SMARTFENSE is a SaaS platform, and all configurations are done within the instance, except for loading the whitelist, which must be done in the technologies that interact with the organization's emails.
Follow this step-by-step guide to perform the main configurations that will allow you to start using the platform.
- Access to the Platform
- First Steps
- Whitelist Configuration
- User Registration for a Test Simulation Campaign
- Test Phishing Simulation Campaign
- Analysis of Test Campaign Statistics
- User Import and Synchronization
- First Real Campaign Scheduling
- Own Mail Server Configuration
- End-User View Configuration
- Certificate Activation
- Design of the Awareness Program
Access to the platform
Once the platform license is acquired, you will receive an email with the URL of the instance, the requested administrator user list, and the link to this platform implementation article.
First Steps
Difficulty Level = Low Requires client specialist technicians = No |
Log in to the platform as an administrator to view all configuration options. We will add a title to the instance and upload the organization's data.
Title
In the Settings > Organization > Title section, choose Use customized title and select the + symbol preceding the language flag to add the desired title.
Click the Save button.
The saved title will be visible in the login window.
Organization Data
In the Settings > Organization > Organization Data section, add the organization's name and logo. The organization's logo will replace SMARTFENSE's logo in all views for end users, not administrative users.
Upload organizational variables in desired languages. These variables will be used in certain predefined contents or in creating custom content from our content editor.
Welcome Notification
The welcome notification is configured from the Settings > Notifications > Welcome section. It contains the necessary information for a user to log in for the first time to the SMARTFENSE platform and is sent via email.
The welcome notification can be sent to all end users assigned to a campaign who have not previously received this notification, or it can be sent to those end users assigned to a campaign who have never logged in to the platform.
Administrative users will always receive a notification upon being created on the platform.
If you wish to send the welcome notification, you can select the desired behavior and also define whether to send the SMARTFENSE notification or a personalized one.
Content Assignment Notifications
Assignment notifications are sent to end users when they are assigned to a campaign of Interactive Modules, Videos, Video Games, Exams, and Surveys. These notifications contain information about the assigned campaign and, most importantly, a link for the user to directly access the content in question.
In the Settings > Notifications > Assignments section, you can define whether to send an email from SMARTFENSE or a personalized one. If you are integrated with Slack, you can choose this option to send content assignments to users. This configuration can be set for each contracted component that allows notification sending.
Reminders
Reminders are notifications that are automatically sent when a campaign reaches halfway through its duration and when there is one day left until its expiration. These notifications are sent to all users who have not yet completed their assigned campaigns. An individual notification is sent for each pending campaign. You can choose whether to send reminders or not. This configuration is done in the Settings > Notifications > Reminders section:
By selecting the Send Reminders option, you can define the frequency of sending them in number of days. For example: 3 days. If you create a campaign that starts on January 1st and the reminder sending frequency is 3, the first reminder will be on January 4th, the next on January 7th, and so on. You can choose to send a SMARTFENSE reminder or a personalized one via email. If you are integrated with Slack, you can choose this option to send reminders to users.
When reminders are enabled, when scheduling a campaign, you can choose between using SMARTFENSE's predefined dates or custom dates/times for sending reminders.
Whitelist Configuration
Difficulty Level = Medium Requires client specialist technicians = Yes, to whitelist in client technologies |
Email is the primary means of communication between the SMARTFENSE platform and users. For this reason, it is necessary to add SMARTFENSE's IP addresses and domains to the organization's whitelists.
IPs and domains of the email sending server
In the Settings > Security > Whitelist section, you will find the list of IPs and domains that must be enabled on the email sending server.
In our Help Center, under the Whitelist category, you will find guide instructions to apply the whitelist by IP address in:
Our technical support team has provided two workshops as part of our online training cycle, explaining how to configure the whitelist in both technologies. We share the access link to view the recordings (both workshops are in Spanish):
Note: To access the workshops, you need to provide your name, last name, and email address.
Domains for web browsing
In the Settings > Security > Whitelist section, you will find the list of domains for web browsing that must be enabled on the organization's proxy or other technologies so that users can access content without being blocked.
Direct Message Injection (DMI)
Direct Message Injection (DMI) is a delivery method that injects the email into the user's inbox. It simplifies the whitelist configuration process, but it should be noted that there may be tools that analyze users' inboxes. This will require applying whitelists in such technology/tools.
