[Area 1] Expand webhooks tutorials to new supported products (cloudfl…

…are#10208) * 1st pass at webhooks * moved example to logscale page * finished logscale tut * removed extra space * created knowbe4 guide * added knowtobe text * finished tut * rewfined meta descript * rewrote steps index * refined 1st paragraph * changed pcxtype to integration guide * Apply suggestions from code review Co-authored-by: Rebecca Tamachiro <62246989+RebeccaTamachiro@users.noreply.github.com> --------- Co-authored-by: Rebecca Tamachiro <62246989+RebeccaTamachiro@users.noreply.github.com>
itsmatteomanf · Aug 4, 2023 · a603f8b · a603f8b
1 parent c40deec
commit a603f8b
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 12 deletions.
diff --git a/content/email-security/reporting/siem-integration/_index.md b/content/email-security/reporting/siem-integration/_index.md
@@ -23,13 +23,4 @@ For help setting up the proper configuration in your SIEM tool, refer to the fol
 
 ### 2. Create a webhook
 
-To [create a webhook](/email-security/email-configuration/domains-and-routing/alert-webhooks/) in Area 1 and send data into a SIEM tool:
-
-1. Log in to the [Area 1 dashboard](https://horizon.area1security.com/).
-2. Go to **Settings** (the gear icon).
-3. Go to **Email Configuration** > **Domains & Routing** > **Alert Webhooks**.
-4. Select **New Webhook**.
-5. For **App Type**, select **SIEM**.
-6. Choose **Splunk** or **Sumologic**.
-7. Enter the **Auth Code** and **Target**.
-8. Select **Publish Webhook**.
+Refer to [Alert webhooks](/email-security/email-configuration/domains-and-routing/alert-webhooks/) to learn how to create a webhook and send data into your SIEM tool.
diff --git a/content/email-security/reporting/siem-integration/knowbe4-integration-guide.md b/content/email-security/reporting/siem-integration/knowbe4-integration-guide.md
@@ -0,0 +1,29 @@
+---
+title: KnowBe4
+pcx_content_type: integration-guide
+meta:
+    description: KnowBe4 integration guide
+updated: 2023-08-04
+---
+# KnowBe4
+
+When Area 1 detects a phishing email, the metadata of the detection can be sent directly to KnowBe4. For this tutorial, you will need a working KnowBe4 account with the SecurityCoach add-on. You will also need to create an organization key to use in Area 1. This organization key will let you integrate KnowBe4 with Area 1. Refer to [KnowBe4 documentation](https://support.knowbe4.com/hc/articles/13129840202643) for more information on this subject.
+
+After creating your organization key and authorizing Area 1:
+
+1. Log in to the [Area 1 dashboard](https://horizon.area1security.com/).
+2. Go to **Settings** (the gear icon).
+3. Go to **Email Configuration** > **Domains & Routing** > **Alert Webhooks**.
+4. Select **New Webhook**.
+5. In **App Type**, select **SIEM**.
+6. Choose _KnowBe4_ from the dropdown, and paste your organization key into the **Auth Code** section.
+7. In **Target**, paste the URL that suits your organization. KnowBe4 has different URLs for different regions:
+    KnowBe4 instance | URL
+    ---              | ---
+    United States    | `https://area1.vendor.training.knowbe4.com/v1`
+    European Union   | `https://area1.vendor.eu.knowbe4.com/v1`
+    Canada           | `https://area1.vendor.ca.knowbe4.com/v1`
+    United Kingdom   | `https://area1.vendor.uk.knowbe4.com/v1`
+    Germany          | `https://area1.vendor.da.knowbe4.com/v1`
+8. Select _Expanded_ from the drop-down menu for **Malicious Style**, **Suspicious Style**, and **Spoof Style**.
+9. Select **Publish Webhook**.
diff --git a/content/email-security/reporting/siem-integration/logscale-integration-guide.md b/content/email-security/reporting/siem-integration/logscale-integration-guide.md
@@ -0,0 +1,21 @@
+---
+title: LogScale
+pcx_content_type: integration-guide
+meta:
+    description: Falcon LogScale integration guide
+updated: 2023-08-04
+---
+# Crowdstrike Falcon LogScale
+
+When Area 1 detects a phishing email, the metadata of the detection can be sent directly to Falcon LogScale. For this tutorial, you will need a working Falcon LogScale account. You will also need to create a new Ingest Token in your LogScale account. Ingest Tokens identify repositories and are used to configure data ingestion to your repository. Refer to [Falcon LogScale documentation](https://library.humio.com/falcon-logscale-cloud/ingesting-data-tokens.html) for more information.
+
+After creating your Ingest Token:
+
+1. Log in to the [Area 1 dashboard](https://horizon.area1security.com/).
+2. Go to **Settings** (the gear icon).
+3. Go to **Email Configuration** > **Domains & Routing** > **Alert Webhooks**.
+4. Select **New Webhook**.
+5. In **App Type**, select **SIEM**.
+6. Choose _Crowdstrike_ from the dropdown, and paste your Ingest Token into the **Auth Code** section.
+7. In **Target**, paste the URL `https://cloud.community.humio.com/api/v1/ingest/hec/raw`.
+8. Select **Publish Webhook**.
diff --git a/content/email-security/reporting/siem-integration/splunk-integration-guide.md b/content/email-security/reporting/siem-integration/splunk-integration-guide.md
@@ -1,6 +1,6 @@
 ---
 title: Splunk
-pcx_content_type: tutorial
+pcx_content_type: integration-guide
 meta:
     description: Splunk Cloud integration guide
 updated: 2023-01-26

diff --git a/content/email-security/reporting/siem-integration/sumo-logic-integration-guide.md b/content/email-security/reporting/siem-integration/sumo-logic-integration-guide.md
@@ -1,6 +1,6 @@
 ---
 title: Sumo Logic
-pcx_content_type: tutorial
+pcx_content_type: integration-guide
 meta:
     description: Sumo Logic integration guide
 updated: 2023-01-26