🧪 Community ✓ Claude Code ✓ Claude Desktop • Email Security
Proofpoint
Proofpoint Email Protection - TAP, quarantine, threat intel, forensics, URL defense, VAP reports
Installation
Install this plugin individually:
/plugin marketplace add wyre-technology/msp-claude-plugins --plugin proofpoint Or install all MSP plugins at once:
/plugin marketplace add wyre-technology/msp-claude-plugins Features
- Forensics
- People
- Quarantine
- Tap
- Threat Intel
- Url Defense
Skills
This plugin provides 7 skills that teach Claude about Proofpoint:
| Skill | Description |
|---|---|
forensics | Use this skill when working with Proofpoint forensics and threat response - auto-pull, search and destroy, message trace, evidence collection, and remediation workflows. |
people | Use this skill when working with Proofpoint people-centric security - Very Attacked People (VAP) reports, top clickers, user risk scoring, attack index, and user-level threat analytics. |
quarantine | Use this skill when working with Proofpoint email quarantine - listing, searching, releasing, and deleting quarantined messages. |
tap | Use this skill when working with Proofpoint Targeted Attack Protection (TAP) - retrieving threat events, click tracking, message delivery and blocking data, SIEM integration feeds, and threat type analysis. |
threat-intel | Use this skill when working with Proofpoint threat intelligence - campaign tracking, threat families, indicators of compromise (IOCs), forensic evidence, and threat landscape analysis. |
url-defense | Use this skill when working with Proofpoint URL Defense - URL rewriting, URL decoding, real-time URL analysis, click-time protection, and URL investigation. |
api-patterns | Use this skill when working with the Proofpoint API - authentication using HTTP Basic Auth with service principal and secret, base URLs, rate limits, pagination, error codes, and common integration patterns. |
Commands
Available slash commands:
| Command | Description |
|---|---|
/check-threats | View recent TAP threat events including blocked messages, delivered threats, and click activity |
/decode-url | Decode a Proofpoint URL Defense rewritten URL back to the original URL |
/investigate-threat | Deep-dive threat investigation with forensics, campaign context, and remediation options |
/release-quarantine | Release one or more quarantined messages to their intended recipients |
/search-quarantine | Search quarantined messages in Proofpoint by sender, recipient, subject, or reason |
/vap-report | Get the Very Attacked People (VAP) report showing the most targeted users |
API Reference
| Base URL | |
| Authentication | |
| Rate Limit | |
| Documentation |
Example Usage
View recent TAP threat events including blocked messages, delivered threats, and click activity
/check-threatsDecode a Proofpoint URL Defense rewritten URL back to the original URL
/decode-urlDeep-dive threat investigation with forensics, campaign context, and remediation options
/investigate-threatRelease one or more quarantined messages to their intended recipients
/release-quarantineSearch quarantined messages in Proofpoint by sender, recipient, subject, or reason
/search-quarantineGet the Very Attacked People (VAP) report showing the most targeted users
/vap-reportUsing Skills
/skill proofpoint:forensics
Use this skill when working with Proofpoint forensics and threat response - auto-pull, search and destroy, message trace, evidence collection, and remediation workflows.