
| Cisco ASA | Enforcement Device | Cisco ASA can be used to prevent network-based access to malicious hosts, or to restrict access to certain areas of the network for infected users | 8.3 + |
| Cisco FirePOWER NGIPS | Alert Source | Ingest alerts from Cisco FirePOWER NGIPS platform | 5.4.0 + |
| Cisco IOS | Enforcement Device | Cisco IOS can be used to prevent network-based access to malicious hosts | 12.4 + |
| Cisco OpenDNS | Enforcement Device | Enables network administrators to block unwanted or malicious websites for users across their networks using OpenDNS’s DNS sink-holing capabilities. | Current |
| CyberArk Enterprise Vault | Enforcement device | Enforce privilege credentials usage based on the Security AD groups that TR can place users into | 9.1+ |
| Duo Security | Two factor authentication solutions | Enforce 2FA policies based on the AD security group placement | N/A |
| Emerging Threats | Enrichment | Integrate with Emerging Threats API in order to enrich IP, URLs, and hashes with available Threat Intelligence | N/A |
| FireEye EX Series | Alert Source | Ingest alerts about malware delivered over email | 6.2.0 + |
| FireEye NX Series | Alert Source | Ingest various alerts from NX, including web infections, callbacks, and malware objects | 6.2.0 + |
| Fortinet FortiGate | Enforcement device | Synchronize TR local lists to Fortigate devices | 4.0 + |
| Google GSuite | Email quarantine | Connect to Gmail’s API in order to find and quarantine specified emails | N/A |
| HP ArcSight ESM | Alert Source | SIEM alert ingestion into Threat Response | 5.0.1 + |
| IBM Domino | Email quarantine | Use the Proofpoint Agent for Domino to find and quarantine specified emails | Server: 9.0.1 (Fix-Pack 10) running on Windows Server |
| IBM QRadar | Alert Source | SIEM alert ingestion into Threat Response | 7.0.0 + |
| Imperva SecureSphere | Enforcement device | Enforce service usage or device access based on the Security AD groups that TR can place users into | 11.5+ |
| JIRA | Ticketing | Create JIRA tickets for Threat Response incidents (deprecated as of 3.5) | N/A |
| JSON Custom Response API | Custom response | Initiate custom JSON responses to 3rd party products with APIs | N/A |
| JSON Event Source | Alert Source | Ingest alert data from 3rd party devices using JSON based REST API | N/A |
| Juniper Secure Analytics | Alert Source | SIEM alert ingestion into Threat Response | 10.4 + |
| Juniper SRX (JUNOS) | Enforcement device | Synchronize TR local lists to Juniper SRX devices | 10.4 + |
| MaxMind | Enrichment | Enrich IPs using Geo-IP data from Max Mind | N/A |
| Microsoft Active Directory | Enrichment | Collect user details and metadata from Active Directory | Server 2008 R2, Server 2012 |
| Microsoft Azure SSO | Identity access management | Enforce SSO policies based on the user AD group placement | N/A |
| Microsoft Exchange | Email quarantine | Interface with MSFT exchange over Web Services API in order to find and quarantine specified emails | Exchange 2010, 2013, 2016, 2019, Office 365 |
| Okta | Identity access management | Enforce SSO policies based on the user AD group placement | N/A |
| OneLogin | Identity access management | Enforce SSO policies based on the user AD group placement | N/A |
| Palo Alto Networks NGFW | Enforcement device | Synchronize its local lists to Address Groups and URL profiles in the Palo Alto Networks device | 4.1 + |
| Palo Alto Networks NGFW | Proxy, Dynamic Block Lists | Create Dynamic Block Lists (DBL) that enable PAN device to pull lists of IPs from Threat Response into a local object. | 4.1 + |
| Palo Alto Networks Panorama | Enforcement device | Centrally synchronize TR local lists to Address Groups and URL profiles in the PAN devices (through PAN Panorama) | 7.0 + |
| Palo Alto Networks Wildfire | Alert Source | Ingest wildfire and NGFW alerts into Threat Response | 4.0.0 + |
| Ping Identity | Identity access management | Enforce SSO policies based on the user AD group placement | N/A |
| Proofpoint CLEAR | Alert Source | Monitor a mailbox for user-submitted messages via Proofpoint PhishAlarm & PhishAlarm Analyzer | N/A |
| Proofpoint CSV Upload | Alert Source | Ingest alerts from a CSV file | N/A |
| Proofpoint IMD | Alert Source | Ingest alerts from Proofpoint Internal Mail Defense | N/A |
| Proofpoint Smart Search | Alert Source | Ingest alerts from Proofpoint Smart Search CSV File | N/A |
| Proofpoint Smart Search - Export to TRAP | Alert Source | Ingest alerts from Proofpoint Smart Search Admin Portal via the Export-to-TRAP button | N/A |
| Proofpoint TAP | Alert Source | Ingest alerts from Proofpoint Targeted Attack Prevention solution | 1.5 + |
| Proofpoint Threat Graph | Enrichment | Enrich using campaign intelligence from Threat Graph database | N/A |
| RSA Securid | Two factor authentication solutions | Enforce 2FA policies based on the AD security group placement | N/A |
| SafeNet | Two factor authentication solutions | Enforce 2FA policies based on the AD security group placement | N/A |
| Soltra | Enrichment | Consume intelligence from Soltra using STIX and TAXII | N/A |
| Splunk Enterprise | Alert Source | SIEM alert ingestion into Threat Response | 6.0 + |
| Splunk Enterprise | Enrichment | Query logs from Splunk and enrich associated alerts | 6.0 + |
| Suricata | Alert Source | Ingest alerts from Suricata IDS/IPS | 2.0 + |
| Symantec 2FA | Two factor authentication solutions | Enforce 2FA policies based on the AD security group placement | N/A |
| Tanium | EIDR | Capability to deploy Proofpoint Client Monitor using Tanium | 7.0 + |
| Tanium | EIDR | Query Tanium sensors to collect information from endpoints. Executing PC data collection using Tanium | 7.0 + |
| Tanium | EIDR | Executing PC data collection using Tanium | 7.0 + |
| Virus Total | Enrichment | Collect detection data from Virus Total and enrich alerts | N/A |
| WHOIS | Enrichment | Enrich IPs and hostnames using WHOIS data service | N/A |