Cloudflare Docs
Cloud Email Security (formerly Area 1)
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)


When Cloud Email Security detects a phishing email, the metadata of the detection can be sent directly to KnowBe4. For this tutorial, you will need a working KnowBe4 account with the SecurityCoach add-on. You will also need to create an organization key to use in Cloud Email Security. This organization key will let you integrate KnowBe4 with Cloud Email Security. Refer to KnowBe4 documentation for more information on this subject.

After creating your organization key and authorizing Cloud Email Security:

  1. Log in to the Cloud Email Security dashboard.
  2. Go to Settings (the gear icon).
  3. Go to Email Configuration > Domains & Routing > Alert Webhooks.
  4. Select New Webhook.
  5. In App Type, select SIEM.
  6. Choose KnowBe4 from the dropdown, and paste your organization key into the Auth Code section.
  7. In Target, paste the URL that suits your organization. KnowBe4 has different URLs for different regions:
    KnowBe4 instanceURL
    United States
    European Union
    United Kingdom
  8. Select Expanded from the drop-down menu for Malicious Style, Suspicious Style, and Spoof Style.
  9. Select Publish Webhook.