Skip to main content

Integrations Overview

Defused TF supports multiple integration methods so you can route alerts, summaries, and telemetry into your existing communication or automation workflows.

Slack

You can configure Slack integrations to send notifications based on selected event criteria
(e.g., severity, decoy type, or specific payload indicators).

For TF Enterprise accounts, Slack can also deliver hourly anomaly summaries generated by the Anomaly Detection module.

Email

Email notifications can be triggered based on event filters or severity thresholds.
This allows alerts to be forwarded to security distribution lists or ticketing systems.

Webhooks

Webhooks can be configured to deliver event data to any HTTP endpoint.
You can define triggers based on event parameters and process incoming JSON in SIEMs, SOAR platforms, or custom automation pipelines.

API

Full API access is available for TF Enterprise and separate commercial Defused bundles.

  • Intel API (Shared Alerts) — Access the shared threat intelligence feed with filtering, search, and pagination. Available in limited quantity to Defused TF SMB and Enterprise tier users.
  • Alerts API (Your Alerts) — Access your proprietary honeypot alerts with advanced filtering by sensor, incident tag, trace ID, and more. Available for EX users.

Both APIs require an API key, which can be created in Settings.