In this article, you will learn how to integrate Cloudflare Area 1 email security with SecurityCoach. Once the integration is complete, data provided by Cloudflare Area 1 email security will be available for use under the SecurityCoach tab of your KSAT console. This data can be viewed in SecurityCoach reports and used to create real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.
You can integrate Cloudflare Area 1 email security with SecurityCoach through a webhook or REST API. We recommend integrating with a webhook first as it is available for all license types and is highly secure. To learn more about integrating Cloudflare Area 1 email security with SecurityCoach, click the links below.
Webhook Integration
Follow the steps below to learn how you can set up a webhook integration for SecurityCoach with Cloudflare Area 1 email security.
Creating Your Organization Key
Before you can set up this integration in your Cloudflare Area 1 email security console, you will need to authorize the configuration and create an organization key in the SecurityCoach tab of your KSAT console.
- Log in to your KSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
- Locate the Cloudflare Area 1 Email Security tile and click Configure.
- Select Webhook from the drop-down menu.
- Click Authorize.
- In the Organization Key field, copy your organization key and save it somewhere that you can easily access.
You'll need this key to complete the setup process in the Set Up the Integration in Your Cloudflare Area 1 Email Security Console section below.
Set Up the Integration in Your Cloudflare Area 1 Email Security Console
Once you have created an organization key in your KSAT console, you can set up the integration in your Cloudflare Area 1 email security console. To set up the integration, follow the steps below:
- Login to your Cloudflare Area 1 email security console as an admin.
- Click the settings icon on the top-right corner.
- Select the Email Configuration tab.
- Select Alert Webhooks and click + New Webhook.
- From the App Type options, select SIEM. In the drop-down menu, select Other.
- Enter your organization key in the Auth Code field.
- Enter the URL for your KnowBe4 instance into the Target field. See the table below for your KnowBe4 instance’s URL:
KnowBe4 Instance URL United States https://area1.vendor.training.knowbe4.com/v1 European Union https://area1.vendor.eu.knowbe4.com/v1 Canada https://area1.vendor.ca.knowbe4.com/v1 United Kingdom https://area1.vendor.uk.knowbe4.com/v1 Germany https://area1.vendor.da.knowbe4.com/v1 - Select Expanded from the drop-down menus for Malicious Style, Suspicious Style, and Spoof Style.
- Click + Publish Webhook.
Once published, the status color will change based on the webhook’s status.
Delete the Integration in Your Cloudflare Area 1 Email Security Console
To delete this webhook integration, follow the steps below.
- Log in to your Cloudflare Area 1 email security console with admin credentials.
- Click the gear icon in the top-right corner of the page.
- Navigate to Domains & Routing > Alert Webhooks.
- Locate the URL you want to remove. To find the URL for your KnowBe4 instance, see the table below:
KnowBe4 Instance URL United States
https://area1.vendor.training.knowbe4.com/v1
European Union https://area1.vendor.eu.knowbe4.com/v1
Canada https://area1.vendor.ca.knowbe4.com/v1
United Kingdom https://area1.vendor.uk.knowbe4.com/v1
Germany https://area1.vendor.da.knowbe4.com/v1
- Navigate to the three dots icon, then click Delete.
- Confirm that you want to delete this integration.
API Integration
Follow the steps below to learn how you can set up an API integration for SecurityCoach with Cloudflare Area 1 email security.
Create Your Private Key and Public Key
Before you can set up this integration in your KSAT console, you will need to create a private key and public key.
To create a private key and public key, follow the steps below:
- Log in to your Cloudflare Area 1 email security console as an admin.
- Click the gear icon in the top-right corner of the page, and then navigate to the Service Accounts tab.
- Click + Add Service Account.
- In the NAME field, enter a name for your new service account.
- Click + Create Service Account.
- In the pop-up window that opens, copy and save the private key somewhere that you can easily access. You will need this key to complete the setup process in the Set Up the Integration in Your KSAT Console section below.
- Click Dismiss to return to the Service Accounts page, where you can view your new public key.
- Copy and save the PUBLIC KEY somewhere that you can easily access. You will need this key to complete the setup process in the Set Up the Integration in Your KSAT Console section below.
Set Up the Integration in Your KSAT Console
Once you have created a private key and public key in your Cloudflare Area 1 email security console, you can set up the integration in your KSAT console. To register Cloudflare Area 1 email security with SecurityCoach in your KSAT console, follow the steps below:
- Log in to your KSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
- Locate Cloudflare Area 1 Email Security and click Configure.
- Enter the Public Key and Private Key that you saved in the Create Your Private Key and Public Key section of this article.
- Click Authorize.
Map Your Users
After you’ve finished integrating Cloudflare Area 1 Email Security, you can map your users either through mapping rules (recommended) or through a CSV file upload. For more information about user mapping, see our Mapping Users in SecurityCoach article.
Once you’ve successfully authorized this integration, you can manage detection rules for Cloudflare Area 1 Email Security on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.