This configuration will help prevent emails from going to the Spam folder, and in the case of Google, it prevents the appearance of the gray banner or notice in emails.
To enable it, you must go to the Settings > Components > Simulations > Delivery Method section, then select Google or Microsoft depending on the manufacturer of the email server to see the configuration instructions.
Follow the instructions to obtain the Service Account Email and the JSON Private Key.
Note: If necessary, you can download the instructions to share them with the technical team that will perform the DMI configuration.
If you need further assistance in configuring Direct Message Injection (DMI), you can watch our spanish workshop on Sending simulations via DMI for Google and Microsoft, where we go through the configurations for both technologies.
User Registration for a Test Simulation Campaign
Difficulty Level = Low Requires client specialist technicians = No |
Once whitelists are configured, it will be necessary to send a test simulation campaign to validate that users receive the emails and that they are not intercepted or manipulated by organization technologies.
To do this, we will manually create at least 5 users and assign them to a group that we will create beforehand. To create the group, go to Users and Groups > Groups, click the New Group button, and assign a name, for example: Testing, which we will then use for the test campaigns.
Once the group to which the users will belong is created, go to the Users and Groups > Users section, and click the New User button to access the registration form. Fill in the requested data, assign the language and the group (in this case: Testing), assign a role, and click the Save button.
The membership of users in groups is not a mandatory condition but a matter of order when configuring a campaign. You can create the users for this test without them belonging to a group, then you will have to individually select the campaign recipients.
In the next steps, we will see how to import and synchronize users from a CSV file, from Google Workspace or Microsoft Entra ID.
Test Phishing Simulation Campaign
Difficulty Level = Low Requires client specialist technicians = No |
The next step will be to create our first test simulation campaign, in this case, a phishing campaign, aimed at the users we have registered on the platform.
In this test, we want to validate that users receive the emails and that the statistics reflect the actions of the users.
Navigate to the Content Gallery > Phishing section to see the predefined contents in our Information Security catalog for end users.
From the Campaigns > Calendar section, click the New Campaign button, and choose the Phishing component to go to the campaign configuration window.
Click the More Options button to see all possible configurations. In the upper right margin, you will see an “i” in a blue circle to access online help. Use the blue icons with a ? for more information on each configurable option.
Mode
The campaign mode allows configuring two options:
- Single initial assignment and specific expiration date: the users assigned to the campaign will be assigned when the campaign start date arrives. Once started, it is not possible to add new users to the campaign.
- Recurrent assignment and relative duration: the users assigned to the campaign will be assigned when the campaign start date arrives. Once started, if new users are added to the recipient groups, those users will be automatically assigned to this campaign the next day at the configured start time of the campaign.
For this campaign, we will use the option of Single initial assignment and specific expiration date.
Recipients
Allows combining the recipient groups of the campaign:
- Assign to users that belong to at least one grouping of each type
- Assign to users that belong to any of the selected groupings
For this campaign, we will use the option to Assign to users who belong to at least one grouping of each type, and we will specifically send it to a user Group. Add the Testing group, which was created when we registered the users.
Scenario
The scenario is the topic that we will send to users as a phishing simulation. Choose the desired topic from the dropdown menu.
Planning
Planning allows configuring the type of delivery, the date/time of the campaign start, and the date/time of completion.
The delivery type can be:
- Normal: Sends all the emails consecutively
- Random: Sends emails in batches, distributed over time
Phishing and ransomware simulations have a maximum duration of 4 days. We share this article from our blog How long do Phishing campaigns last? for you to consider when planning future campaigns.
Campaign data
Specify a name and description to identify the campaign on the platform. Remember that it is a test campaign, and you must select Test Campaign: yes.
Note: Test campaigns do not impact risk scoring. Although they allow you to view statistics in the campaign details, they do not create user or campaign audit logs.
Derived actions
It is the result of a user's action. For this test exercise, we will not use the teachable moment. If you want to use it in future campaigns, the teachable moment will appear when the user performs a risky action.
Advanced
In this section, you can define whether the campaign delivery will be a sample or not. If it is a sample, it will only send the content to a percentage of users and not to all of them. That percentage is customizable.
