Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method | |
|---|---|---|---|---|---|---|---|---|
Knowbe4 Phisher Logs | ✅ | ✅ | ✅ | knowbe4_phisher_logs | NDJSON | WE |
Overview
Check Point Harmony Email & Collaboration (formerly Avanan) is an API-based
email and collaboration security platform that connects directly to Microsoft 365, Google Workspace, and tools like Teams, OneDrive, and SharePoint to stop phishing, BEC, malware, and data loss before messages reach inboxes or files are shared. It analyzes content, links, and behavior using Check Point ThreatCloud intelligence and ML to detect zero-day threats, account takeover, graymail, and shadow IT. Deployment is lightweight (no MX change), policy-driven, and covers inbound, outbound, and internal email plus collaboration flows.
Supported data types
Knowbe4 phisher logs
Table name: knowbe4_phisher_logs
KnowBe4 Phisher Logs capture user-reported suspicious emails (via the Phish Alert Button), recording metadata like sender, subject, headers, and timestamps.
They let security teams triage real threats vs. training, feed SIEMs for correlation, and improve user risk scoring and incident response.
Useful for auditing, campaign analysis, and reducing time-to-remediate phishing incidents.
Learn more here.
Send data to Hunters
Hunters supports the ingestion of Knowbe4 logs via Webhook.
To connect Knowbe4 logs:
1. Log in to your PhishER platform.
2. Navigate to Settings > Webhook.
3. Click the New Webhook button in the top-right corner of the page to open the Add Webhook Settings pop-up window.
4. In the Add Webhook Settings pop-up window that opens, configure your webhook settings. To learn more about these settings, see the screenshot and list below:
Name: In this field, enter a custom name for your webhook.
URL: In this field, enter the URL that you are trying to callback to. For a list of URL rewriters and shorteners that are compatible with PhishER, see our PhishER FAQ article.
Authorization: From the drop-down menu, select one of the following protocols: No Auth, API Key, Bearer Token, or Basic Auth.
Available Data: Select one or more types of data that you would like to send to the webhook.
Note:The Addresses data type sends all email addresses in the webhook payload, including the email addresses in the From, To, CC, Reply To, and Reported By fields.
Custom Data: To add custom data to your webhook’s payload, click the plus sign icon. Then, fill out the key and value fields. For example, if your application requires "{ "System" : "PhishER" }" in the payload to receive data, you could enter "System" and "PhishER".
Custom Headers: If you would like to add a custom header, click the plus sign icon. Then, fill out the key and value fields. For example, if your firewall requires the "{ "Header" : "PhishER" }” header to allow data to pass through, you could enter "Header" and "PhishER".
Message Tags: In this section, you can select the Success or Failure check boxes if you would like PhishER to assign a tag when the webhook is used to send data. Then, enter a tag name in the field next to the selected check box.
Click Create.
Expected format
Logs are expected in JSON format.
{ "receivedAt":"2019-05-20T17:39:43.351851Z", "reportedAt":"2019-05-20T17:39:39Z", "sender":"sender@example.com", "reporter":"reporter@example.com", "subject":"JSON Syslog Example", "priority":"medium", "category":"spam", "status":"received", "action":"Action 1", "tags":"TagSet" "permalink":"[[Unique URL]]" }```