In this article, you'll learn how to integrate Cloudflare Area 1 Email Security with SecurityCoach. Once the integration is complete, data provided by Cloudflare Area 1 Email Security will be available for use under the SecurityCoach tab of your KSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns. For more information about SecurityCoach, see our SecurityCoach Product Manual.

You can integrate Cloudflare Area 1 email security with SecurityCoach through a webhook or through REST API. We recommend integrating through a webhook since it is available for all license types and is highly secure.

Webhook Integration

To set up a webhook integration for SecurityCoach with Cloudflare Area 1 Email Security, see the sections below.

Creating Your Organization Key

Before setting up this integration in your Cloudflare Area 1 Email Security console, you'll need to first authorize the configuration and create an organization key in the SecurityCoach tab of your KSAT console.

1. Log in to your KSAT console.
2. Navigate to SecurityCoach > Setup > Security Vendor Integrations.
3. Locate the Cloudflare Area 1 Email Security tile and select Configure > Direct Integration.
4. Select Webhook from the drop-down menu.

   

5. Select Authorize.
6. In the Organization Key field, copy your organization key and save it somewhere that you can easily access.

   

You'll need this key to complete the setup process in the Setting Up the Integration in Cloudflare Area 1 Email Security section below.

Setting Up the Integration in Cloudflare Area 1 Email Security

Once you have created an organization key in your KSAT console, you can set up the integration in your Cloudflare Area 1 Email Security console. To set up the integration, follow the steps below:

1. Log in to your Cloudflare Area 1 Email Security console as an admin.
2. Click the settings icon in the top-right corner.

   

3. Select the Email Configuration tab.

   

4. Select Alert Webhooks and click + New Webhook.

   

5. From the App Type options, select SIEM. In the drop-down menu, select Other.

   

6. Enter your organization key in the Auth Code field.
7. Enter the URL for your KnowBe4 instance into the TARGET field. See the table below for your KnowBe4 instance’s URL:

   KnowBe4 Instance	URL
   United States	https://area1.vendor.training.knowbe4.com/v1
   European Union	https://area1.vendor.eu.knowbe4.com/v1
   Canada	https://area1.vendor.ca.knowbe4.com/v1
   United Kingdom	https://area1.vendor.uk.knowbe4.com/v1
   Germany	https://area1.vendor.da.knowbe4.com/v1

8. For the Malicious Style, Suspicious Style, Spoof Style fields, select Expanded from the drop-down menus.

   

9. Click + Publish Webhook.

Once published, the status color will change based on the webhook’s status.

Deleting the Integration from Cloudflare Area 1 Email Security

To delete this webhook integration, follow the steps below.

1. Log in to your Cloudflare Area 1 Email Security console with admin credentials.
2. Click the gear icon in the top-right corner of the page.

   

3. Select the Email Configuration tab.

   

4. Navigate to Domains & Routing > Alert Webhooks.

   

5. Locate the URL you want to remove. To find the URL for your KnowBe4 instance, see the table below:

   KnowBe4 Instance	URL
   United States	https://area1.vendor.training.knowbe4.com/v1
   European Union	https://area1.vendor.eu.knowbe4.com/v1
   Canada	https://area1.vendor.eu.knowbe4.com/v1
   United Kingdom	https://area1.vendor.ca.knowbe4.com/v1
   Germany	https://area1.vendor.da.knowbe4.com/v1

6. Navigate to the three dots icon, then select Delete. A confirmation pop-up window will appear.

   

7. If you are sure you want to delete the integration, select Delete to confirm.

API Integration

To learn how you can set up an API integration for SecurityCoach with Cloudflare Area 1 Email security, follow the sections below.

Creating Your Private Key and Public Key

Before you can set up this integration in your KSAT console, you'll need to create a private key and a public key.

To create a private key and a public key, follow the steps below:

1. Log in to your Cloudflare Area 1 Email Security console as an admin.
2. Click the gear icon in the top-right corner of the page.

   

3. Navigate to the Service Accounts tab.

   

4. Select + Add Service Account.
5. In the NAME field, enter a name for your new service account.
6. Select + Create Service Account. A pop-up window will open.
7. Copy and save the private key somewhere that you can easily access. You'll need this key to complete the setup process in the Setting Up the Integration in Your KSAT Console section below.

   

8. Click Dismiss to return to the Service Accounts page, where you can view your new public key.
9. Copy and save the PUBLIC KEY somewhere that you can easily access. You will need this key to complete the setup process in the Setting Up the Integration in Your KSAT Console section below.

   

Setting Up the Integration in Your KSAT Console

Once you have created a private key and public key in your Cloudflare Area 1 Email Security console, you can set up the integration in your KSAT console by following the steps below:

1. Log in to your KSAT console.
2. Navigate to SecurityCoach > Setup > Security Vendor Integrations.
3. Locate the Cloudflare Area 1 Email Security tile and click Configure > Direct Integration.
4. Select API from the drop-down menu.

   

5. Enter the Public Key and Private Key that you saved in the Creating Your Private Key and Public Key section of this article.
6. Click Authorize.

Map Your Users

After you’ve finished integrating Cloudflare Area 1 Email Security, map your users either through mapping rules (recommended) or through a CSV file upload. For more information about user mapping, see our Map Users in SecurityCoach article.

Once you’ve successfully authorized this integration, manage detection rules for Cloudflare Area 1 Email Security on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our System Detection Rules by Vendor article.