SpoofSentry Integrations
SpoofSentry connects to your existing operational stack. PSA/RMM for ticket automation, SIEM for security event correlation, DNS providers for policy changes and rollback, ChatOps for real-time alerts, and email platforms for guided setup. This page lists every supported integration and which plans include it.
PSA and RMM integrations: ConnectWise, Autotask, HaloPSALive
SpoofSentry integrates with PSA (Professional Services Automation) and RMM (Remote Monitoring and Management) tools used by MSPs and MSSPs. Supported platforms:
- ConnectWise Manage — Automatic ticket creation on domain posture changes, score drops, and new security findings. Uses Manage REST API v4.6. Supports ticket status polling, asset sync, and health checks.
- Autotask (Datto) — Same capabilities as ConnectWise. Uses Autotask REST API v1.0.
- HaloPSA — Ticket creation and status tracking. Uses OAuth2 client_credentials flow.
PSA integrations include circuit breaker protection (auto-disable on repeated failures) and credential audit logging. Plan requirement: Enterprise only.
SIEM integrations: Splunk, Microsoft Sentinel, Elastic, DatadogLive
SpoofSentry delivers security events to SIEM platforms for correlation with your broader security telemetry. Supported platforms:
- Splunk — Event delivery via HTTP Event Collector (HEC). Events formatted in CEF (Common Event Format) with severity mapping.
- Microsoft Sentinel — Direct event delivery with ECS (Elastic Common Schema) formatting.
- Elastic — Native event delivery with ECS formatting.
- Datadog — Event delivery with severity mapping and metadata tagging.
All SIEM integrations include test connection verification, health checks, and configurable event filtering. Plan requirement: Enforce and above.
DNS provider integrations: Cloudflare, AWS Route 53, Azure DNS, GoDaddy, Google Cloud DNSLive
SpoofSentry connects directly to DNS providers to preview, apply, verify, and rollback DNS changes for DMARC, SPF, DKIM, MTA-STS, and other records. Supported providers:
- Cloudflare — Full DNS management via Cloudflare API.
- AWS Route 53 — DNS record management via AWS SDK.
- Azure DNS — DNS management via Azure Resource Manager API.
- GoDaddy — DNS record management via GoDaddy API.
- Google Cloud DNS — DNS management via Google Cloud API.
All DNS integrations support: change preview (see what will change before applying), propagation verification (confirm changes have taken effect), and automatic rollback for supported record types (revert to previous state). Plan requirement: All paid plans (Protect and above).
ChatOps integrations: Slack, Microsoft Teams, webhookLive
SpoofSentry sends real-time notifications to chat platforms when posture changes occur. Supported platforms:
- Slack — Formatted notifications with severity indicators, domain details, and action links.
- Microsoft Teams — Adaptive card notifications with the same detail level as Slack.
- Generic webhook — HTTP POST to any endpoint. Useful for custom automation, PagerDuty, or SOC tooling.
Notifications include event deduplication (no repeated alerts for the same issue) and configurable alert thresholds. Plan requirement: Enforce and above.
Email platform integrations: Microsoft 365, Google WorkspaceGuided
SpoofSentry provides guided setup recommendations specific to your email platform:
- Microsoft 365 — Auto-detects M365 usage from DMARC reports. Provides specific SPF include values, DKIM signing configuration steps, and DMARC alignment recommendations for Exchange Online.
- Google Workspace — Auto-detects Google Workspace from DMARC reports. Provides specific SPF include values, DKIM key generation instructions via Admin Console, and alignment guidance.
Email platform detection is a built-in capability on all plans that receive DMARC aggregate reports — it is not a separately configurable integration.
ServiceNow ITSMLive
SpoofSentry integrates with ServiceNow ITSM for risk mapping and ticket creation. Domain posture changes and security findings can automatically create incidents in ServiceNow, keeping your IT service management workflows in sync with email security events.
GRC integrations: OneTrust, Archer, ServiceNow GRCLive
SpoofSentry exports compliance evidence and risk data to GRC platforms including OneTrust, Archer, and ServiceNow GRC. Evidence bundles and framework mappings flow directly into your governance workflows via API.
Cloud Storage: S3, GCS, Azure Blob, SharePointLive
SpoofSentry can export reports, evidence bundles, and DMARC data to cloud storage providers including Amazon S3, Google Cloud Storage, Azure Blob Storage, and SharePoint. Scheduled exports keep your document repositories up to date automatically.
JiraComing Soon
Jira integration for creating and tracking remediation tasks from SpoofSentry findings is on the roadmap. Stay tuned for availability announcements.
Webhook and API access
SpoofSentry provides a REST API for programmatic access to domain scores, DMARC data, enforcement status, simulation results, and tenant management. API documentation is available at /api-docs. Webhook notifications deliver structured JSON payloads for real-time event processing. API and webhook access is available on Enforce and Enterprise plans.
