What Changed
Added user-agent headers to HTTP requests in both Proofpoint TAP and POD (On Demand) Email Security CCF connectors:
- TAP connector: user-agent header “MicrosoftSentinelTAPConnector/{version}” added to all 4 API polling endpoints
- POD connector: user-agent header “MicrosoftSentinelPoDConnector/{version}” added to message and maillog API endpoints
Security Impact (Visibility & Fidelity)
This change enhances API request attribution for Proofpoint server-side logging and rate limiting mechanisms. The version-specific user-agent enables:
- Better troubleshooting of connector-related API issues by correlating requests to specific Sentinel solution versions
- Improved rate limiting accuracy on the Proofpoint API side through distinct client identification
- Enhanced audit trail for API consumption patterns per connector version
No changes to data ingestion logic, field mappings, or query syntax. The modification affects only HTTP request headers and does not impact detection fidelity or introduce breaking changes for existing deployments.
Deployment Impact
Version bumped to 3.1.3 for both solutions. The user-agent header includes a dynamic reference to the solution version variable, ensuring accurate version reporting without manual maintenance.
Affected Files
Solutions/ProofPointTap/Data Connectors/ProofpointTAP_CCP/ProofpointTAP_pollingconfig.json
Solutions/Proofpoint On demand(POD) Email Security/Data Connectors/ProofPointEmailSecurity_CCP/ProofpointPOD_PollingConfig.json
(packaging artefacts: 3.1.3.zip, ReleaseNotes.md, Solution_ProofPointPOD.json, Solution_ProofTap.json, mainTemplate.json)