New Permitted Malicious Click
Start a flow when there are new events for clicks to malicious URLs permitted.
This is a polling event that returns at most one hour's worth of data. Setting the polling interval to an interval greater than one hour will result in no data being returned.
Output
| Field | Definition | Type |
|---|---|---|
|
Links |
||
|
URL |
Malicious URL that was clicked. |
Text |
|
Classification |
Threat category of the URL. |
Text |
|
Click Time |
The time at which the user clicked the URL. |
Date & Time |
|
Threat Time |
The time at which Proofpoint identified the URL as a threat. |
Date & Time |
|
User Agent |
User-Agent header from the clicker's HTTP request. |
Text |
|
Campaign ID |
Identifier for the campaign the threat belongs to, if available. |
Text |
|
Click IP |
External IP address of the user who clicked the link. |
Text |
|
Sender |
Email address of sender; user-part is hashed and domain-part in plain text. |
Text |
|
Recipient |
Email address of the recipient. |
Text |
|
Sender IP |
IP address of the sender. |
Text |
|
ID |
UUID of the event. |
Text |
|
GUID |
Unique identifier of the message in Proofpoint Protection Server (PPS). |
Text |
|
Threat ID |
Unique identifier of the threat. |
Text |
|
Threat URL |
Link to threat entry on TAP dashboard. |
Text |
|
Threat Status |
Status of the threat. |
Text |
|
Message ID |
Non-unique message ID extracted from headers of email message. |
Text |