Proofpoint
Proofpoint is a comprehensive cybersecurity platform that provides threat detection, email security, and security analytics solutions. The Proofpoint connector enables you to access Proofpoint API endpoints to retrieve security alerts, threat intelligence, email security data, and other security-related information. This connector is particularly useful for applications that need to extract security alerts, analyze threat data, integrate security information with SIEM systems, or build security analytics and reporting solutions.

Power end-to-end data operations for your Proofpoint API with Nexla. Our bi-directional Proofpoint connector is purpose-built for Proofpoint, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to Proofpoint or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your Proofpoint workflows fast, secure, and fully governed.
Features
Type: API
- Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
- Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
- API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
- Request optimization with intelligent batching, retry, and caching to minimize API calls and costs
Prerequisites
Before creating a Proofpoint credential, you'll need to obtain authentication credentials (username and password or API key) from your Proofpoint account. Proofpoint provides API credentials for programmatic access to their security platform through the Proofpoint admin console.
To obtain Proofpoint API credentials:
-
Log in to your Proofpoint admin console. The URL depends on your Proofpoint deployment type:
- Proofpoint Essentials:
https://us1.proofpointessentials.comor your region-specific URL - Proofpoint TAP (Threat Analysis Platform): Your organization's Proofpoint TAP URL
- Proofpoint CASB: Your organization's Proofpoint CASB URL
- Proofpoint Essentials:
-
Navigate to Settings > API or Administration > API Access section in the admin console.
-
In the API settings, locate the API key management area. Proofpoint uses username/password or API key authentication depending on your deployment type.
-
If you're using Proofpoint Essentials, you'll typically use your admin username and password for Basic Authentication.
-
If you're using Proofpoint TAP or other Proofpoint services, you may need to generate API credentials or use service account credentials.
-
Copy the Username (or API Key) and Password immediately. Store them securely, as you'll need them to authenticate API requests.
Proofpoint authentication methods vary by deployment type. Proofpoint Essentials typically uses Basic Authentication with username and password. Proofpoint TAP and other services may use different authentication methods. Ensure you have the correct credentials for your specific Proofpoint deployment type.
For detailed information about Proofpoint API authentication and credential management, refer to the Proofpoint SIEM API Documentation.
Authenticate
Credentials required
A standard authentication method that requires sending encoded username and password credentials along with the requests for Proofpoint
| Field | Required | Secret | Description |
|---|---|---|---|
| Username Or API Key | Yes | No | Your username or personal API Key for Proofpoint |
| Password | Yes | Yes | Your password for Proofpoint |
Create a credential in Nexla
- After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
New Credential Overlay – Proofpoint

-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
-
In the Username Or API Key field, enter your Proofpoint username or API key. This is used for Basic Authentication to access the Proofpoint API.
-
In the Password field, enter your Proofpoint password. This is used for Basic Authentication along with the username.
The password is sensitive information and should be kept secure. If you've lost your password, you'll need to reset it in your Proofpoint admin console. For Proofpoint Essentials, use your admin account credentials. For other Proofpoint services, use the appropriate service account or API credentials.
-
Click the Save button at the bottom of the overlay. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation.
Use as a data source
To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the Proofpoint connector tile, then select the credential that will be used to connect to the Proofpoint API, and click Next; or, create a new Proofpoint credential for use in this flow.
Endpoint templates
Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common Proofpoint API endpoints. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below.
Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.
Manual configuration
Proofpoint data sources can also be manually configured to ingest data from any valid Proofpoint API endpoint, including endpoints not covered by the pre-built templates, chained API calls, or custom request parameters. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, date/time and lookup macros, path to data, metadata, and request headers.
Proofpoint API endpoint URLs vary by deployment type: Proofpoint Essentials (https://us1.proofpointessentials.com/api/v1/{resource}), Proofpoint TAP (https://tap-api.proofpoint.com/v2/{resource}), Proofpoint CASB (https://api.proofpoint.com/v1/{resource}), and Proofpoint ETI (https://api.proofpoint.com/v1/{resource}). For the response data path, use $.messagesDelivered[*] to extract arrays of messages, $.alerts[*] to extract arrays of alerts, or $ for the entire response. Additional request headers are rarely needed since the Authorization header for Basic Authentication (username/password) is automatically included from your credential. For complete information about Proofpoint API endpoints, refer to the Proofpoint SIEM API Documentation.
Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new Proofpoint data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.