You can integrate Red Vector’s Fulcrum platform into your KSAT console. Fulcrum integrates cyber, human, and open-source intelligence to identify and mitigate insider threats proactively. Integrating Fulcrum with KSAT can help you identify possible workplace threats earlier by performing risk analysis. This integration also allows you to assign training campaigns to reduce workplace risks.

Connecting Fulcrum to Your KSAT Console

Before you set up Smart Groups in KSAT and create custom events in Fulcrum, you must create a User Event API key in KSAT’s Account Settings. Please see our User Event API documentation for more information.

Creating a Custom Event for KSAT

You must create a custom event in your Fulcrum platform to add users to a Smart Group. This event will be added to the Smart Group Criteria in KSAT. To create a custom event, please use our User Event API Documentation.

Setting Up Smart Groups in KSAT

You can set up Smart Groups in your KSAT console to assign users to groups automatically based on user events. Assigning users to Smart Groups allows you to assign training campaigns based on user events to specific users. Follow the steps below to create a Smart Group.

1. In your KSAT console, navigate to the Users tab.
2. Under Users, select Groups.
3. On the right side of the page, click + Create New Group.
4. Under Create New Group, give your Smart Group a name. You can customize the name of your Smart Group based on the workplace risk you wish to identify. In this example, the name is Workplace Violence.
5. Select the Make This a Smart Group check box.
6. Click Create Group.
7. Select the Smart Group Criteria drop-down menu from the Smart Group page and click Custom Event.
8. A Custom Event dialog menu should appear. Add the following configurations to the menu:  

   Condition	Must
   Event Type	event_type attribute from your created Custom Event, such as “Workplace Violence”
   Matcher	Greater Than
   Count	0
   Timeframe	Any

9. Click Save.

Setting Up KSAT Training Campaigns with Fulcrum

You can set up Fulcrum to perform user risk analysis, which will allow you to assign KSAT training campaigns to specific users. Follow the steps below to perform risk analysis and set up KSAT training campaigns with Fulcrum.

Set Up KnowBe4 as a Fulcrum Send Action

First, you will need to set up KnowBe4 as a Fulcrum Send Action. Follow the steps below to complete this task.

1. On Fulcrum’s app node, navigate to /rv/fulcrum/conf/fulcrum and open the file externalApps-config.json for editing. A sample entry is shown below:
2. Add another entry in this file that provides Fulcrum with an external application option called “Assign Training.” The example below uses “Workplace Violence,” per the Smart Group created in the previous section.
3. Save this file and then create the save directory on the app node to capture action messages: $ mkdir /rv/fulcrum/data/assign-training
4. Once this is completed, restart Fulcrum services on the app node.

Setting Up Workflows in Fulcrum

Red Vector will provide a pre-configured workflow to run in Nifi to forward the data to KnowBe4.

The FetchEmailAndEventType processor needs to map the target_user attribute to your email attribute, as an email is how KSAT identifies a user.

The InvokeKnowBe4EventsEndpoint processor must be configured with your region's appropriate KnowBe4 API endpoint and a bearer token.

Assigning KSAT Training Campaigns Using Fulcrum

Once you have set up KnowBe4 as a Fulcrum Send Action and configured the above processors, the workflow can be activated, and Fulcrum is ready to assign training campaigns in KSAT. You can identify possible workplace risks in Fulcrum by reviewing risky behavior across your organization. Follow the steps below to assign KSAT training campaigns using Fulcrum.

1. If you have identified a user of concern in your organization, you can navigate to the people details page to assess possible risky behavior. Here, you can view the user’s Risk Indicators.
2. On the people details page, click the three-line icon on the right side of the page. Then, click Send Actions.
3. Click the Send Actions button.
4. In the External Application drop-down menu, select Assign Training.
5. In the Action drop-down menu, select your previously created training type.
6. Click the Send button to assign training.