Proofpoint Enterprise Protection and Enterprise Privacy sample event messages
Use the sample event messages to verify a successful integration with the QRadar product.
Proofpoint Enterprise Protection and Enterprise Privacy sample event message using Syslog protocol
Important: Due to formatting issues, paste the message into a text editor and remove any
carriage return or line feed characters.
Sample 1: Example of a 'sent' email log message is given below.
<22>Feb 11 08:22:26 proofpoint.enterpriseprotection.test sendmail[31248]: s1BDHmHc028570:
to=<user_test@proof.point.test>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=186258,
relay=[172.16.10.32] [172.16.10.32], dsn=2.0.0, stat=Sent (a1AAAAAa111111 Message accepted for delivery)
QRadar product field name | Highlighted payload field name |
---|---|
Event ID | info MESSAGE SENT from to= |
Category | Proofpoint |
Device Time | From payload header |
Source IP | relay= |
Username(s) | to= |
Sample 2: Example of a 'received' email log message is given below.
<22>Feb 11 08:22:26 proofpoint.enterpriseprotection.test sendmail[28570]: s1BDHmHc028570:
from=<user.1234@proof.point.test>, size=66258, class=0, nrcpts=1,
msgid=<USER.TEST.0@proof.point.test>, proto=SMTP, daemon=MTA, relay=proofpoint.test [127.0.0.1]
QRadar product field name | Highlighted payload field name |
---|---|
Event ID | info MESSAGE RECEIVED based on from= |
Category | Proofpoint |
Device Time | From payload header |
Source IP | From relay= |
Username(s) | From from=, msgid= |