Integration matrix
This table summarizes every named integration, its authentication method, supported actions, maturity status, and plan requirement.
| Integration | Auth Method | Supported Actions | Status | Min Plan |
|---|---|---|---|---|
| ConnectWise Manage | API key + company ID | Ticket create, status poll, asset sync, health check | GA | Enterprise |
| Autotask (Datto) | API key | Ticket create, status poll, asset sync, health check | GA | Enterprise |
| HaloPSA | OAuth2 client_credentials | Ticket create, status tracking | GA | Enterprise |
| Splunk | HEC token | Event delivery (CEF), severity mapping | GA | Enforce |
| Microsoft Sentinel | API key / OAuth2 | Event delivery (ECS), severity mapping | GA | Enforce |
| Elastic | API key | Event delivery (ECS), severity mapping | GA | Enforce |
| Datadog | API key | Event delivery, metadata tagging | GA | Enforce |
| Cloudflare | API token (scoped) | Record CRUD, preview, verify, rollback | GA | Protect |
| AWS Route 53 | IAM access key | Record CRUD, preview, verify, rollback | GA | Protect |
| Azure DNS | Service principal (OAuth2) | Record CRUD, preview, verify, rollback | GA | Protect |
| GoDaddy | API key + secret | Record CRUD, preview, verify, rollback | GA | Protect |
| Google Cloud DNS | Service account (OAuth2) | Record CRUD, preview, verify, rollback | GA | Protect |
| Slack | OAuth2 (bot token) | Alert notifications, severity indicators, action links | GA | Enforce |
| Microsoft Teams | Incoming webhook | Adaptive card notifications | GA | Enforce |
| Generic Webhook | Shared secret (HMAC) | HTTP POST JSON payloads | GA | Enforce |
| Microsoft 365 | Auto-detect from reports | Guided SPF/DKIM/DMARC setup recommendations | GA | All |
| Google Workspace | Auto-detect from reports | Guided SPF/DKIM/DMARC setup recommendations | GA | All |
| ServiceNow ITSM | OAuth2 | Incident create, risk mapping | GA | Enterprise |
| OneTrust | API key | Evidence export, risk data sync | GA | Enterprise |
| Archer | API key | Evidence export, risk data sync | GA | Enterprise |
| ServiceNow GRC | OAuth2 | Evidence export, framework mapping | GA | Enterprise |
| Amazon S3 | IAM access key | Scheduled report/evidence export | GA | Enforce |
| Google Cloud Storage | Service account | Scheduled report/evidence export | GA | Enforce |
| Azure Blob Storage | SAS token / service principal | Scheduled report/evidence export | GA | Enforce |
| SharePoint | OAuth2 (app registration) | Scheduled report/evidence export | GA | Enforce |
| Jira | OAuth2 / API token | Remediation task create, tracking | Planned | — |
Integration availability by plan
- Monitor (free): Email platform auto-detection only. No operational integrations.
- Protect ($24/month): DNS provider integrations (Cloudflare, Route 53, Azure DNS, GoDaddy, Google Cloud DNS).
- Enforce ($65/month): Everything in Protect, plus SIEM integrations (Splunk, Sentinel, Elastic, Datadog), ChatOps (Slack, Teams, webhook), cloud storage export, full API access, and webhook notifications.
- Enterprise (custom): Everything in Enforce, plus PSA/RMM integrations (ConnectWise, Autotask, HaloPSA), GRC platforms (OneTrust, Archer, ServiceNow), MSSP white-label portal, Enterprise SSO (OIDC / SAML), and dedicated onboarding.
See pricing for full plan comparison.
Frequently asked questions
Which integrations are included in the free plan?
The free Monitor plan does not include any integrations. DNS provider integrations start on the Protect plan. SIEM, ChatOps, API, and webhook integrations start on the Enforce plan. PSA/RMM integrations require Enterprise.
Can I use SpoofSentry with ConnectWise?
Yes. SpoofSentry integrates with ConnectWise Manage for automatic ticket creation on domain posture changes. This integration is available on Enterprise plans and uses the Manage REST API v4.6.
Does SpoofSentry send events to Splunk?
Yes. SpoofSentry delivers security events to Splunk via HTTP Event Collector (HEC) with CEF formatting and severity mapping. Available on Enforce and Enterprise plans.
Can I use SpoofSentry without any integrations?
Yes. All core capabilities (DMARC monitoring, domain scoring, enforcement simulation, compliance reporting) work without integrations. Integrations add operational automation but are not required.
Does SpoofSentry support ServiceNow?
ServiceNow ITSM integration (Live) is available for risk mapping and ticket creation. Contact sales for details on availability and plan requirements.
Can I build custom integrations with the API?
Yes. The REST API provides full access to domain data, scores, DMARC reports, enforcement status, and tenant management. API access is available on Enforce and Enterprise plans.
Connect SpoofSentry to your stack
See which integrations are available on your plan, or start a free trial to explore.