Integrations

Connects to the tools your team already uses

API-native integrations with your email platform, alerting stack, SIEM, and identity provider. No MX record changes. No email forwarding rules. Read-only access to inbound mail.

Email Platforms

Microsoft 365 and Google Workspace

Microsoft 365

Email Platform

Connects via Microsoft Graph API with Mail.Read delegated scope. No MX record changes. No mail forwarding.

Setup: under 5 minutes

Google Workspace

Email Platform

Connects via Gmail API with gmail.readonly scope. OAuth authorization flow via Google admin console.

Setup: under 5 minutes
Alerting & Collaboration

Real-time alerts where your team works

Slack

Alerting

Threat alerts and weekly digest reports delivered to a designated Slack channel. Configurable alert threshold.

Setup: under 2 minutes

Microsoft Teams

Alerting

Webhook-based alerts to a Teams channel. Phishing threat notifications with direct triage queue link.

Setup: under 2 minutes

PagerDuty

On-call escalation

Route high-severity threats to PagerDuty for on-call escalation. Configurable severity threshold for page triggers.

Setup: under 5 minutes
SIEM

Event forwarding to your security information system

Splunk

SIEM

Events forwarded as structured JSON logs via HEC (HTTP Event Collector). Includes threat type, confidence score, sender metadata, and detection evidence fields. Compatible with Splunk ES.

Growth and Enterprise plans

Elastic SIEM

SIEM

Events forwarded to Elastic via Filebeat-compatible JSON over syslog or direct API. Schema documented for custom detection rule development in Kibana.

Growth and Enterprise plans
Identity & SSO

Single sign-on for your analyst team

Okta

Identity / SSO

SAML 2.0 and OIDC SSO for Phishaver dashboard access. Manage analyst access through your existing Okta policies.

Enterprise plan only

Azure AD / Entra ID

Identity / SSO

SAML 2.0 SSO via Azure AD enterprise applications. Works with conditional access policies and MFA requirements.

Enterprise plan only

REST API & Webhooks

Build custom integrations using Phishaver's REST API or webhook event stream.

REST API

Full REST API for querying threat events, managing mailbox connections, and configuring alert rules. JSON responses, bearer token authentication.

GET /v1/events?since=2026-01-01&type=bec&min_score=70

Documentation available to Growth and Enterprise customers via the Phishaver dashboard.

Webhooks

Real-time event push to your configured endpoint for every threat detection above your threshold. Signed payloads with HMAC-SHA256 for verification.

POST https://your-endpoint.com/phishaver-events

Configurable event filters: threat type, confidence threshold, mailbox scope.

Connect today

Up and running in under 5 minutes.

OAuth connection to M365 or Google Workspace. No professional services engagement. No MX changes.

Get protected Talk to our team