Phishing URL: allows customizing the URL of the phishing link in simulation emails. For this test exercise, we will use the option Use SMARTFENSE's URL.
Password Entry: this option allows or prevents the user from entering their password on the phishing scenario landing page. When the Prevent user from entering their password option is selected, the password field will be disabled on the login form of the landing page.
Once you have configured the campaign, click the Save button, and it will be visible in the SMARTFENSE calendar.
We share our Phishing guide located in our Help Center under the Calendar and Components category. There you can see the instructions for configuring campaigns for each SMARTFENSE component (interactive Modules, videos, newsletters, ransomware and smishing simulations, video games, USB Drop, surveys, and exams).
Additionally, you can watch our Campaign Scheduling workshop on SMARTFENSE, where from minute 26:38 onwards, our technical support team explains how to configure a Phishing campaign.
Analysis of Test Campaign Statistics
Difficulty Level = Low Requires client specialist technicians = No |
When the campaign starts, and the users from the Testing group begin to interact with the displayed emails, we must review the statistics to analyze their behavior. Here, we can validate if any technologies interacted with the emails. If so, we should review the whitelist load. The purpose of this campaign is to analyze the effective loading of these lists.
From the Campaigns > Calendar section, identify the campaign with the name configured in the campaign data and click the View campaign details button, symbolized by a small pie chart. Alternatively, you can search for the campaign from Calendar > Campaign List.
Click the View campaign details button to navigate to the Audit - Campaign Detail section. This screen will display the information of the data configured in the campaign and a funnel chart with visual results of the actions of the reached users (Testing group).
At the bottom of the screen, you will have a table with the participating users.
Scroll right to see more fields in the table and identify a user who has opened the email and clicked on the link. You can apply filters to view such users.
For each user, it will be necessary to expand the information by analyzing the actions performed. Click on the user's name, and it will open a screen with the Audit - User campaign details.
This table will provide information on the date/time, action type, action, IP, and User Agent for each action performed by the selected user. We must analyze whether they were user actions or if any technology interacted with the email to avoid confusing it with a user-type action.
What can we analyze to know if any technology interacted with the simulation email?
- That the actions were recorded consecutively at the same time (minimum difference of seconds/milliseconds) from the phishing open action.
- That the Action type is software-related, except for Phishing Delivery.
- That the IPs belong to a known technology and not to a user's host or workstation.
If the analysis determines that there were technologies that interacted with the email, it will be necessary to adjust the whitelist load. The IPs reflected in the statistics will be important to identify the manufacturer of that technology. The following URL can be useful to obtain more information about the IPs: https://ipinfo.io/
If the phishing simulation campaign is successful and the statistics are not affected by technologies, it will be time to perform the mass enrollment of the contracted users.
User Import and Synchronization
Difficulty Level = Low Requires client specialist technicians = Yes, to link Google or Microsoft Entra ID to SMARTFENSE |
There are different methods to import and synchronize users into SMARTFENSE. In the Users and Groups > Import and Synchronization section, you can choose the desired method.
You can refer to the following guides from our Help Center in the Users category:
If you need more help, you can watch our workshops conducted by our technical support team, with a practical exercise for each of the mentioned methods.
- Importing users via CSV
- Users and Groups in SMARTFENSE (First part: Microsoft Entra ID/Second part [from minute 36:25]: Google)
Note: To access the workshops, you need to provide your name, last name, and email address.
First Real Campaign Scheduling
Difficulty Level = Low Requires client specialist technicians = No |
Up to this point, we have made the initial configurations, set up the whitelists, created a test campaign, and enrolled users in the platform. Now we will send our first real campaign.
From the Campaigns > Calendar section, press the New campaign button and select the component to use. We will make the known configurations when scheduling the test campaign:
- Campaign mode
- Recipients
- Scenario/topic
- Planning
- Campaign data: Important: here select Test Campaign: No
- Derived action according to the selected component (exam or teachable moment). This action is optional.
If there are doubts about the campaign configuration, review the mentioned points from the Test Phishing Simulation Campaign section of this guide or watch our workshop on Campaign Scheduling in SMARTFENSE.
Note: In this campaign, do not mark it as a test, and it must reach at least 50% of the users for a real measurement.
