# Proofpoint TAP

Proofpoint TAP is an email security product that detects and blocks phishing, malware, and credential-theft threats delivered through email. Connecting Proofpoint TAP forwards URL Defense click events to Radiant Security via the Proofpoint API. Radiant uses these events for AI triage, giving analysts visibility into phishing links accessed from unmanaged devices and identifying users who clicked from personal machines.

{% hint style="info" %}
Looking for the response action connector? See [Execute Response Actions with Proofpoint TAP](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/proofpoint-tap/execute-response-actions-with-proofpoint-tap).
{% endhint %}

At the end of this configuration, you provide Radiant Security with the following values:

* **Service Principal**
* **Secret**
* **API Base URL**

### Prerequisites

* [ ] Admin access to Proofpoint TAP

### Generate Proofpoint TAP service credentials

1. Sign in to the [TAP dashboard](https://threatinsight.proofpoint.com/).
2. Navigate to **Settings** > **Connected Applications**.
3. Click **Create New Credential**.
4. Enter a name for the new credential, then click **Generate**.
5. Copy the **Service Principal** and **Secret** values from the prompt. You will provide these values to Radiant Security in the next section.

{% hint style="warning" %}
Copy the **Secret** value now. It cannot be retrieved later.
{% endhint %}

### Add the data connector in Radiant Security

1. Sign in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select **Proofpoint API v2**, then click **Data Feeds**.
4. Under **Select your data feeds**, select **URL Defense**, then click **Credentials**.
5. Under **Credential Name**, enter an identifiable name for this credential (e.g., `Proofpoint Credentials`).
6. Under **Required Credentials**, enter the following:
   * **Service Principal**: the value copied in the previous section.
   * **Secret**: the value copied in the previous section.
   * **API Base URL**: the URL of your Proofpoint TAP dashboard.&#x20;
7. Click **Add Connector** to save the configuration.

### Verify ingestion

After Proofpoint TAP begins forwarding, confirm events are reaching Radiant.

1. In Radiant, navigate to [Log Management](https://app.radiantsecurity.ai/logs).
2. Filter by `rs_connectorType:"proofpoint_url_defense"`.
3. Confirm recent events appear.

{% hint style="info" %}
Allow several minutes for events to be parsed, indexed, and available for search.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/proofpoint-tap.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.