KnowBe4
- Jonas Gonzalez
KnowBe4 is the world’s largest integrated platform for security awareness training combined with simulated phishing attacks.
Connect KnowBe4 with Devo SOAR
Navigate to Automations > Integrations.
Search for KnowBe4.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
API Key: API key for KnowBe4. It should have all the necessary permissions.
Base URL: Base URL (Example 'https://us.api.knowbe4.com' or 'https://eu.api.knowbe4.com' without quotes).
After you've entered all the details, click Connect.
Actions for KnowBe4
List Users
Retrieves a list of all users in your KnowBe4 account.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Additional Params | Jinja-templated JSON containing params to be passed in request. Example: '{"status": "active","expand": "group"}'. Status can either be 'active' or 'archived'. | Optional |
Explode Results | Explode each result in a separate row. (Default is No) | Optional |
Output
JSON containing the following items:
``` {json}{ "has_error": false, "result":[{ "provisioning_managed": true, "aliases": [ "test@email.com" ], "custom_field_4": "", "organization": "", "first_name": "test", "custom_date_2": null, "phone_number": "", "location": null, "email": "test@email.com", "phish_prone_percentage": 100, "mobile_phone_number": "", "last_sign_in": "2020-08-13T09:21:16.000Z", "job_title": "", "custom_field_1": "", "manager_email": null, "groups": [], "current_risk_score": 38.9, "division": "Sales", "manager_name": null, "provisioning_guid": null, "department": "", "custom_field_2": "", "employee_start_date": null, "joined_on": "2018-05-10T06:13:24.000Z", "has_error": false, "id": 1474666, "language": "", "error": null, "last_name": "test", "status": "archived", "comment": "", "custom_field_3": "", "custom_date_1": null, "employee_number": "", "archived_at": "2020-11-10T13:09:40.000Z", "extension": "" }] }
## Get Specific User
Retrieves a specific user based on the provided user identifier.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :--------- | :----------------------------------------------------------------- | :------- |
| User Id | [Jinja-templated](doc:jinja-template) text containing the user ID. | Required |
### Output
JSON containing the following items:
``` {json}{
"has_error": false,
"result":{
"provisioning_managed": true,
"aliases": [
"test@email.com"
],
"custom_field_4": "",
"organization": "",
"first_name": "test",
"custom_date_2": null,
"phone_number": "",
"location": null,
"email": "test@email.com",
"phish_prone_percentage": 100,
"mobile_phone_number": "",
"last_sign_in": "2020-08-13T09:21:16.000Z",
"job_title": "",
"custom_field_1": "",
"manager_email": null,
"groups": [],
"current_risk_score": 38.9,
"division": "Sales",
"manager_name": null,
"provisioning_guid": null,
"department": "",
"custom_field_2": "",
"employee_start_date": null,
"joined_on": "2018-05-10T06:13:24.000Z",
"has_error": false,
"id": 1474666,
"language": "",
"error": null,
"last_name": "test",
"status": "archived",
"comment": "",
"custom_field_3": "",
"custom_date_1": null,
"employee_number": "",
"archived_at": "2020-11-10T13:09:40.000Z",
"extension": ""
}
}List Users In Group
Retrieves a list of all users who are members of a specific group.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Group Id | Jinja-templated text containing the group ID. | Required |
Explode Results | Explode each result in a separate row. (Default is No) | Optional |
Output
JSON containing the following items:
``` {json}{ "has_error": false, "result":[{ "provisioning_managed": true, "aliases": [ "test@email.com" ], "custom_field_4": "", "organization": "", "first_name": "test", "custom_date_2": null, "phone_number": "", "location": null, "email": "test@email.com", "phish_prone_percentage": 100, "mobile_phone_number": "", "last_sign_in": "2020-08-13T09:21:16.000Z", "job_title": "", "custom_field_1": "", "manager_email": null, "groups": [], "current_risk_score": 38.9, "division": "Sales", "manager_name": null, "provisioning_guid": null, "department": "", "custom_field_2": "", "employee_start_date": null, "joined_on": "2018-05-10T06:13:24.000Z", "has_error": false, "id": 1474666, "language": "", "error": null, "last_name": "test", "status": "archived", "comment": "", "custom_field_3": "", "custom_date_1": null, "employee_number": "", "archived_at": "2020-11-10T13:09:40.000Z", "extension": "" }] }
## Get Risk Score of User
Retrieves risk score history for a specific user based on the provided user identifier.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :-------------- | :------------------------------------------------------------------------------------------------------------------------------- | :------- |
| User Id | [Jinja-templated](doc:jinja-template) text containing the user ID. | Required |
