I have the Proof point On Demand Email Security Add-on configured on a HF and it is sending logs to the indexers to be consumed by splunk.
However I have another use-case where I need to get a copy of the logs into s3 for another application to use.
I thought I would ask if anyone in the community has worked with the add-on long enough to know how I could setup a second input using the ProofPoint Web-socket/API key to send the logs to a local file on the forwarder. From there I need to send the logs to s3, which I can do with scripted aws cli commands.
I know this is not a typical use-case but I thought I would ask.
Thank you
I have a couple ideas for you.
(You could just send _raw to the csv and have 1 column)
Again just ideas/thoughts. I have 0 experience with the app.
Thank you, I appreciate the reply. I tried deciphering the .py scripts but there are too many intermingled, no luck so far.