Overview
PhishER is a lightweight security orchestration, automation, and response (SOAR) platform from KnowBe4 that orchestrates threat response and manages a high volume of potentially malicious email messages reported by users.
Blumira’s integration with PhishER allows you to forward event data from PhishER directly to your Blumira sensor. You can centralize logs and leverage Blumira’s security insight to detect and respond to threats.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Forwarding to a Sensor
You can use PhishER's Syslog integration option to log when actions are triggered in your PhishER platform.
To integrate Blumira with KnowBe4 PhishER using Syslog:
- In the PhishER platform, verify that you have PhishRIP enabled or enable it before continuing to the next step.
- Navigate to PhishER > Settings > Integrations.
- Select Syslog.
- Click New Syslog in the top-right.
-
In the Add Syslog Settings window:
- In the Name box, type the name you want to assign your Syslog server, such as "PhishER-Blumira."
- In the Protocol menu, select TLS.
- In the Host box, type the IP address of your Syslog server (i.e., the Blumira sensor).
- In the Port box, type 6514 for the port number of your Syslog server.
- In the Format menu, select JSON as the output format.
- In Blumira, navigate to Settings > Sensors > Sensor details > Logging Devices > Logger Module.
- Click Edit.
- In the Edit Module window, select Update Parameters from the dropdown list.
-
Configure a private key and certificate, then click Apply.