Custom Events - Whalemate Docs

Custom Events

Allows injecting external security events into Whalemate associated with an employee. Each registered event directly impacts their Human Risk Score, just as if it had occurred within a platform simulation.

What is it for?

Registering real security incidents that occur outside Whalemate simulations (received phishing, compromised credentials, suspicious clicks, etc.).
Keeping the Human Risk Score up to date with what happens in the real world, not just in training exercises.
Centralizing each employee's security history in one place within the platform.
Integrating external tools (SIEM, EDR, detection systems) with Whalemate's risk data.

How to use it?

Events are registered through the Whalemate API. For each event you need to provide:

Title — short description of the incident
Employee email — must belong to your organization
Severity — low (computed as a click) or high (computed as credential compromise)
Description — optional, to add additional context

Once registered, the event immediately impacts the employee's Human Risk Score. The ability to view the event in the individual profile will be available soon. If this feature is a priority for your organization, you can request it at roadmap.whalemate.com/roadmap

The employee's email must belong to your organization. It is not possible to register events for employees from other companies.

Impact on Human Risk Score:

Severity	How it impacts
`low`	Processed as a simulation click
`high`	Processed as credential compromise

For the technical integration documentation (authentication, endpoint, code examples), see the Integration guide: Custom Events API.

❓ Frequently asked questions

When should I use low vs high severity?

Use low for low-impact incidents (clicking a suspicious link, opening a dubious email). Use high for critical incidents (compromised credentials, malware download, unauthorized access).

Do custom events affect the score the same way simulation events do?

Yes. The system processes them with the same logic: low equals a click and high equals a credential compromise.

Can I register events in bulk for multiple employees at once?

The current endpoint processes one event per call. Bulk registration will be available soon. If it's a priority for your organization, you can request it at roadmap.whalemate.com/roadmap

Do I need special permissions to use this feature?

Yes, you need a company API Key. You can generate one from Settings → General → API Keys → Active Keys.

Have feedback or want to request improvements? Let us know at roadmap.whalemate.com/roadmap