New Permitted Malicious Click

Start a flow when there are new events for clicks to malicious URLs permitted.

This is a polling event that returns at most one hour's worth of data. Setting the polling interval to an interval greater than one hour will result in no data being returned.

Output

Field Definition Type

Links

URL Malicious URL that was clicked.

Text

Classification Threat category of the URL.

Text

Click Time The time at which the user clicked the URL.

Date & Time

Threat Time The time at which Proofpoint identified the URL as a threat.

Date & Time

User Agent User-Agent header from the clicker's HTTP request.

Text

Campaign ID Identifier for the campaign the threat belongs to, if available.

Text

Click IP External IP address of the user who clicked the link.

Text

Sender Email address of sender; user-part is hashed and domain-part in plain text.

Text

Recipient Email address of the recipient.

Text

Sender IP IP address of the sender.

Text

ID UUID of the event.

Text

GUID Unique identifier of the message in Proofpoint Protection Server (PPS).

Text

Threat ID Unique identifier of the threat.

Text

Threat URL Link to threat entry on TAP dashboard.

Text

Threat Status Status of the threat.

Text

Message ID Non-unique message ID extracted from headers of email message.

Text

Related topics

Proofpoint connector

Workflow elements

Proofpoint API documentation