| Full Risk Score | Include the entire risk score history of a specific user. If this parameter isn't used, six months of data will show by default. | Optional |
### Output
JSON containing the following items:
``` {json}{
"result": [
{
"risk_score": 43.5,
"date": "2024-01-14T00:00:00.000Z"
},
{
"risk_score": 44.7,
"date": "2024-01-20T00:00:00.000Z"
},
{
"risk_score": 40,
"date": "2024-01-21T00:00:00.000Z"
},
{
"risk_score": 42.2,
"date": "2024-01-28T00:00:00.000Z"
},
{
"risk_score": 43.3,
"date": "2024-01-29T00:00:00.000Z"
},
{
"risk_score": 41.9,
"date": "2024-01-31T00:00:00.000Z"
},
{
"risk_score": 45.2,
"date": "2024-02-04T00:00:00.000Z"
},
{
"risk_score": 43,
"date": "2024-02-11T00:00:00.000Z"
},
{
"risk_score": 46.2,
"date": "2024-02-18T00:00:00.000Z"
},
{
"risk_score": 44.8,
"date": "2024-02-19T00:00:00.000Z"
},
{
"risk_score": 40.4,
"date": "2024-02-25T00:00:00.000Z"
},
{
"risk_score": 42.9,
"date": "2024-03-01T00:00:00.000Z"
},
{
"risk_score": 48.3,
"date": "2024-03-03T00:00:00.000Z"
},
{
"risk_score": 50.3,
"date": "2024-03-06T00:00:00.000Z"
},
{
"risk_score": 45.5,
"date": "2024-03-10T00:00:00.000Z"
},
{
"risk_score": 44.3,
"date": "2024-03-17T00:00:00.000Z"
},
{
"risk_score": 42.2,
"date": "2024-03-22T00:00:00.000Z"
},
{
"risk_score": 45.1,
"date": "2024-03-24T00:00:00.000Z"
},
{
"risk_score": 45.2,
"date": "2024-03-29T00:00:00.000Z"
},
{
"risk_score": 47.3,
"date": "2024-04-05T00:00:00.000Z"
},
{
"risk_score": 50,
"date": "2024-04-06T00:00:00.000Z"
},
{
"risk_score": 48.7,
"date": "2024-04-07T00:00:00.000Z"
},
{
"risk_score": 50.4,
"date": "2024-04-14T00:00:00.000Z"
}
],
"error": null,
"has_error": false
}List Groups
Retrieves a list of all groups in your KnowBe4 account.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Additional Params | Jinja-templated JSON containing params to be passed in request. Example: '{"status": "active"}'. Status can either be 'active' or 'archived'. | Optional |
Explode Results | Explode each result in a separate row. (Default is No) | Optional |
Output
JSON containing the following items:
``` {json}[ { "name": "Sales", "group_type": "console_group", "member_count": 0, "current_risk_score": 0, "provisioning_guid": null, "has_error": false, "id": 61325, "error": null, "status": "archived" } ]
## Get Specific Group
Retrieves a specific group based on the provided group identifier.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :--------- | :------------------------------------------------------------------ | :------- |
| Group Id | [Jinja-templated](doc:jinja-template) text containing the group ID. | Required |
### Output
JSON containing the following items:
``` {json}{
"name": "Sales",
"group_type": "console_group",
"member_count": 0,
"current_risk_score": 0,
"provisioning_guid": null,
"has_error": false,
"id": 61325,
"error": null,
"status": "archived"
}Get Risk Score of Group
Retrieves risk score history for a specific group based on the provided group identifier.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Group Id | Jinja-templated text containing the group ID. | Required |
Full Risk Score | Include the entire risk score history of a specific group. If this parameter isn't used, six months of data will show by default. | Optional |
Output
JSON containing the following items:
{json}{
"result": [
{
"risk_score": 43.5,
"date": "2024-01-14T00:00:00.000Z"
},
{
"risk_score": 44.7,
"date": "2024-01-20T00:00:00.000Z"
},
{
"risk_score": 40,
"date": "2024-01-21T00:00:00.000Z"
},
{
"risk_score": 42.2,
"date": "2024-01-28T00:00:00.000Z"
},
{
"risk_score": 43.3,
"date": "2024-01-29T00:00:00.000Z"
},
{
"risk_score": 41.9,
"date": "2024-01-31T00:00:00.000Z"
},
{
"risk_score": 45.2,
"date": "2024-02-04T00:00:00.000Z"
},
{
"risk_score": 43,
"date": "2024-02-11T00:00:00.000Z"
},
{
"risk_score": 46.2,
"date": "2024-02-18T00:00:00.000Z"
},
{
"risk_score": 44.8,
"date": "2024-02-19T00:00:00.000Z"
},
{
"risk_score": 40.4,
"date": "2024-02-25T00:00:00.000Z"
},
{
"risk_score": 42.9,
"date": "2024-03-01T00:00:00.000Z"
},
{
"risk_score": 48.3,
"date": "2024-03-03T00:00:00.000Z"
},
{
"risk_score": 50.3,
"date": "2024-03-06T00:00:00.000Z"
},
{
"risk_score": 45.5,
"date": "2024-03-10T00:00:00.000Z"
},
{
"risk_score": 44.3,
"date": "2024-03-17T00:00:00.000Z"
},
{
"risk_score": 42.2,
"date": "2024-03-22T00:00:00.000Z"
},
{
"risk_score": 45.1,
"date": "2024-03-24T00:00:00.000Z"
},
{
"risk_score": 45.2,
"date": "2024-03-29T00:00:00.000Z"
},
{
"risk_score": 47.3,
"date": "2024-04-05T00:00:00.000Z"
},
{
"risk_score": 50,
"date": "2024-04-06T00:00:00.000Z"
},
{
"risk_score": 48.7,
"date": "2024-04-07T00:00:00.000Z"
},
{
"risk_score": 50.4,
"date": "2024-04-14T00:00:00.000Z"
}
],
"error": null,
"has_error": false
}
Release Notes
v1.0.1- Initial release with 7 actions:List Users,Get Specific User,List Users In Group,Get Risk Score of User,List Groups,Get Specific GroupandGet Risk Score of Groupactions.