Skip to main content
All CollectionsTemplatesBasic
Create Torq Cases from Proofpoint Clicks Permitted - Workflow Template
Create Torq Cases from Proofpoint Clicks Permitted - Workflow Template

On a schedule check for clicks permitted in Proofpoint and enrich the URLs in VirusTotal and open a Torq Case for each finding.

Updated over a week ago

The "Create Torq Cases from Proofpoint Clicks Permitted" workflow automates the process of managing suspicious user activity within an organization's network. When scheduled to run, it checks for recently allowed clicks via Proofpoint and investigates the related URLs using VirusTotal. If potential threats are identified, the workflow generates detailed Torq cases, tagging them appropriately based on the nature of the threat—whether malicious, suspicious, or phishing. This enables teams to respond swiftly to security incidents, streamlining incident response and bolstering the organization's cyber defense mechanisms.

Take Me to the Template

Use Cases

Suspicious User Activity

Workflow Breakdown

  1. Check for the previous execution and calculate a new start time period

  2. Query Proofpoint for any clicks permitted in the time period

  3. If a click is found enrich the URL in VirusTotal

  4. Open a new Torq case and add any VirusTotal summary information and tag the case with relevant findings.

Vendors

Utils, VirusTotal, Torq, Torq Cases, Proofpoint

Workflow Output

New Torq cases based on Proofpoint Clicks Permitted.

Related Articles
Open a PagerDuty Incident on Host Detection (CrowdStrike) - Workflow Template
VirusTotal URL Enrichment with Cache - Workflow Template
Submit a File for Analysis to VirusTotal with Cache - Workflow Template
Create Cases from SentinelOne Events found in Azure Sentinel - Workflow Template
Create Torq Cases from SentinelOne Threats Reported in Chronicle - Workflow Template
Did this answer your question?