In this article, you will learn how to integrate Cisco Secure Email, formerly Cisco Email Security Appliance (ESA), with SecurityCoach. Once you set up this integration, data provided by the Cisco Secure Email will be available under the SecurityCoach tab of your KSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.

Create Your Cisco Secure Email User

Before you can set up this integration in your KSAT console, you will need to create a Cisco integration user role. Then, you will need to create a user with this role.

To jump to the article subsection for each of these steps, click the links below:

• Create a Cisco Secure Email Integration User Role
• Create a Cisco Secure Email User

Create a Cisco Secure Integration User Role

First, you will need to create an integration user role in your Cisco account. To create your integration user role, follow the steps below:

1. Log in to your Cisco administrator account.
2. Navigate to System Administration > User Roles.
3. Click Add Email User Role….
4. Fill out the fields on the Add Email User Role page. For more information about these fields, see below:
   1. Name: Enter “integration_role”.
   2. Email Reporting: Select the Access to data by Reporting Group option, then select All Reports from the drop-down menu.
   3. Message Tracking: Select the View Message Tracking option.
   4. Quarantines: Select the View Only Access option.
   5. Log Subscriptions: Select the Log Subscription Access option.
5. Click Submit. Your new user role will display in the User Roles table.
6. Click Commit Changes at the top-right corner of the page.
7. (Optional) Enter a comment about the changes in the Comment (optional) field.
8. Click Commit Changes at the bottom-right corner of the pop-up window to create your new user role.

Create a Cisco Secure Email User

After you have created an integration role, you can create a user with this role in your Cisco account. You will need the user’s credentials that you create in this section to complete the integration setup in your KSAT console.

To create your Cisco Secure Email user, follow the steps below:

1. Log in to your Cisco administrator account.
2. Navigate to System Administration > Users.
3. On the Users page, click Add User….
4. Fill out the fields on the Add Local User page. For more information about these fields, see below:
   1. User Name: Enter a username for the user. This username can only include lowercase letters, numbers, and dashes. In the example above, the User Name is kb4-integration.
      Note:Make sure to remember this username. You will need it to complete the integration setup in the Set Up the Integration in Your KSAT Console section of this article.
   2. Full Name: Enter a name for the user. In the example above, the Full Nameis KnowBe4 Security Coach.
   3. User Role: Select the Custom Roles option and then select integration_role from the list.
   4. Confirm your Passphrase to make changes: Enter the password for the Cisco administrator account you are currently using.
   5. Passphrase: Select either Generate a passphrase or Enter a passphrase of your choice. This will be the passphrase for the user’s account.
      • If you select Generate a passphrase, click Generate to generate a passphrase.
      • If you select Enter a passphrase of your choice, create your own passphrase and enter it in the Passphrase and Retype Passphrase fields.
      Note:Make sure to remember this passphrase. You will need it to complete the integration setup in the Set Up the Integration in Your KSAT Console section of this article.
   
5. Click Submit. Your new user will display in the Users table.
6. Click Commit Changes at the top-right corner of the page.
7. (Optional) Enter a comment about the changes in the Comment (optional) field.
8. Click Commit Changes at the bottom-right corner of the pop-up window to create your new user.

Locate the API Domain

Before you set up the integration in your KSAT console, you will also need to locate your API domain. This domain is displayed in the URL of your Cisco Secure Email account.

For example, in the image below, the API domain is “dh5802-sma1.iphmx.com”.

You will need this API domain to complete the setup process in the Set Up the Integration in Your KSAT Console section below.

Set Up the Integration in Your KSAT Console

Once you have created a user with an integration role in your Cisco account and located your API domain, you can set up the integration in your KSAT console.

To set up the integration in your KSAT console, follow the steps below:

1. Log in to your KSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
2. Locate Cisco Secure Email and click Configure.
3. In the Username field, enter the username you created in step 4 of the Create Your Cisco Secure Email User section above.
4. In the Password field, enter the passphrase you generated or created in step 4 of the Create Your Cisco Secure Email User section above.
5. In the API Domain field, enter your API domain.
6. Click Authorize.

Map Your Users

After you’ve finished integrating Cisco Secure Email, you can map your users either through mapping rules (recommended) or through a CSV file upload. For more information about user mapping, see our Mapping Users in SecurityCoach article.

Once you’ve successfully authorized this integration, you can manage detection rules for Cisco Secure Email on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.