Articles in this section

Integrate with Crowdstrike (coming soon!)

CrowdStrike Falcon Integration Guide

Integrating PhishingBox with CrowdStrike Falcon allows you to automatically incorporate endpoint detection and response (EDR) data into your Human Risk Score framework. CrowdStrike alerts tied to user devices are directly associated with their PhishingBox target profiles, providing greater visibility into individual cyber risk.

  1. Gather CrowdStrike API Credentials
  2. Configure the Integration in PhishingBox
  3. Test & Save

Purpose of the Integration

The CrowdStrike integration enables PhishingBox to:

  • Ingest devices and security alerts from CrowdStrike Falcon.
  • Associate alerts to users (targets) when the device is matched.
  • Adjust Human Risk Scores based on real-world detection activity.

This results in more comprehensive user risk profiles that consider both phishing behavior and endpoint threat intelligence.


Step-by-Step Configuration

Follow the steps below to connect your CrowdStrike account to PhishingBox.


Gather CrowdStrike API Credentials

  1. Log in to your CrowdStrike Falcon console.
  2. Navigate to Support > API Clients and Keys.
  3. Create or access an API client.
  4. Note the following credentials:
    • Client ID
    • Client Secret
    • Base URL (e.g., https://api.us-2.crowdstrike.com, based on your region)

Your API client should have appropriate scopes for event access, device management, and detections.


Configure the Integration in PhishingBox

  1. In PhishingBox, go to Integrations > CrowdStrike.
  2. Click the Setup button.
  3. In the configuration panel:
    • Set the toggle to Active.
    • Paste your Client ID, Client Secret, and Base URL.


Test & Save

  • Click the Test button to validate your credentials.
  • Once successful, the Last tested timestamp will update.
  • Click Save to complete the setup.

The Save button is only available after a successful connection test.


Sync Behavior Summary

Feature Description
Device Sync Retrieves devices managed by CrowdStrike Falcon
Target Matching Matches devices to users (targets) in PhishingBox
Detection Import Ingests detections like exploits, malware, or lateral movement attempts
Risk Score Impact Automatically updates user risk scores based on threat severity

Risk Scoring Logic

Once integrated, detection events from CrowdStrike contribute to the PhishingBox Human Risk Score:

  • High-priority detections have greater impact.
  • Frequent or unresolved issues further elevate risk.
  • Combined with phishing test and training data, this provides a full-spectrum view of user risk.

💬 Need Help?

Need help retrieving credentials or interpreting alerts?

  • Contact PhishingBox support or your assigned customer success manager.
  • Refer to the CrowdStrike API Documentation for advanced token setup and permissions.

Back to top

Was this article helpful?
0 out of 0 found this helpful