Proofpoint Enterprise Protection and Enterprise Privacy sample event messages

Use the sample event messages to verify a successful integration with the QRadar product.

Proofpoint Enterprise Protection and Enterprise Privacy sample event message using Syslog protocol

Important: Due to formatting issues, paste the message into a text editor and remove any carriage return or line feed characters.

Sample 1: Example of a 'sent' email log message is given below.

<22>Feb 11 08:22:26 proofpoint.enterpriseprotection.test sendmail[31248]: s1BDHmHc028570: 
to=<user_test@proof.point.test>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=186258, 
relay=[172.16.10.32] [172.16.10.32], dsn=2.0.0, stat=Sent (a1AAAAAa111111 Message accepted for delivery)
Table 1. Highlighted fields in the Proofpoint Enterprise Protection and Enterprise Privacy event
QRadar product field name Highlighted payload field name
Event ID info MESSAGE SENT from to=
Category Proofpoint
Device Time From payload header
Source IP relay=
Username(s) to=

Sample 2: Example of a 'received' email log message is given below.

<22>Feb 11 08:22:26 proofpoint.enterpriseprotection.test sendmail[28570]: s1BDHmHc028570: 
from=<user.1234@proof.point.test>, size=66258, class=0, nrcpts=1,
msgid=<USER.TEST.0@proof.point.test>, proto=SMTP, daemon=MTA, relay=proofpoint.test [127.0.0.1]
Table 2. Highlighted fields in the Proofpoint Enterprise Protection and Enterprise Privacy event
QRadar product field name Highlighted payload field name
Event ID info MESSAGE RECEIVED based on from=
Category Proofpoint
Device Time From payload header
Source IP From relay=
Username(s) From from=, msgid=