Proofpoint Plugin for User Risk Exchange
This document explains how to configure Proofpoint with the Cloud Risk Exchange module of the Netskope Cloud Exchange platform. This integration extracts users from UBA alerts and populates user scores from Netskope.
To complete this configuration, you need:
A Netskope tenant (or multiple, for example, production and development/test instances)
A Netskope Cloud Exchange tenant with the User Risk Exchange module already configured.
A Secure Web Gateway subscription for URL sharing.
Your Proofpoint SCIM URL, SCIM Key, and password. These are needed to create the Proofpoint plugin.
Configure the Proofpoint plugin.
Configure Actions for the Proofpoint plugin.
Validate the Proofpoint plugin.
Click play to watch a video.
In Cloud Exchange, go to Settings >Plugins.
Search for and select the Proofpoint (CRE) plugin box.
Enter these values:
Configuration Name: Unique name for the configuration.
Sync Interval: Adjust the Sync Interval to an appropriate value. Recommended is 60 minutes to avoid Too Many Requests errors.
Click Next.
Enter these values:
Proofpoint URL: Enter your SCIM Server URL.
Proofpoint Username: Enter your SCIM Server Key.
Proofpoint Password: Enter your Proofpoint Password.
Proofpoint Window: Enter the number of days to fetch users and scores from proofpoint api.
Click Next.
Select a Range.
Click Save.
Go to User Risk Exchange and click Actions.
Click Add Action Configuration.
Click the Business rule dropdown list and choose the appropriate Business rule.
Select the Configuration dropdown list and choose Proofpoint.
Select Actions from the dropdown list and choose (Add to Group, Remove to Group or No Action).
Add to Group : When triggered, users are added to that group.
Remove to Group : When triggered, users are removed from that group.
No Action : This does not perform any actions on users.
From the Group dropdown list, select a Group Name, or select Create new group from the Group dropdown list. Enter the Group Name if you want to create a new group in Proofpoint.
Click Save.
Click Sync to perform the action manually.
Enter the days, then click Fetch to see the number of users will be affected by this action.
Click Sync for performing actions.
In User Risk Exchange, go to Action Logs.