SIEM All

6 min

description retrieve all click and message events related to identified threats within a defined time frame from proofpoint endpoint url /v2/siem/all method get inputs parameters (object) – required each request must include one of the three following query parameters — since seconds, since time, or interval to define the desired time range for the data sinceseconds (string) an integer representing a time window in seconds from the current api server time the start of the window is the current api server time, rounded to the nearest minute, less the number of seconds provided the end of the window is the current api server time rounded to the nearest minute if json output is selected, the end time is included in the returned result sincetime (string) a string containing an iso8601 date it represents the start of the data retrieval period the end of the period is determined by current api server time rounded to the nearest minute if json output is selected, the end time is included in the returned result interval (string) a string containing an iso8601 formatted interval if this interval overlaps with previous requests for data, records from the previous request may be duplicated the minimum interval is thirty seconds the maximum interval is one hour format (string) a string specifying the format in which data is returned if no format is specified, syslog will be used as the default threattype (string) a string specifying which threat type will be returned in the data if no value is specified, all threat types are returned threatstatus (string) a string specifying which threat statuses will be returned in the data if no value is specified, active and cleared threats are returned output example \[ { "status code" 200, "response headers" { "date" "fri, 26 apr 2024 04 59 00 gmt", "content type" "text/plain", "content length" "1286", "connection" "keep alive", "server timing" "traceparent;desc=\\"00 f0905c6c701404804fdd783e49829bd3 504a48747fd43b4f 01\\"", "access control expose headers" "server timing", "vary" "accept encoding, user agent", "content encoding" "gzip", "strict transport security" "max age=15724800; includesubdomains" }, "reason" "ok", "response text" "<38>1 2024 04 26t04 32 51z proofpointtap msgblk \[tapmsg\@21139 messagetime=\\"2024 04 26t04 32 51z\\" messageid=\\"<8432089 84320\@35510 com>\\" recipient=\\"bcard\@vogon science\\" sender=\\"jenny\@gsd com\\" senderip=\\"208 86 203 10\\" phishscore=\\"0\\" spamscore=\\"100\\" qid=\\"3xqy7dgckq 1\\" guid=\\"ifehdxzdsi ji0f5vksic8ua2vvgcycu\\" threatsinfomap=\\"\[{\\\\\\"threatid\\\\\\" \\\\\\"41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"threatstatus\\\\\\" \\\\\\"active\\\\\\",\\\\\\"classification\\\\\\" \\\\\\"malware\\\\\\",\\\\\\"threaturl\\\\\\" \\\\\\"https //threatinsight proofpoint com/e65934ff e650 9cbe 56b5 e9cf2cc5ac2e/threat/email/41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"threattime\\\\\\" \\\\\\"2024 04 26t04 25 31 000z\\\\\\",\\\\\\"threat\\\\\\" \\\\\\"41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"campaignid\\\\\\"\ null,\\\\\\"threattype\\\\\\" \\\\\\"attachment\\\\\\"},{\\\\\\"threatid\\\\\\" \\\\\\"d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"threatstatus\\\\\\" \\\\\\"active\\\\\\",\\\\\\"classification\\\\\\" \\\\\\"malware\\\\\\",\\\\\\"threaturl\\\\\\" \\\\\\"https //threatinsight proofpoint com/e65934ff e650 9cbe 56b5 e9cf2cc5ac2e/threat/email/d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"threattime\\\\\\" \\\\\\"2024 04 26t04 16 32 000z\\\\\\",\\\\\\"threat\\\\\\" \\\\\\"d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"campaignid\\\\\\"\ null,\\\\\\"threattype\\\\\\" \\\\\\"attachment\\\\\\"}\\\\]\\" malwarescore=\\"100\\" impostorscore=\\"0 0\\" cluster=\\"proofpointdemo cloudadminuidemo hosted\\" subject=\\"your document\\" quarantinefolder=\\"attachment defense\\" quarantinerule=\\"threat\\" policyroutes=\\"default inbound\\" modulesrun=\\"av,spf,sandbox,spam,dmarc,urldefense,pdr\\" messagesize=\\"142082\\" headerfrom=\\"jenny green \<jenny\@gsd com>\\" headerreplyto=\\"null\\" fromaddress=\\"jenny\@gsd com\\" toaddresses=\\"bcard\@vogon science\\" ccaddresses=\\"null\\" replytoaddress=\\"null\\" xmailer=\\"null\\" completelyrewritten=\\"false\\" messageparts=\\"\[{\\\\\\"disposition\\\\\\" \\\\\\"attached\\\\\\",\\\\\\"sha256\\\\\\" \\\\\\"41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"md5\\\\\\" \\\\\\"6fd558cf3add096970e15d1e62ca1957\\\\\\",\\\\\\"filename\\\\\\" \\\\\\"document doc scr\\\\\\",\\\\\\"sandboxstatus\\\\\\" \\\\\\"threat\\\\\\",\\\\\\"ocontenttype\\\\\\" \\\\\\"application/octet stream\\\\\\",\\\\\\"contenttype\\\\\\" \\\\\\"application/octet stream\\\\\\"},{\\\\\\"disposition\\\\\\" \\\\\\"inline\\\\\\",\\\\\\"sha256\\\\\\" \\\\\\"23929d744e8c9c9612eafe332be4abd38a5946a8f7d372545685a9e30070dff4\\\\\\",\\\\\\"md5\\\\\\" \\\\\\"5f08cb91482af70246874e8e43e66821\\\\\\",\\\\\\"filename\\\\\\" \\\\\\"text txt\\\\\\",\\\\\\"sandboxstatus\\\\\\" \\\\\\"not supported\\\\\\",\\\\\\"ocontenttype\\\\\\" \\\\\\"text/plain\\\\\\",\\\\\\"contenttype\\\\\\" \\\\\\"text/plain\\\\\\"},{\\\\\\"disposition\\\\\\" \\\\\\"attached\\\\\\",\\\\\\"sha256\\\\\\" \\\\\\"d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"md5\\\\\\" \\\\\\"6dfd06fe70cb840c97edb292ac4272ca\\\\\\",\\\\\\"filename\\\\\\" \\\\\\"document zip\\\\\\",\\\\\\"sandboxstatus\\\\\\" \\\\\\"threat\\\\\\",\\\\\\"ocontenttype\\\\\\" \\\\\\"application/zip\\\\\\",\\\\\\"contenttype\\\\\\" \\\\\\"application/zip\\\\\\"}\\\\]\\"]\n<38>1 2024 04 26t04 33 27z proofpointtap msgblk \[tapmsg\@21139 messagetime=\\"2024 04 26t04 33 27z\\" messageid=\\"<6126050 61260\@60895 com>\\" recipient=\\"ahaynie\@vogon science\\" sender=\\"jenny\@gsd com\\" senderip=\\"208 86 203 10\\" phishscore=\\"0\\" spamscore=\\"100\\" qid=\\"3xqy7dgckv 1\\" guid=\\"xikkth8uzyxy0rqwob5ebo5a7zws2skf\\" threatsinfomap=\\"\[{\\\\\\"threatid\\\\\\" \\\\\\"41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"threatstatus\\\\\\" \\\\\\"active\\\\\\",\\\\\\"classification\\\\\\" \\\\\\"malware\\\\\\",\\\\\\"threaturl\\\\\\" \\\\\\"https //threatinsight proofpoint com/e65934ff e650 9cbe 56b5 e9cf2cc5ac2e/threat/email/41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"threattime\\\\\\" \\\\\\"2024 04 26t04 25 