Read Permitted Malicious Clicks

Fetch events for clicks to malicious URLs permitted in the specified time period.

The events returned for a specified range are based on the time that the event was created, not the time that the event occurred. The time an event is created is the later time of the following:

  • The time that the click occurred

  • The time that the threat referenced by click was recognized by Proofpoint

The input fields in this card are dynamically generated based on your instance.

Options

Field Definition Type Required
Range Type Choose from available ranges; options are Interval, Since Time, or Since Seconds Ago.

Dropdown

TRUE

Input

Field Definition Type Required

timeRange

Interval Time interval to query in ISO 8601 format. The minimum interval allowed is 30 seconds and the maximum interval is 1 hour.

Date & Time

TRUE

Since Time Start time of query in ISO 8601 format. The end of the period is the current API server time rounded to the nearest minute.

Date & Time

TRUE

Since Seconds Ago Set start time of query to this many seconds before the current API server time (rounded to the nearest minute).

Number

TRUE

Output

Field Definition Type
Query End Time Time the period being queried ended.

Date & Time

Links

URL Malicious URL that was clicked.

Text

Classification Threat category of the URL.

Text

Click Time Time at which the user clicked the URL.

Date & Time

Threat Time Time at which Proofpoint identified the URL as a threat.

Date & Time

User Agent User-Agent header from the clicker's http request.

Text

Campaign ID ID of campaign the threat belongs to, if available.

Text

Click IP External IP address of user who clicked the URL.

Text

Sender Email address of sender; user-part is hashed and domain-part in plaintext.

Text

Recipient Email addresses of the recipient.

Text

Sender IP IP address of the sender.

Text

ID UUID of the event.

Text

GUID Unique Proofpoint Protection Server (PPS) identifier.

Text

Threat ID Unique identifier of the threat.

Text

Threat URL Link to threat entry on TAP dashboard.

Text

Threat Status Status of the threat.

Text

Message ID Message ID.

Text

Related topics

Proofpoint connector

Workflow elements

Proofpoint API documentation