# Forcepoint ONE

Forcepoint ONE is a Security Service Edge (SSE) platform that protects users, data, and applications across web, cloud, and private application traffic through Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Secure Web Gateway (SWG) controls. Connecting Forcepoint ONE forwards cloud application access, file scan results, admin activity, and SWG web and DLP traffic logs to Radiant Security through the Forcepoint ONE Log API. Radiant uses this telemetry to enrich alerts with user, application, and policy context during triage.

### Prerequisites

* [ ] Admin access to Forcepoint ONE, with access to the Log API granted through an Admin Role under **IAM** > **Admin Roles**

{% hint style="info" %}
Forcepoint ONE issues one OAuth token per user. Create a dedicated `config API` admin and generate the token under that account so the integration does not break if a human admin is deactivated.
{% endhint %}

### Generate an OAuth token in Forcepoint ONE

{% stepper %}
{% step %}

#### **Create the API application**

Sign in to Forcepoint ONE and navigate to **Settings** > **API Interface** > **OAuth**. Click the **+** icon to open the **Edit Application** dialog.

<figure><img src="/files/qnqyHdbplc5AlEFO2efn" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

#### **Configure the application**

In the **Edit Application** dialog, enter the following values:

* **Name**: `Radiant-Security`
* **Permission**: select **Log API**
* **User/Group permissions**: keep the default **All**

Click **OK** to save. The application status displays as **Pending** until the token is generated.
{% endstep %}

{% step %}

#### **Generate and copy the access token**

Select the **Radiant-Security** application. Confirm you are signed in as the `config API` user (or your admin user) and open the **Token Authorization URL**. On the **Authorization** page, click **Accept** and copy the **Access Token**. Store the token securely. You will paste it into Radiant Security in the next section.
{% endstep %}
{% endstepper %}

### Add the data connector in Radiant Security

1. Sign in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select **Forcepoint ONE API**, then click **Data Feeds**.
4. Under **Select your data feeds**, select **Forcepoint ONE** and click **Credentials**.
5. Under **Credential Name**, enter a descriptive name (e.g., `Forcepoint ONE Credentials`).
6. Under **Required Credentials**, enter the **Token** value you copied from Forcepoint ONE.
7. Click **Add Connector** to save the configuration.

### Verify ingestion

After Forcepoint ONE begins forwarding, confirm alerts and events are reaching Radiant.

1. In Radiant, navigate to [Log Management](https://app.radiantsecurity.ai/logs).
2. Filter by `rs_connectorType:"forcepoint_one"`.
3. Confirm recent alerts and events appear.

{% hint style="info" %}
Allow several minutes for alerts and events to be parsed, indexed, and available for search.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/forcepoint/forcepoint-one.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.