Integrations

Individual mailbox connection (Community / Professional)

Connect your personal M365 mailbox to browse and scan emails from the Phishivox scan page.

1. Navigate to Dashboard → Connected Mailboxes.
2. Click Connect next to Microsoft 365.
3. Sign in with your Microsoft account and accept the read-only permission request.
4. Return to Phishivox. Your mailbox folders will appear in the Scan page.

Organization-wide gateway (Enterprise)

Connect your entire M365 tenant for automatic scanning of all inbound email.

Prerequisites

• Microsoft 365 Global Administrator or Exchange Administrator role
• Phishivox Enterprise account with org admin role

Setup steps

1. Navigate to Gateway → Settings → Connect Microsoft 365.
2. You will be redirected to the Microsoft admin consent screen.
3. Review the requested application permissions:
   • Mail.ReadWrite — Read email content for scanning and modify body for URL rewriting
   • Mail.Send — Used only for URL-rewritten body updates (not for sending new emails)
4. Click Accept to grant admin consent for your organization.
5. Return to Phishivox. The connection status will show “Active.”

What happens after connection

• Phishivox creates a Microsoft Graph change notification subscription
• New inbound emails trigger automatic scanning within seconds
• URLs in emails are rewritten for time-of-click protection
• Phishing emails are moved to quarantine based on your policy

Disconnecting

To disconnect, go to Gateway → Settings and click Disconnect. This revokes the application permissions and removes all stored tokens. Scanning stops immediately.

Individual connection (Community / Professional)

1. Navigate to Dashboard → Connected Mailboxes.
2. Click Connect next to Gmail.
3. Sign in with your Google account and accept the gmail.readonly permission.
4. Return to Phishivox. Your Gmail folders will appear in the Scan page.

Organization-wide gateway (Enterprise)

Connect your Google Workspace domain for automatic scanning of all inbound email.

Prerequisites

• Google Workspace Super Admin role
• Phishivox Enterprise account with org admin role

Setup steps

1. Navigate to Gateway → Settings → Connect Google Workspace.
2. Follow the domain-wide delegation setup:
   • Grant the Phishivox service account access to Gmail API scopes
   • Configure Pub/Sub push notifications for inbox changes
3. Complete the OAuth admin consent flow in Phishivox.

Enterprise customers can push security events to their SIEM or SOAR platform via outbound webhooks.

Supported platforms

• Microsoft Sentinel
• Splunk
• IBM QRadar
• Any platform that accepts HTTP webhook payloads

Configuration

1. Navigate to Gateway → Settings → SIEM Integration.
2. Enter your webhook endpoint URL.
3. Select which event types to forward (email.scanned, email.quarantined, url.clicked, etc.).
4. Optionally configure a shared secret for payload signature verification.
5. Click Test Connection to send a test event.

Event payload

All events follow a consistent JSON structure:

{
  "event": "email.quarantined",
  "timestamp": "2026-04-10T14:30:00Z",
  "org_id": "org-uuid",
  "data": {
    "email_event_id": "event-uuid",
    "recipient": "user@company.com",
    "sender": "phisher@fake.xyz",
    "subject": "Verify your account",
    "verdict": "phishing",
    "score": 0.87,
    "action": "quarantined",
    "layer_scores": {
      "rules": 0.85,
      "url": 0.60,
      "headers": 0.35,
      "attachments": 0.0,
      "ml": 0.45,
      "ai": 0.92
    }
  }
}

Retry policy

Failed webhook deliveries are retried 3 times with exponential backoff (1s, 5s, 30s). After 3 failures, the event is logged as undelivered and visible in the Gateway Dashboard.

The Exchange connector will use EWS streaming notifications to monitor inbound email in real-time, with the same scanning pipeline and URL rewriting capabilities as the M365 and Google Workspace integrations.

Interested in early access? Contact admin@phishivox.com.