⚠️ KnowBe4 Defend
⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | knowbe41678478380097 |
| Support Tier | Partner |
| Support Link | https://support.knowbe4.com |
| Categories | domains |
| Version | 3.0.0 |
| Author | KnowBe4 - support@knowbe4.com |
| First Published | 2025-02-05 |
| Solution Folder | KnowBe4 Defend |
KnowBe4 Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner.
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 2 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
EgressDefend_CL 🔶 |
KnowBe4 Defend | Analytics, Workbooks |
KnowBe4Defend_CL 🔶 |
KnowBe4 Defend | Analytics, Hunting, Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 5 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 2 |
| Hunting Queries | 1 |
| Workbooks | 1 |
| Parsers | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| KnowBe4 Defend - Dangerous Attachment Detected | Medium | Execution, InitialAccess, Persistence, PrivilegeEscalation | EgressDefend_CLKnowBe4Defend_CL |
| KnowBe4 Defend - Dangerous Link Click | Medium | Execution | EgressDefend_CLKnowBe4Defend_CL |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Dangerous emails with links clicked | Collection | KnowBe4Defend_CL |
Workbooks
| Name | Tables Used |
|---|---|
| KnowBe4DefendMetrics | EgressDefend_CLKnowBe4Defend_CL |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| DefendAuditData | - | KnowBe4Defend_CL (read) |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 05-02-2026 | Initial Solution Release. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