Merge branch 'add_knowbe4' of https://github.com/arnydo/CortexDocs

Author: jeromeleonard

analyzer_requirements.md

@@ -45,6 +45,7 @@ on is free or requires special access or valid subscription or product license.
     * [Hippocampe](#hippocampe)
     * [HybridAnalysis](#hybridanalysis)
     * [Hunterio_DomainSearch](#hunterio_domainSearch)
+    * [KnowBe4](#knowbe4)
     * [MaxMind](#maxmind)
     * [MISP](#misp)
     * [MISP Warninglists](#misp-warninglists)
@@ -361,6 +362,19 @@ You need to have or create a free Hunter.io [account](https://hunter.io/).
 
 Provide the [API key](https://hunter.io/api_keys) as a value for the `key` parameter.
 
+### KnowBe4
+This responder will allow the integration between TheHive/Cortex and KnowBe4's User Events API.
+If a "Mail" dataType is tagged with a specified tag, such as "phished" (or left blank), then the associated user will have a custom event added to their profile in KnowBe4.
+
+#### Requirements
+You must provide an API key as a value for the `api_key` parameter to access the User Events API. API documentation to retreive your key is located at [User Event API ](https://developer.knowbe4.com/events/#tag/Introduction).
+
+You must provide the appropriate `base_url` parameter dependent on your geographic location. More information available at [User Events API](https://developer.knowbe4.com/events/#tag/Base-URL).
+
+You must provide the appropriate `hive_url` parameter so that TheHive case can be referenced in the KnowBe4 Users' Timeline.
+
+You must provide the appropriate `event_type` parameter so that Cortex can create the correct type of event in the Users' timeline. [User Events API](https://developer.knowbe4.com/events/#tag/Event-Types).
+
 ### MaxMind
 Geolocate an IP Address via [MaxMind](https://www.maxmind.com/en/home)
 GeoLite2 **free** City and Country databases.