31 000z\\\\\\",\\\\\\"threat\\\\\\" \\\\\\"41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"campaignid\\\\\\"\ null,\\\\\\"threattype\\\\\\" \\\\\\"attachment\\\\\\"},{\\\\\\"threatid\\\\\\" \\\\\\"d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"threatstatus\\\\\\" \\\\\\"active\\\\\\",\\\\\\"classification\\\\\\" \\\\\\"malware\\\\\\",\\\\\\"threaturl\\\\\\" \\\\\\"https //threatinsight proofpoint com/e65934ff e650 9cbe 56b5 e9cf2cc5ac2e/threat/email/d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"threattime\\\\\\" \\\\\\"2024 04 26t04 16 32 000z\\\\\\",\\\\\\"threat\\\\\\" \\\\\\"d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"campaignid\\\\\\"\ null,\\\\\\"threattype\\\\\\" \\\\\\"attachment\\\\\\"}\\\\]\\" malwarescore=\\"100\\" impostorscore=\\"0 0\\" cluster=\\"proofpointdemo cloudadminuidemo hosted\\" subject=\\"your document\\" quarantinefolder=\\"attachment defense\\" quarantinerule=\\"threat\\" policyroutes=\\"default inbound\\" modulesrun=\\"av,spf,sandbox,spam,dmarc,urldefense,pdr\\" messagesize=\\"142084\\" headerfrom=\\"jenny green \<jenny\@gsd com>\\" headerreplyto=\\"null\\" fromaddress=\\"jenny\@gsd com\\" toaddresses=\\"ahaynie\@vogon science\\" ccaddresses=\\"null\\" replytoaddress=\\"null\\" xmailer=\\"null\\" completelyrewritten=\\"false\\" messageparts=\\"\[{\\\\\\"disposition\\\\\\" \\\\\\"attached\\\\\\",\\\\\\"sha256\\\\\\" \\\\\\"41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"md5\\\\\\" \\\\\\"6fd558cf3add096970e15d1e62ca1957\\\\\\",\\\\\\"filename\\\\\\" \\\\\\"document doc scr\\\\\\",\\\\\\"sandboxstatus\\\\\\" \\\\\\"threat\\\\\\",\\\\\\"ocontenttype\\\\\\" \\\\\\"application/octet stream\\\\\\",\\\\\\"contenttype\\\\\\" \\\\\\"application/octet stream\\\\\\"},{\\\\\\"disposition\\\\\\" \\\\\\"inline\\\\\\",\\\\\\"sha256\\\\\\" \\\\\\"23929d744e8c9c9612eafe332be4abd38a5946a8f7d372545685a9e30070dff4\\\\\\",\\\\\\"md5\\\\\\" \\\\\\"5f08cb91482af70246874e8e43e66821\\\\\\",\\\\\\"filename\\\\\\" \\\\\\"text txt\\\\\\",\\\\\\"sandboxstatus\\\\\\" \\\\\\"not supported\\\\\\",\\\\\\"ocontenttype\\\\\\" \\\\\\"text/plain\\\\\\",\\\\\\"contenttype\\\\\\" \\\\\\"text/plain\\\\\\"},{\\\\\\"disposition\\\\\\" \\\\\\"attached\\\\\\",\\\\\\"sha256\\\\\\" \\\\\\"d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"md5\\\\\\" \\\\\\"6dfd06fe70cb840c97edb292ac4272ca\\\\\\",\\\\\\"filename\\\\\\" \\\\\\"document zip\\\\\\",\\\\\\"sandboxstatus\\\\\\" \\\\\\"threat\\\\\\",\\\\\\"ocontenttype\\\\\\" \\\\\\"application/zip\\\\\\",\\\\\\"contenttype\\\\\\" \\\\\\"application/zip\\\\\\"}\\\\]\\"]\n<38>1 2024 04 26t04 34 24z proofpointtap msgblk \[tapmsg\@21139 messagetime=\\"2024 04 26t04 34 24z\\" messageid=\\"<2547182 25471\@11741 com>\\" recipient=\\"lrogers\@vogon science\\" sender=\\"jenny\@gsd com\\" senderip=\\"208 86 203 10\\" phishscore=\\"0\\" spamscore=\\"100\\" qid=\\"3xqy7dgcmu 1\\" guid=\\"nlbf1jjdamkafo9oqxendkmbl f6hi4o\\" threatsinfomap=\\"\[{\\\\\\"threatid\\\\\\" \\\\\\"41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"threatstatus\\\\\\" \\\\\\"active\\\\\\",\\\\\\"classification\\\\\\" \\\\\\"malware\\\\\\",\\\\\\"threaturl\\\\\\" \\\\\\"https //threatinsight proofpoint com/e65934ff e650 9cbe 56b5 e9cf2cc5ac2e/threat/email/41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"threattime\\\\\\" \\\\\\"2024 04 26t04 25 31 000z\\\\\\",\\\\\\"threat\\\\\\" \\\\\\"41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"campaignid\\\\\\"\ null,\\\\\\"threattype\\\\\\" \\\\\\"attachment\\\\\\"},{\\\\\\"threatid\\\\\\" \\\\\\"d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"threatstatus\\\\\\" \\\\\\"active\\\\\\",\\\\\\"classification\\\\\\" \\\\\\"malware\\\\\\",\\\\\\"threaturl\\\\\\" \\\\\\"https //threatinsight proofpoint com/e65934ff e650 9cbe 56b5 e9cf2cc5ac2e/threat/email/d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"threattime\\\\\\" \\\\\\"2024 04 26t04 16 32 000z\\\\\\",\\\\\\"threat\\\\\\" \\\\\\"d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"campaignid\\\\\\"\ null,\\\\\\"threattype\\\\\\" \\\\\\"attachment\\\\\\"}\\\\]\\" malwarescore=\\"100\\" impostorscore=\\"0 0\\" cluster=\\"proofpointdemo cloudadminuidemo hosted\\" subject=\\"your document\\" quarantinefolder=\\"attachment defense\\" quarantinerule=\\"threat\\" policyroutes=\\"default inbound\\" modulesrun=\\"av,spf,sandbox,spam,dmarc,urldefense,pdr\\" messagesize=\\"142097\\" headerfrom=\\"jenny green \<jenny\@gsd com>\\" headerreplyto=\\"null\\" fromaddress=\\"jenny\@gsd com\\" toaddresses=\\"lrogers\@vogon science\\" ccaddresses=\\"null\\" replytoaddress=\\"null\\" xmailer=\\"null\\" completelyrewritten=\\"false\\" messageparts=\\"\[{\\\\\\"disposition\\\\\\" \\\\\\"attached\\\\\\",\\\\\\"sha256\\\\\\" \\\\\\"41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898\\\\\\",\\\\\\"md5\\\\\\" \\\\\\"6fd558cf3add096970e15d1e62ca1957\\\\\\",\\\\\\"filename\\\\\\" \\\\\\"document doc scr\\\\\\",\\\\\\"sandboxstatus\\\\\\" \\\\\\"threat\\\\\\",\\\\\\"ocontenttype\\\\\\" \\\\\\"application/octet stream\\\\\\",\\\\\\"contenttype\\\\\\" \\\\\\"application/octet stream\\\\\\"},{\\\\\\"disposition\\\\\\" \\\\\\"inline\\\\\\",\\\\\\"sha256\\\\\\" \\\\\\"23929d744e8c9c9612eafe332be4abd38a5946a8f7d372545685a9e30070dff4\\\\\\",\\\\\\"md5\\\\\\" \\\\\\"5f08cb91482af70246874e8e43e66821\\\\\\",\\\\\\"filename\\\\\\" \\\\\\"text txt\\\\\\",\\\\\\"sandboxstatus\\\\\\" \\\\\\"not supported\\\\\\",\\\\\\"ocontenttype\\\\\\" \\\\\\"text/plain\\\\\\",\\\\\\"contenttype\\\\\\" \\\\\\"text/plain\\\\\\"},{\\\\\\"disposition\\\\\\" \\\\\\"attached\\\\\\",\\\\\\"sha256\\\\\\" \\\\\\"d212718eb644c7803f73dc13b55536e84263a3f959219bd067dc4092a2095b15\\\\\\",\\\\\\"md5\\\\\\" \\\\\\"6dfd06fe70cb840c97edb292ac4272ca\\\\\\",\\\\\\"filename\\\\\\" \\\\\\"document zip\\\\\\",\\\\\\"sandboxstatus\\\\\\" \\\\\\"threat\\\\\\",\\\\\\"ocontenttype\\\\\\" \\\\\\"application/zip\\\\\\",\\\\\\"contenttype\\\\\\" \\\\\\"application/zip\\\\\\"}\\\\]\\"]\n" } ] output parameters status code (number) reason (string) response text (string) response headers header type date string content type string content length string connection string server timing string access control expose headers string vary string content encoding string strict transport security string

Forensics Threat

Siem Clicks Blocked