KnowBe4
When Area 1 detects a phishing email, the metadata of the detection can be sent directly to KnowBe4. For this tutorial, you will need a working KnowBe4 account with the SecurityCoach add-on. You will also need to create an organization key to use in Area 1. This organization key will let you integrate KnowBe4 with Area 1. Refer to KnowBe4 documentation for more information on this subject.
After creating your organization key and authorizing Area 1:
- Log in to the Area 1 dashboard.
- Go to Settings (the gear icon).
- Go to Email Configuration > Domains & Routing > Alert Webhooks.
- Select New Webhook.
- In App Type, select SIEM.
- Choose KnowBe4 from the dropdown, and paste your organization key into the Auth Code section.
- In Target, paste the URL that suits your organization. KnowBe4 has different URLs for different regions:
KnowBe4 instance URL United States https://area1.vendor.training.knowbe4.com/v1
European Union https://area1.vendor.eu.knowbe4.com/v1
Canada https://area1.vendor.ca.knowbe4.com/v1
United Kingdom https://area1.vendor.uk.knowbe4.com/v1
Germany https://area1.vendor.da.knowbe4.com/v1
- Select Expanded from the drop-down menu for Malicious Style, Suspicious Style, and Spoof Style.
- Select Publish Webhook.