What Changed
Updated all KQL queries in the ProofPoint TAP workbook to reference the new CCF-based table names and column schema. This includes transitioning from legacy Custom Log Analytics tables to the V2 schema format.
Security Impact
Labeled P0 — assess deployment or pipeline breakage risk explicitly. Deployments using the ProofPoint TAP workbook with CCF-based connectors would have experienced complete visualization failure due to table name mismatches. All workbook charts would return empty results until this fix is applied.
Table Schema Changes
- ProofPointTAPMessagesBlocked_CL → ProofPointTAPMessagesBlockedV2_CL
- ProofPointTAPMessagesDelivered_CL → ProofPointTAPMessagesDeliveredV2_CL
- ProofPointTAPClicksBlocked_CL → ProofPointTAPClicksBlockedV2_CL
- ProofPointTAPClicksPermitted_CL → ProofPointTAPClicksPermittedV2_CL
- Column references updated: threatsInfoMap_s → threatsInfoMap, url_s → url, classification_s → classification, senderIP_s → senderIP
Affected Files
Solutions/ProofPointTap/Workbooks/ProofpointTAP.json