KnowBe4 Integration

0
1
0

OutThink supports integration with KnowBe4 user performance data and reporting activity from users taking part in simulations. OutThink utilizes the KnowBe4 official REST APIs.
The official KnowBe4 documentation can be found here.

REST APIs are only available for KnowBe4 Platinum and Diamond customers.

Requirements from OutThink clients:

  • You must be a Platinum or Diamond KnowBe4 customer.
  • You must provide OutThink with KnowBe4 authentication details, as follows:
    • Base URL
      Accounts on the US server (located at training.knowbe4.com) must use the Base URL of https://us.api.knowbe4.com while accounts on the EU server (located at eu.knowbe4.com) must use https://eu.api.knowbe4.com.
    • API keys.

OutThink handles the integration process on behalf of the customer. Once the integration is completed and tested, KnowBe4’s relevant data is ingested to the OutThink platform and accordingly influences the users security awareness training plan and risk score.

KnowBe4 Ingested Data

OutThink ingests data relevant to phishing simulation performance. The available data for each user is:

  • The list of simulations created in KnowBe4 and in which the user has performed.
  • Individual simulation performance data for the user:
    • Email delivered timestamp
    • Was the email opened by the user and when (timestamp)?
    • Was the link clicked by the user and when (timestamp)?
    • Was the attachment opened by the user and when (timestamp)?
    • Were any credentials placed by the user and when (timestamp)?
    • Location of the user
    • Browser & Operating System of the user
    • Did the user reply on the email and when (timestamp)?
    • Did the user report the email and when (timestamp)?

Data is ingested on a weekly basis and once processed will affect users overall performance on the platform in the following ways:

  • The user can be identified as a Repeat clicker or Defender. This triggers OutThink’s intelligent algorithms to automatically include or exclude the employee in relevant training.
  • Risk score enhancements – based on the simulation performance retreived from KnowBe4, the user’s risk score may increase or decrease accordingly.
  • Phishing resilience data will be summarized to department and organization level. Any identified patterns will be flagged to administrators. For example:
    • Low resilience on mobile devices
    • Low resilience on certain Operating Systems
    • Increased reply rates
    • Whether users report the email once they realized they have been phished.

Fields Ingested

  • email – email address of the employee. It is also used as an identifier to match KnowBe4 and OutThink user data.
  • opened_at – whether the employee has opened the email, and used for further analysis of behaviour on the OutThink platform.
  • clicked_at – Whether the employee has clicked on the hyperlink in the email. It contributes negatively to the individuals risk score on the OutThink platform.  Additionally, by knowing the exact click time, OutThink performs further analysis of the user’s behaviour.
  • replied_at – Whether the employee has replied to the email. It contributes negatively to the individuals risk score at OutThink.
  • attachment & macro_enabled_at – Whether the employee has opened and enabled the macro of the attachment. It contributes negatively to the individuals risk score at OutThink.
  • data_entered_at – Whether the employee has provided credentials. It contributes negatively to the individuals risk score at OutThink.
  • qr_code_scanned – Whether the employee has scanned the QR code. It contributes negatively to the individuals risk score at OutThink.
  • reported_at – Whether the user reported the email. It contributes positively to the individuals risk score at OutThink.

Was this helpful?

1 / 0