Integrations

Connects with your stack

PhishFortress integrates seamlessly with Microsoft 365, leading SIEM platforms, identity providers, and the tools your team already uses.

Microsoft 365SplunkSentinelOktaCrowdStrikeServiceNowSlackXSOAR

Microsoft Exchange Online

Microsoft 365

Full email flow monitoring with read-only Graph API access. Analyze headers, metadata, attachments, and URLs in real-time.

Email metadata analysis

Attachment scanning

URL detonation

Header inspection

Microsoft Entra ID

Microsoft 365

Sign-in activity monitoring, conditional access policy analysis, and identity-based threat detection.

Sign-in monitoring

Risk detection

MFA status tracking

Conditional access analysis

Microsoft Defender

Microsoft 365

Enrich PhishFortress detections with Defender threat intelligence and correlate alerts across platforms.

Alert correlation

Threat intelligence

Incident enrichment

Automated remediation

Beta

Microsoft Teams

Microsoft 365

Monitor Teams messages and file sharing for phishing links, malicious files, and social engineering attempts.

Message scanning

File sharing monitoring

External access tracking

Guest user alerts

Splunk

SIEM & SOAR

Stream PhishFortress alerts and threat data directly to Splunk for centralized security event management.

Real-time event streaming

Custom dashboards

Alert forwarding

Threat correlation

Microsoft Sentinel

SIEM & SOAR

Native integration with Azure Sentinel for cloud-native SIEM correlation and automated investigation.

Bi-directional sync

Workbook templates

Hunting queries

Automated playbooks

Palo Alto XSOAR

SIEM & SOAR

Automate investigation and response workflows with PhishFortress data enrichment and remediation actions.

Playbook integration

Enrichment commands

Automated response

Case management

Okta

Identity

Correlate email threats with identity signals from Okta for comprehensive user risk scoring.

Risk signal sharing

Session management

MFA challenge triggers

User lifecycle events

Beta

CrowdStrike

Identity

Combine endpoint telemetry with email threat data for full kill-chain visibility and response.

Endpoint correlation

Threat hunting

IOC sharing

Joint incident response

ServiceNow

Productivity

Automatically create and update security incidents in ServiceNow when threats are detected.

Auto ticket creation

SLA tracking

Incident updates

CMDB enrichment

Slack

Productivity

Send real-time threat alerts and security notifications to dedicated Slack channels.

Channel alerts

Interactive actions

Threat summaries

On-call routing

REST API

Productivity

Full programmatic access to PhishFortress data, configurations, and automation capabilities.

Full CRUD operations

Webhook support

Rate limiting

OAuth 2.0 authentication

Developer-First

Build custom integrations with our API

Full REST API access with OAuth 2.0 authentication, webhook support, and comprehensive documentation. Integrate PhishFortress into any workflow.

RESTful API with OpenAPI 3.0 specification

Webhook events for real-time notifications

Rate limiting with generous quotas

SDKs for Python, JavaScript, and Go

Read the docs

api-example.ts

import { PhishFortress } from '@phishfortress/sdk'

const client = new PhishFortress({
  apiKey: process.env.PF_API_KEY,
  tenantId: 'your-tenant-id'
})

// Get recent threats
const threats = await client.threats.list({
  severity: 'critical',
  status: 'active',
  limit: 25
})

// Subscribe to real-time events
client.webhooks.create({
  url: 'https://your-app.com/webhook',
  events: [
    'threat.detected',
    'threat.quarantined',
    'user.compromised'
  ]
})

Ready to connect PhishFortress?

Setup takes less than 10 minutes. No agents, no infrastructure changes.

Start Free Trial Read Case Studies