Articles in this section

Integrate with Huntress (coming soon!)

Huntress EDR Integration Guide

The Huntress integration allows PhishingBox to pull in real-time device detections and incident alerts to dynamically adjust a user's human risk score. By linking Huntress endpoint activity to phishing readiness, you get a more complete view of risk posture across your organization.

  1. Generate an API Token in Huntress

  2. Enter Credentials in PhishingBox

  3. Test & Save


Purpose of the Integration

With this integration enabled:

  • Devices and security detections from Huntress are synced with PhishingBox.

  • If a device is mapped to a target (user) in PhishingBox:

    • Huntress detections (alerts, incidents, threats) automatically influence the target’s human risk score.

    • This enables automated, behavior-driven risk scoring beyond just simulated phishing and training results.


Step-by-Step Configuration

Follow these steps to enable and configure the integration:


Generate an API Token in Huntress

Follow the steps in the Authentication section of the Huntress API Overview

Make note of the following:

  • Organization ID

  • Public Key

  • Private Key

Note: You may need admin access in Huntress to generate API credentials.


Enter Credentials in PhishingBox

  1. In PhishingBox, go to Integrations > Huntress.

  2. Click the Setup button.

  3. In the Edit Configuration window, ensure the integration is toggled to Active.

  4. Enter the following:

Field Value
Organization ID From the Huntress portal
Public Key From the Huntress API Token
Private Key From the Huntress API Token

📸 Example Configuration Screen:

 


Test & Save

  • Click the Test button to verify the integration credentials.

  • If successful, the Last tested date will update.

  • Click Save to enable the integration.

Important: The Save button will remain disabled until a successful test.


Sync Behavior Summary

Feature Behavior
Device Sync Devices from Huntress are ingested into PhishingBox
Target Matching If a device is associated with a known user (target), it is linked
Detection Import Security events (e.g., malware, persistence, recon activity) are imported
Risk Score Impact New detections raise a user’s human risk score

How It Works with Risk Scores

Once integrated:

  • Each security incident tied to a target’s device adds to their risk profile.

  • Risk scores are automatically adjusted based on severity and recency of detections.

  • Combines with phishing performance and training completion to generate a comprehensive Human Risk Score.


Need Help?

If you're unsure how to:

  • Generate your Huntress API keys,

  • Map devices to targets,

  • Or interpret risk scoring outcomes,

Reach out to PhishingBox support or your customer success manager.

Back to top

Was this article helpful?
0 out of 0 found this helpful