Note: Please refer to the following before installing the solution:

• Review the solution Release Notes

• There may be known issues pertaining to this Solution, please refer to them before installing.

The Proofpoint on Demand Email Security solution for Microsoft Sentinel enables you to ingest Proofpoint on Demand Email Protection data and activity logs for monitoring email activity, events and threats in your organization.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

a. Azure Monitor HTTP Data Collector API

b. Azure Functions

NOTE: Microsoft recommends installation of Proofpoint On Demand Email Security (via Codeless Connector Platform).This connector is build on the Codeless Connector Platform (CCP), which uses the Log Ingestion API, which replaces ingestion via the deprecated HTTP Data Collector API. CCP-based data connectors also support Data Collection Rules (DCRs) offering transformations and enrichment.

Important: While the updated connector(s) can coexist with their legacy versions, running them together will result in duplicated data ingestion. You can disable the legacy versions of these connectors to avoid duplication of data.

Data Connectors: 2, Parsers: 1, Workbooks: 1, Analytic Rules: 10, Hunting Queries: 10