New Permitted Malicious Click

Start a flow when there are new events for clicks to malicious URLs permitted.

This is a polling event that returns at most one hour's worth of data. Setting the polling interval to an interval greater than one hour will result in no data being returned.


Field Definition Type
URL Malicious URL that was clicked. String
Classification Threat category of the URL. String
Click Time The time at which the user clicked the URL. Date & Time
Threat Time The time at which Proofpoint identified the URL as a threat. Date & Time
User Agent User-Agent header from the clicker's HTTP request. String
Campaign ID Identifier for the campaign the threat belongs to, if available. String
Click IP External IP address of the user who clicked the link. String
Sender Email address of sender; user-part is hashed and domain-part in plain text. String
Recipient Email address of the recipient. String
Sender IP IP address of the sender. String
ID UUID of the event. String
GUID Unique identifier of the message in Proofpoint Protection Server (PPS). String
Threat ID Unique identifier of the threat. String
Threat URL Link to threat entry on TAP dashboard. String
Threat Status Status of the threat. String
Message ID Non-unique message ID extracted from headers of email message. String

Related topics

Proofpoint connector

Workflow elements

Proofpoint API documentation