What Changed
Two ProofPoint TAP Analytic Rules have been updated to reference the newer ProofpointTAPv2 connector ID instead of the legacy ProofpointTAP connector. The affected detection rules maintain their existing logic while ensuring compatibility with the updated connector infrastructure.
Detection Rules Updated
- MalwareAttachmentDelivered (version 1.0.5 → 1.0.6): Monitors for malicious email attachments delivered through ProofPoint TAP
- MalwareLinkClicked (version 1.0.6 → 1.0.7): Detects clicks on malicious URLs identified by ProofPoint TAP
Both rules continue to monitor the same data tables (ProofPointTAPMessagesDeliveredV2_CL and ProofPointTAPClicksPermittedV2_CL) with no changes to detection logic or thresholds.
Compatibility Impact
Deployments using the legacy ProofpointTAP connector may need to migrate to ProofpointTAPv2 for these rules to function correctly. The connector ID change ensures proper data source validation and maintains detection coverage for ProofPoint TAP telemetry.
Affected Files
Solutions/ProofPointTap/Analytic Rules/MalwareAttachmentDelivered.yaml
Solutions/ProofPointTap/Analytic Rules/MalwareLinkClicked.yaml
Workbooks/WorkbooksMetadata.json
.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json