This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.
Proofpoint Email Threat
Domain, email-subject, hash-md5, ipv4, and uri.
Enriches supported observables and entities with information on email threats.
The Proofpoint Email Threat enricher uses input data such as email subjects, domain names, hashes, and IP addresses to return information on email threats such as phishing, spoofing, and email malware.
Users need an API key for their own configuration. Sign up and subscribe to the service to obtain the required API key credentials to access the API endpoint exposing the service.
Configure the enricher parameters
Edit the enricher.
From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the Proofpoint Email Threat enricher.
The API URL field is automatically filled in with the default domain for the endpoint.
You can add a proxy or set up ports according to your needs.
Default value: https://api.emaildefense.proofpoint.com/v1.
In the API key field, enter your API key.
In the Likely impact threshold (low) field, enter an integer value between 0 and 100 to assess the maliciousness confidence level of detected email threats.
This value sets the minimum maliciousness confidence value to flag a potential email threat as somewhat likely to be malicious.
The lower threshold value needs to be smaller than the highest threshold value.
Default value: 60.
In the Likely impact threshold (high) field, enter an integer value between 0 and 100 to assess the maliciousness confidence level of detected email threats.
This value sets the minimum maliciousness confidence value to flag a potential email threat as very likely to be malicious.
The higher threshold value needs to be bigger than the lower threshold value.
Default value: 90.
To store your changes, click Save; to discard them, click Cancel.