Once the campaign has started, you can analyze the users' behavior from the Audit - Campaign Detail.
Own Mail Server Configuration
Difficulty Level = Low Requires client specialist technicians = Yes, to provide mail server data |
SMARTFENSE allows you to configure the email server for sending campaign messages to users (welcome messages, content assignment notices, reminders), and other system notifications such as password reset requests.
Important: Phishing and Ransomware simulation emails are sent by default from SMARTFENSE servers to ensure that the reputation of your own servers is not affected.
To configure your own mail server, go to the Settings > Email Server section. There you can select the Own server option and click the Next button.
On the next screen, define whether authentication will be done via password or via OAuth 2.0 for Microsoft Exchange Online or via OAuth 2.0 for Google.
Through password
Email server data
When using your own mail server, SMARTFENSE uses an email account from your own organization to send all relevant emails, except for those related to Phishing or Ransomware traps.
The configuration requires the following data:
- Email server: enter the name of the email server, for example, server.domain.com
- Port: it is the port through which SMARTFENSE will establish the connection
- Encryption protocol: you can opt for the TLS or SSL protocol, although it allows the option of not configuring an encryption protocol. We recommend using one since many of the sent emails may contain private data.
Authentication data of the email account
Enter an email address or username and password that have permissions to log in to the mail server.
Finally, it will be necessary to validate that there is a connection with the server and that the entered data is correct. Perform the testing by clicking the Check connectivity button.
Through OAuth 2.0 for Microsoft Exchange Online
Sending emails from SMARTFENSE using OAuth 2.0 is possible through a Microsoft Entra ID connection.
Configuration Data
If user import has been configured with Microsoft Entra ID, you can use this configuration by simply pressing the Use configured data in user import button. If you do not have this configuration, you will need to follow the setup instructions to obtain the required data.
- Domain: points 3 and 4 of the setup guide
- Application ID: points 6 and 7 of the setup guide
- Application secret key: point 25 of the setup guide
- Sender user UPN: UPN of the user that will be used as the sender of the emails
Once you have entered the requested data, you must test the connection by clicking the Check connectivity button.
Regardless of the chosen authentication method, it is possible to indicate to the server the number of emails sent per minute. If authentication is done via password, it will be possible to customize the FROM field.
If you still need further assistance, you can watch our Own Email Server Configuration workshop.
Via OAuth 2.0 for Google.
Through a connection with Google, it is possible to send emails from SMARTFENSE using OAuth 2.0.
Configuration Data
To use this type of authentication, complete the relevant fields:
- JSON Private Key
End-User View Configuration
Difficulty Level = Low Requires client specialist technicians = No |
The end-user view has a section for each contracted component, divided into subsections depending on whether they are assigned, completed, or available.
You can enable or disable this view for each component, with the possibility of showing active or customized content.
In the Settings > Components section, you can choose the desired component and within each one, you will have the End-User View option.
Example for Interactive Modules:
Note: Simulation components are not visible in the end-user view.
Once the desired components are enabled, the end-user will have a view of their dashboard as shown in the following images, with the sections:
- Assigned contents
- Available contents
- Completed contents
If there are no assigned contents, this section will not be displayed until it happens.
Certificate Activation
Difficulty Level = Low Requires client specialist technicians = No |
Certificates are awards that are automatically sent to users upon completing an Interactive Module.
In the Settings > Components > Interactive Modules > Certificates section, you can define whether users will receive a certificate when they finish an interactive module.
Select the Send Certificate option and click the Save button. You can send yourself a test to your email to see how users will view it. The email includes a PDF attachment with the certificate.
The certificate to be sent can be a SMARTFENSE certificate or a customized one. If you want to customize it, choose the Use customized certificate option to display the language flags in which you want to customize the certificate.
By entering the desired language, a content editor will be displayed allowing you to use the following variables:
- Completion date
- Content name
- User data
- Organization’s Data
After customizing the certificate, click the Save button. Remember that you can use the preview button or send yourself a test to see the final result.
Design of the Awareness Program
Once the SMARTFENSE platform has been deployed, you can define with the client the awareness program. At this point, it will be key to know the organization's needs and the level of knowledge of its users.
We share this document with an initial and intermediate-level program for three years. This program includes obtaining a baseline that will serve as a starting point.