Providing Proofpoint TAP Credentials to Arctic Wolf

Configuration Guide

Updated Nov 30, 2022

Providing Proofpoint TAP Credentials to Arctic Wolf

Overview Direct link to this section

This document describes how to retrieve and submit the credentials that Arctic Wolf® needs to monitor Proofpoint TAP. After you complete this configuration, Arctic Wolf can monitor logs from your Proofpoint TAP environment.

As part of this configuration, you must provide the following information about your Proofpoint TAP environment to Arctic Wolf on the Arctic Wolf Portal:

For more information about Proofpoint TAP, see the Proofpoint TAP documentation.

Generate Proofpoint TAP service credentials Direct link to this section

To generate a set of Proofpoint TAP service credentials:

  1. Sign in to the TAP dashboard.

  2. Navigate to Settings > Connected Applications.

  3. Click Create New Credential.

  4. Name the new credential set and click Generate.

  5. Copy the Service Principal and Secret values from the prompt to provide to Arctic Wolf.

  6. Proceed to Provide credentials to Arctic Wolf.

Provide credentials to Arctic Wolf Direct link to this section

To provide your cloud application details to Arctic Wolf on the Arctic Portal:

Note: If you are configuring a beta cloud integration, follow the URL provided from Arctic Wolf and start at step 4.

  1. Sign in to the Arctic Wolf Portal.

  2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

    Connected Accounts menu

  3. Select +Add Account to open the Add Account form.

  4. Select Cloud Detection and Response as the Account Type.

  5. Select Proofpoint TAP from the list of cloud services.

    1. Enter a descriptive name for the credentials.

    2. Paste the Service Principal and Secret values from Generate Proofpoint TAP Service Credentials into the form.

  6. Select Submit to CST.

  7. When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.

  8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After your Concierge Security® Team provisions security monitoring for your account, the status of your credentials changes to Connected.