Issue
We are not receiving Alerts from our Proofpoint TAP Alert Source in Red Canary.
Environment
Red Canary Alerts
Resolution
Before you setup your Red Canary Proofpoint TAP Alert Source, you need to generate your Proofpoint TAP Service Credentials. This needs to be done inside your Proofpoint TAP dashboard. Please review the "Generate TAP Service Credentials" section in the following article: Integration with Proofpoint TAP.
Once you have your Proofpoint TAP Service Principal and Proofpoint TAP Service Secret values, you are now ready to create your Proofpoint TAP Alert Source in Red Canary.
- Go to the "Alert Sources" page in your Red Canary.
- If you do not already have a Proofpoint TAP Alert Source parser present in your Alert Source page, begin typing the name "Proofpoint TAP" in the search field at the top of the page.
- Once the Proofpoint TAP name appears, select it and wait for the parser object to appear in your list of active Alert Sources.
- Click on the "Proofpoint TAP" link inside the new Alert Source object to begin configuring it.
- Click on the blue "Configure" button on the top right Alerts page.
- Now enter your Proofpoint TAP Service Principal and Proofpoint TAP Service Secret values into their respective fields.
- Click the "Save" button.
NOTE: You may see an error message: "An unexpected error occurred when attempting to retrieve alerts. If the issue persists please contact support."
This is normal behavior. This error should clear within 5-10 minutes and you should start seeing Alert data come in.
Cause
Misconfiguration of the Proofpoint TAP Alert Source or invalid Proofpoint TAP Service Credentials. You need to include valid Proofpoint TAP Service Principal and Proofpoint TAP Service Secret values. Before you can obtain these you need to configure your Proofpoint TAP Service Credentials.