Get Threat Details

Pull detailed attributes about individual threats observed in their environment. For more information, visit the Proofpoint TAP documentation

External Documentation

To learn more, visit the Proofpoint TAP documentation.

Parameters

Parameter	Description
Threat ID	The threat unique identifier. Can be retrieved from the 'List Events Of All Known Threats'. Or the URL suffix of the TAP Dashboard Threat Detail page.

Example Output

{
    "id": "029bef505d5de699740a1814cba0b6abb685f46d053dea79fd95ba6769e40a6f",
    "identifiedAt": "2020-07-21T15:30:10.000Z",
    "name": "029bef505d5de699740a1814cba0b6abb685f46d053dea79fd95ba6769e40a6f",
    "type": "attachment",
    "category": "malware",
    "status": "active",
    "severity": 20,
    "attackSpread": 62,
    "notable": false,
    "verticals": false,
    "geographies": false,
    "actors": [
        {
            "id": "6e3b86b0-a823-4ed6-8d75-db4d7ead43ba",
            "name": "TA505"
        }
    ],
    "families": [
        {
            "id": "cfd29eb5-544f-4ef4-920c-7c4e428931e0",
            "name": "Banking"
        }
    ],
    "malware": [
        {
            "id": "8faf65ef-0524-45e0-a036-d1b6e261825c",
            "name": "Ursnif"
        }
    ],
    "techniques": [
        {
            "id": "accc60d8-4426-4ba2-b2f5-f9ec2eb4685b",
            "name": "XL4 macros"
        }
    ],
    "brands": [
        {
            "id": "acasd60d8-4426-4ba2-b2f5-f9ec2eb4685b",
            "name": "DocuSign"
        }
    ]
}

Workflow Library Example

Get Threat Details with Proofpoint Tap and Send Results Via Email

Preview this Workflow on desktop

Get Threat Details

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example