You can integrate your VMRay VMRay (link opens in new window) platform into your PhishER console. VMRay specializes in advanced malware sandboxing and threat analysis. VMRay allows you to analyze potential phishing emails and send the results back to PhishER via the Product API.

Before You Connect VMRay to PhishER

You will also need to create a Product API key to integrate VMRay with PhishER. For more information on how to create a Product API token, please visit the Creating a Product API Token section of our Product API Overview article.

Then, you'll need to save this token somewhere you can easily access.

Connect VMRay to Your PhishER Console

You can connect your VMRay platform to your PhishER console by following the steps below.

1. Log in to your VMRay platform.
2. Navigate to Console > Settings > Analysis > KNOWBE4 CONNECTOR.
3. Select the CREATE KNOWBE4 CONNECTOR button.

1. Enter the name of your connector, such as “KnowBe4 Phishing”.
2. Make sure the Enable check box is selected.
3. Enter your geographic region’s base URL in the KnowBe4 URL field.
4. Enter the Product API token from the previous steps into the KnowBe4 Service API Token field.
5. Enter a time interval in the Query Interval field. You can enter the time interval in minutes to determine the frequency of sending requests to the integrated KnowBe4 connector, fetching sample files, and processing them. We recommend using the default value of 10 minutes.
6. Enter a daily quota limit for the connector in the Enable Quota Limit field. For example, by setting the quota to 50 items, the daily integrated phishing connector's enrichments will not exceed this limit.
7. Select the Test Connection button.
8. After reviewing your settings, select Save. You should see a confirmation message showing your integration was successfully created.

Submit Your First Email to PhishER

Once the VMRay integration is configured, you can begin submitting suspicious emails to the PhishER console for automated processing and analysis. Follow the steps below to submit your first email to PhishER.

1. Access PhishER. For more information on how to access PhishER, please visit the Accessing PhishER section of our PhishER Product Manual.
2. Select the Settings icon in the lower-left corner of PhishER’s Dashboard.
3. Select Reporting Emails.
4. Follow the on-screen guidance to either use the existing reporting email address or create a new one.
5. Copy the generated reporting email address. This address is the one you will use to submit suspicious or user-reported messages.

1. Using your preferred email client, forward or send the message you want to analyze to the reporting email address. Allow a short time for KnowBe4 to ingest the message and for VMRay to complete the analysis.
2. Navigate to the Inbox in the PhishER console. Your submitted email, or the email attachment if included, will appear once processing is complete.

1. Under Tags, you will see a VMRay verdict label, such as VMRAY SUSPICIOUS, VMRAY MALICIOUS, or VMRAY CLEAN.
2. To view the Full VMRay report regarding the email, select the submitted email to open it, and then select the Discussion panel.

Access Submitted Emails to PhishER in VMRay

You can access emails submitted to PhishER in the VMRay platform by following the steps below.

1. From the left navigation menu, navigate to the Submissions dashboard.
2. Under the Interface Type drop-down menu, select Phishing Connector.

1. Navigate to Submissions or Analyses > Advanced Search. Select Category as Automation, Operator as ==, and Value as Phishing.

1. Again, use the left navigation menu to navigate to Submissions > Advanced Search. Select Category as Interface Name, Operator as ==, and enter the Value as “%KnowBe4 Phishing%”.