Skip to main content

KnowBe4 KMSAT Event Collector

This Integration is part of the KnowBe4 KMSAT Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Allows you to push and pull your external data to and from the KnowBe4 console.

Configure KnowBe4 KMSAT Event Collector on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for KnowBe4KMSATEventCollector.

  3. Click Add instance to create and configure a new integration instance.

    Your server URLTrue
    API KeyThe API Key to use for connection. For more information about how to generate an API Key, refer to
    First fetch time intervalThe time range to consider for the initial data fetch. (<number> <unit>, e.g., 2 days, 2 months, 2 years). Default is 1 day.False
    Events Fetch IntervalThe Fetch interval. It is recommended to set it to 5 hours as there are not many events for this API and there's an api-calls daily-limit for the basic API key.False
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Important Notes The basic API-Key has a daily limit of calls per seat. Therefore, the default and recommended Events Fetch Interval value is 5 hours and First fetch time interval is 1 day.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Manual command to fetch events and display them.

Base Command#



Argument NameDescriptionRequired
occurred_dateFilter by the date the event occurred (YYYY-MM-DD).Optional
risk_levelFilter by the risk level by entering a value from -10 (low risk) to 10 (high risk).Optional
per_pageThe number of results to display per page. The maximum and default is 100.Optional
pageThe results page to display.Optional
should_push_eventsSet this argument to True in order to create events, otherwise the command will only display them. If setting to 'False', the returned events will be lost. Possible values are: True, False. Default is False.Required

Context Output#

KMSat.Event.idNumberEvent ID.
KMSat.Event.user.emailStringThe target mail for this event.
KMSat.Event.user.idNumberThe ID of the user the event is targeted to.
KMSat.Event.user.archivedBooleanWhether the user is archived or not.
KMSat.Event.external_idStringThe event's external ID.
KMSat.Event.sourceStringThe source of the event.
KMSat.Event.descriptionStringThe event description.
KMSat.Event.occurred_dateStringThe date the event occurred.
KMSat.Event.risk.levelNumberThe event's risk level.
KMSat.Event.risk.factorNumberThe event's risk factor.
KMSat.Event.risk.decay_modeStringThe risk's decay mode.
KMSat.Event.risk.expire_dateStringThe event's expiration date.
KMSat.Event.event_type.idNumberThe ID of the event type.
KMSat.Event.event_type.nameStringThe name of the event type.

Command example#

!kms-get-events should_push_events=false

Context Example#

"KMSat": {
"Event": [
"account_id": 52306,
"description": "My description",
"event_type": {
"description": null,
"id": 418927900,
"name": "my_custom_event"
"external_id": null,
"id": "2b265035-1a12-4e76-bcb1-6c681b86333e",
"metadata": null,
"occurred_date": "2022-08-04T14:14:50.917Z",
"risk": {
"decay_mode": 0,
"expire_date": null,
"level": 5
"source": null,
"user": {
"archived": false,
"email": "",
"id": 38651943

Human Readable Output#

KnowBe4 KMSAT Logs#

52306My description lkjhy khl lgfid: 420899085
name: event_type_55
description: null
786a515c-1cbd-4a8c-a94a-61ad877c893c2022-08-09T10:05:13.890Zlevel: 5
decay_mode: 0
expire_date: null
id: 38651943
archived: false
52306My description lkjhy khl lgfid: 420894024
name: event_type_2
description: null
c3081dfc-1bf9-4c56-b6ff-f364f0c13d392022-08-09T10:01:45.862Zlevel: 5
decay_mode: 0
expire_date: null
id: 38651943
archived: false
52306My descriptionid: 418927900
name: my_custom_event
description: null
2b265035-1a12-4e76-bcb1-6c681b86333e2022-08-04T14:14:50.917Zlevel: 5
decay_mode: 0
expire_date: null
id: 38651943
archived: false