Skip to content
Find out how we support MDR.

Proofpoint Targeted Attack Protection


You must have the "Email" integrations license pack to use this feature.

You can integrate Proofpoint Targeted Attack Protection (TAP) with Sophos Central so that it sends audit data to Sophos for analysis.

This integration is API-based.

The key steps are as follows:

  • Generate TAP service credentials for your Proofpoint account.
  • Add an integration in Sophos Central.

Generate TAP service credentials

TAP service credentials are used in Sophos Central to link to Proofpoint.

To generate these credentials, do as follows:

  1. Sign in to the TAP dashboard. See Welcome to the TAP Dashboard.
  2. Go to Settings > Connected Applications image.
  3. Click Create New Credential.
  4. Copy the Principal ID and Secret.

Add an integration

To integrate TAP with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center and click Integrations.
  2. Click Proofpoint Targeted Attack Protection.

    If you've already set up integrations of this type, you see them here.

  3. Click Add.


    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, do as follows:

    1. Enter a name and a description.
    2. Enter the Principal ID and Secret name.
    3. Click Save.

We create the integration and it appears in your list. If your integration shows as Connected, your data should appear in the Sophos Data Lake after validation.