PhishER is a lightweight security orchestration, automation, and response (SOAR) platform from KnowBe4 that orchestrates threat response and manages a high volume of potentially malicious email messages reported by users.
Blumira’s integration with PhishER allows you to forward event data from PhishER directly to your Blumira sensor. You can centralize logs and leverage Blumira’s security insight to detect and respond to threats.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Installing a Blumira sensor with Ubuntu before you continue.
Obtain the IP address of your Blumira sensor to use when configuring the external service.
To gather the IP address of the sensor:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Forwarding to a Sensor
You can use the Syslog integration option to log when actions are triggered in your PhishER platform.
To integrate Blumira with KnowBe4 PhishER using Syslog:
- In the PhishER platform, verify that you have PhishRIP enabled or enable it before continuing to the next step.
- Navigate to PhishER > Settings > Integrations.
- Select Syslog.
- Click New Syslog in the top-right.
In the Add Syslog Settings window:
- In the Name box, type the name you want to assign your Syslog server, such as "PhishER-Blumira".
- In the Protocol menu, select TLS.
- In the Host box, type the IP address of your Syslog server.
Note: This is the External IP address that you are using to forward Syslog messages through to your sensor. We suggest placing a sensor in a secured DMZ for this log collection and limiting access to the sensor to only KnowBe4’s public address space
- In the Port box, type 6514 for the port number of your Syslog server.
- In the Format menu, select JSON as the output format.
You must also configure a certificate and key for your sensor and add the necessary details to your sensor logger module using the module’s edit button, and choosing Update Parameters.