SecurityCoach Quickstart Guide
In this guide, you’ll learn how to set up SecurityCoach in four easy steps. By following these steps, you can start detecting risky activity on your users’ devices and coach your users in real time. If you would like more detailed instructions, see our SecurityCoach Product Manual.
Important: If your organization uses user provisioning, make sure your organization is using the latest version to get the most out of SecurityCoach. For more information about user provisioning, see our Active Directory Integration (ADI) Configuration Guide or our SCIM Configuration Guide.
Step One: Set Up Security Vendor Integrations
First, we recommend that you set up your security vendor integrations. Once you set up these integrations, data provided by your security vendors will be available for use in SecurityCoach. You can view this data in reports and use it to create real-time coaching campaigns.
To set up your security vendor integrations, navigate to SecurityCoach > Setup > Security Vendor Integrations in your KMSAT console. Then, configure the integrations that you would like to use in your organization. For detailed instructions on setting up vendor integrations, see our Vendor Integration Guides.
Tip: We recommend that you set up your delivery method integrations at the same time as your security vendor integrations. To set up your delivery method integrations, navigate to SecurityCoach > Setup > Delivery Setup in your KMSAT console.
Step Two: Set Up User Mapping
Next, we recommend that you map your users. Mapping your users is essential to linking risky activity detected by your integrated vendors to your users.
To get started, navigate to SecurityCoach > Setup in your KMSAT console. Then, visit the User Mapping Setup page.
On the User Mapping Setup page, you can configure mapping rules and/or upload a user mapping CSV file, as needed.
You can also use the following users mapping recommendation options provided by SecurityCoach:
- User Mapping Recommendation System: This feature provides user mapping recommendations based on various identifiers that our AI machine detects. For example, you may receive mapping recommendations for user names or hostnames in your vendor logs that are not currently mapped. You can either accept or reject the recommended mappings.
- Discovered Users Report: This report provides recommendations of end users that may not be in your KMSAT console. For example, an email address may be found in one of your integrated vendor logs that does not exist in your KMSAT console.
- Automatic Device Discovery: This feature automatically maps users to devices using the data from your integrated vendors. You can review these mappings on the Mapped Users page.
Important: Do not enable Automatic Device Discovery if your users share devices. Otherwise, risky activity may be linked to the wrong user.
For more information about user mapping, see our Mapping Users in SecurityCoach article.
Step 3: Review Your Detection Rules
Then, you can review your detection rules. Detection rules identify what risky activity you’d like to track using the data provided by your integrated vendors. You can review your detection rules by navigating to SecurityCoach > Detection Rules in your KMSAT console.
On the Detection Rules page, you can review the system detection rules automatically enabled for your integrated vendors. You can disable any system detection rules that don’t meet your organization’s needs.
Note: Enabled detection rules do not send SecurityTips to your users. You must create a real-time coaching campaign to send coaching notifications.
You can also click + Create New Detection Rule to create a custom detection rule. Custom detection rules should only be used if you have set up a corresponding custom policy in a vendor’s platform. KnowBe4 support for custom detection rules is limited and does not include the creation of custom rules.
For more information about creating and managing detection rules, see our Creating and Managing Detection Rules article.
Step Four: Set Up Real-Time Coaching Campaigns
Finally, you can set up your real-time coaching campaigns. Real-time coaching campaigns can be used to send SecurityTips to users when risky activity is detected on their devices. SecurityTips can be sent through Slack, Microsoft Teams, or email.
Important: Before you begin this step, make sure you have configured Microsoft Teams or Slack to send SecurityTips. Email is configured by default. For more information, see the Microsoft Teams Integration Guide for SecurityCoach or Slack Integration Guide for SecurityCoach.
To get started, navigate to SecurityCoach > Real-Time Coaching in your KMSAT console.
On the Real-Time Coaching page, you can create recommended real-time coaching campaigns for your detection rules or create your own custom real-time coaching campaigns.
For more information about setting up real-time coaching campaigns, see our Creating and Managing Real-Time Coaching Campaigns article.