Data export lets you securely replicate your data outside Proofpoint. This includes activity data, alerts and events. There is no retention limit on the exported data. Once it is exported, you can manipulate the data to perform analysis and correlations.
Data can be replicated to a customer-owned AWS S3 bucket and can then be pulled into other analytic tools such as SIEMs and Data Lakes. You specify which data you want to export.
Exported Data Prefixes
Export data is written at the storage root level with the following path (base path is not configurable).
You can use the prefixes to help you when locating data.
tenants/{{data-kind}}/tenant={{platform-tenant-id}}/year={{year}}/month={{month}}/day={{day}}/hour={{hour}}/FILE-NAME.gz
where:
{{data-kind}} for each product is:
-
oitactivity = endpoint data events
-
casb = casb data events
-
meta = meta networks data events
-
incidents = incidents across all channels/products
-
platform = audit data across all channels/products (contains web console users activity data as well)