What Changed
Updated Proofpoint POD (On Demand) Email Security solution to version 3.1.4, adding critical time parameter configuration to the CCF polling configuration for both message and maillog data streams.
Data Collection Fix
Added three essential timing parameters to the polling configuration:
- queryTimeFormat: yyyy-MM-ddTHH:mm:ss.sss-0000 (standardized timestamp format)
- startTimeAttributeName: sinceTime (explicit time parameter name)
- firstWindowBackfillInMin: 5 (5-minute backfill window)
Security Impact (Visibility & Fidelity)
The previous configuration lacked explicit time parameter handling, potentially causing data collection gaps during connector initialization or restart scenarios. Without the sinceTime parameter properly configured, the connector may have failed to establish the correct starting point for data collection, resulting in missed email security events.
This fix ensures consistent chronological data collection from Proofpoint POD, critical for maintaining complete visibility into email-based threats including phishing attempts, malware delivery, and policy violations.
Validation Issues
Per review comments, this PR contains validation errors in the ReleaseNotes.md table formatting and solution metadata configuration that will need correction before deployment.
Affected Files
Solutions/Proofpoint On demand(POD) Email Security/Data Connectors/ProofPointEmailSecurity_CCP/ProofpointPOD_PollingConfig.json
(packaging artefacts: 3.1.4.zip, ReleaseNotes.md, Solution_ProofPointPOD.json, mainTemplate.json)