Ctrlk
ProductBook a demoOpen app
linkedinyoutube

Forcepoint ONE

Connect Forcepoint ONE to Radiant Security to forward web, DLP, cloud, and admin logs for AI triage.

Forcepoint ONE is a Security Service Edge (SSE) platform that protects users, data, and applications across web, cloud, and private application traffic through Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Secure Web Gateway (SWG) controls. Connecting Forcepoint ONE forwards cloud application access, file scan results, admin activity, and SWG web and DLP traffic logs to Radiant Security through the Forcepoint ONE Log API. Radiant uses this telemetry to enrich alerts with user, application, and policy context during triage.

Prerequisites

Forcepoint ONE issues one OAuth token per user. Create a dedicated config API admin and generate the token under that account so the integration does not break if a human admin is deactivated.

Generate an OAuth token in Forcepoint ONE

1

Create the API application

Sign in to Forcepoint ONE and navigate to Settings > API Interface > OAuth. Click the + icon to open the Edit Application dialog.

2

Configure the application

In the Edit Application dialog, enter the following values:

  • Name: Radiant-Security

  • Permission: select Log API

  • User/Group permissions: keep the default All

Click OK to save. The application status displays as Pending until the token is generated.

3

Generate and copy the access token

Select the Radiant-Security application. Confirm you are signed in as the config API user (or your admin user) and open the Token Authorization URL. On the Authorization page, click Accept and copy the Access Token. Store the token securely. You will paste it into Radiant Security in the next section.

Add the data connector in Radiant Security

  1. Sign in to Radiant Security.

  2. From the navigation menu, select Settings > Data Connectors and click + Add Connector.

  3. Search for and select Forcepoint ONE API, then click Data Feeds.

  4. Under Select your data feeds, select Forcepoint ONE and click Credentials.

  5. Under Credential Name, enter a descriptive name (e.g., Forcepoint ONE Credentials).

  6. Under Required Credentials, enter the Token value you copied from Forcepoint ONE.

  7. Click Add Connector to save the configuration.

Verify ingestion

After Forcepoint ONE begins forwarding, confirm alerts and events are reaching Radiant.

  1. In Radiant, navigate to Log Management.

  2. Filter by rs_connectorType:"forcepoint_one".

  3. Confirm recent alerts and events appear.

Allow several minutes for alerts and events to be parsed, indexed, and available for search.

PreviousForcepoint NGFWNextFortinet

Last updated

Was this helpful?