Articles in this section

Integrate with SentinelOne (coming soon!)

SentinelOne Integration Guide

The SentinelOne integration allows PhishingBox to enhance human risk scoring by ingesting security telemetry directly from endpoint devices. By pulling in threat detections from SentinelOne and associating them with users, you gain greater visibility into real-world risk across your organization.

  1. Get Your SentinelOne API Token & Management Host

  2. Enter Your Credentials in PhishingBox

  3. Test & Save


Purpose of the Integration

With the integration enabled:

  • Devices and detection data from SentinelOne are synced into PhishingBox.

  • If a device is linked to a user (target):

    • Threat events (e.g., malware, suspicious activity) will automatically impact the target’s human risk score.

  • The result is a more holistic, real-time view of individual security posture.


Step-by-Step Configuration

Follow the instructions below to enable the integration in just a few minutes.


Get Your SentinelOne API Token & Management Host

  1. Log in to your SentinelOne Console.

  2. Go to My user > Actions > API Token Operations.

  3. Generate or regenerate your API Token.

  4. Note your Management Host (e.g., yourtenant.sentinelone.net).

You may need admin or API access permissions to retrieve these credentials.


Enter Your Credentials in PhishingBox

  1. In PhishingBox, go to Integrations > SentinelOne.

  2. Click the Setup button.

  3. In the Edit Configuration window:

    • Toggle the integration to Active.

    • Paste your API Key.

    • Enter your Management Host.

 


Test & Save

  • Click Test to validate the integration.

  • Once the connection is confirmed, the Last tested date will update.

  • Click Save to finalize and activate the integration.

The Save button is only enabled after a successful test.


Sync Behavior Summary

Feature Description
Device Sync Imports SentinelOne-managed devices into PhishingBox
Target Matching Links devices to known users (targets) in PhishingBox
Detection Import Brings in risk events like malware, exploits, and suspicious activity
Risk Score Impact Automatically adjusts user risk scores based on threat severity

Risk Scoring Logic

SentinelOne’s risk detections enrich the PhishingBox Human Risk Score. Detections are evaluated for severity and recency and translated into score adjustments for the affected targets.

  • High-severity detections raise scores significantly.

  • Recurring alerts can indicate persistent risk and may elevate scores further.

  • Combines with phishing and training data for full visibility.


Need Help?

If you're unsure how to:

  • Retrieve your SentinelOne API key or host address,

  • Configure detection-to-user mappings,

  • Or interpret changes in human risk scores,

Please contact PhishingBox support or your assigned customer success manager.

Back to top

Was this article helpful?
0 out of 0 found this helpful