Huntress EDR Integration Guide
The Huntress integration allows PhishingBox to pull in real-time device detections and incident alerts to dynamically adjust a user's human risk score. By linking Huntress endpoint activity to phishing readiness, you get a more complete view of risk posture across your organization.
Purpose of the Integration
With this integration enabled:
Devices and security detections from Huntress are synced with PhishingBox.
-
If a device is mapped to a target (user) in PhishingBox:
Huntress detections (alerts, incidents, threats) automatically influence the target’s human risk score.
This enables automated, behavior-driven risk scoring beyond just simulated phishing and training results.
Step-by-Step Configuration
Follow these steps to enable and configure the integration:
Generate an API Token in Huntress
Follow the steps in the Authentication section of the Huntress API Overview
Make note of the following:
Organization ID
Public Key
Private Key
Note: You may need admin access in Huntress to generate API credentials.
Enter Credentials in PhishingBox
In PhishingBox, go to Integrations > Huntress.
Click the Setup button.
In the Edit Configuration window, ensure the integration is toggled to Active.
Enter the following:
| Field | Value |
|---|---|
| Organization ID | From the Huntress portal |
| Public Key | From the Huntress API Token |
| Private Key | From the Huntress API Token |
📸 Example Configuration Screen:
Test & Save
Click the Test button to verify the integration credentials.
If successful, the Last tested date will update.
Click Save to enable the integration.
Important: The Save button will remain disabled until a successful test.
Sync Behavior Summary
| Feature | Behavior |
|---|---|
| Device Sync | Devices from Huntress are ingested into PhishingBox |
| Target Matching | If a device is associated with a known user (target), it is linked |
| Detection Import | Security events (e.g., malware, persistence, recon activity) are imported |
| Risk Score Impact | New detections raise a user’s human risk score |
How It Works with Risk Scores
Once integrated:
Each security incident tied to a target’s device adds to their risk profile.
Risk scores are automatically adjusted based on severity and recency of detections.
Combines with phishing performance and training completion to generate a comprehensive Human Risk Score.
Need Help?
If you're unsure how to:
Generate your Huntress API keys,
Map devices to targets,
Or interpret risk scoring outcomes,
Reach out to PhishingBox support or your customer success manager.