Back Arrow Back to All Integrations

KnowBe4 – PhishER

KnowBe4 – PhishER

Integrating KnowBe4 PhishER With Blumira

PhishER is a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage a high volume of potentially malicious email messages reported by users.


Blumira’s integration with PhishER allows you to retrieve event data from PhishER directly to your Blumira sensor. Now you can start centralizing logs and leveraging Blumira’s security insight to detect and respond to threats.


Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.


Free Trial

KnowBe4 – PhishER Log Collection

This document is for shipping PhishER syslogs to the Blumira sensor, and sending it to Blumira for further security monitoring and incident detection.

Forwarding to Sensor

This document talks through forwarding Syslog from PhishER to the Blumira Sensor: https://support.knowbe4.com/hc/en-us/articles/360013919314-PhishER-Settings#SYSLOG

PhishER supports third-party integration with Syslog. In order to use the integration feature, you must have PhishRIP enabled. Once you have PhishRIP enabled, navigate to PhishER > Settings > Integrations to configure integration settings for your PhishER platform. Here, you will see three sections: VirusTotal, Syslog, and the KMSAT Console. For integration with Blumira you will select Syslog.

The Syslog integration option can be used to log when actions are triggered in your PhishER platform. To add a Syslog setting, click on the New Syslog button in the top-right. This will open the Add Syslog Settings window.

  1. Name Custom name you would like to assign your Syslog server, such as PhishER-Blumira
  2. Protocol Select TLS from the drop-down
  3. Host Enter the host IP address of your Syslog server.
    1. This will be the External IP address that you are using to  forward syslog messages through to your sensor. We suggest placing a sensor in a secured DMZ for this log collection and limiting access to the sensor to only KnowBe4’s public address space
  4. Port Enter 6514 for the port number of your Syslog server.
  5. Format Select JSON as the output Format

You will also need to configure a certificate and key for your sensor and add the necessary details to your sensor logger module using the module’s edit button, and choosing Update Parameters.