PhishER is a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage a high volume of potentially malicious email messages reported by users.
Blumira’s integration with PhishER allows you to retrieve event data from PhishER directly to your Blumira sensor. Now you can start centralizing logs and leveraging Blumira’s security insight to detect and respond to threats.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
This document is for shipping PhishER syslogs to the Blumira sensor, and sending it to Blumira for further security monitoring and incident detection.
This document talks through forwarding Syslog from PhishER to the Blumira Sensor: https://support.knowbe4.com/hc/en-us/articles/360013919314-PhishER-Settings#SYSLOG
PhishER supports third-party integration with Syslog. In order to use the integration feature, you must have PhishRIP enabled. Once you have PhishRIP enabled, navigate to PhishER > Settings > Integrations to configure integration settings for your PhishER platform. Here, you will see three sections: VirusTotal, Syslog, and the KMSAT Console. For integration with Blumira you will select Syslog.
The Syslog integration option can be used to log when actions are triggered in your PhishER platform. To add a Syslog setting, click on the New Syslog button in the top-right. This will open the Add Syslog Settings window.
You will also need to configure a certificate and key for your sensor and add the necessary details to your sensor logger module using the module’s edit button, and choosing Update Parameters.