Palo Alto XSOAR is not able to ingest Proofpoint's TAP (Targeted Attack Protection) or TRAP (Threat Response Auto-Pull) emails. Because of the automation that is being done with TAP and TRAP, these emails do not go through XSOAR for "phishing" analysis. Our "Phishing" emails go right to XSOAR once a user reports it as phishing with the outlook extension. The TAP and TRAP emails go to a separate mailbox "Quarantine" that myself and team do not have visibility/privileges (administrated by another team) we are not able to just add that mailbox to our exchange profile and report the TAP and TRAP emails due to the high powered account that is used for the "Quarantine" mailbox, has the privileges to read ANY mailbox in the organization, and there are privacy/risk concerns. My question is, how are other customers ingesting their Proofpoint TAP and TRAP auto quarantined emails into XSOAR? is there another way that we can ingest the TAP and TRAP emails?
... View more