This article explains how to create and customize content in SMARTFENSE (from predefined templates or from scratch), including key considerations about languages, visibility by instance, and best practices for test campaigns.
Scope and Concept of Custom Content
In SMARTFENSE, creating custom content allows you to add value and create your own catalog for both clients and partners for their clients. All content available on the platform is 100% adjustable to the organization's needs.
SMARTFENSE allows creating new content in three ways:
From predefined platform content.
From scratch.
Based on external material from the partner or client.
This versatility allows quick responses to emerging topics, urgent communications, or “what if” scenario simulations, for example: cloning a real attack (such as a phishing detected by a security tool) to evaluate what could have happened if it had not been detected in time.
Content customization also enables the development of specific and segmented material by user groups, aligned with the culture of each organization.
Important Considerations Before Creating Content
|
Important: custom content does not perform automatic translation into different languages.
|
SMARTFENSE includes an embedded content editor that allows you to create and edit content easily, without third-party software. Additionally, the editor can automatically optimize images.
The system allows:
Editing content or adding translations in all available languages on the platform.
Archiving unused content.
Regarding access: custom content is exclusively accessible to the creator within their instance. If created in Multitenant and active, it can also be seen in its dependent instances under predefined content.
How to Customize Content?
In this workshop, we show how to customize the content of our awareness, simulation, and evaluation components using predefined templates or by creating content from scratch.
Go to the section Customized Content > [choose the component], our platform will allow you to create custom tags, custom categories, and custom themes, all useful for later content searches.
Below is a detailed explanation of how to customize content for each of the SMARTFENSE components.
Custom Interactive Modules
Interactive Modules consist of slides with different activities shown sequentially.
Available Actions in the Editor
To change the order of slides, you can reorder them within the editor using the drag and drop action.
To add a new slide, click Add Slide at the bottom left of the screen, or press the + button located at the top right of each existing slide.
To delete an existing slide, click Remove Slide located at the top right of the slide.
To duplicate an existing slide, click Copy Slide located at the top right of the slide in question.
To modify the content of an existing slide, press Edit Content, located at the bottom of each slide.
| Translations: actions such as adding, modifying, duplicating, deleting, or changing the order of a slide are automatically replicated in the different languages the Interactive Module has. |
Slide Types
"Title and Body"
"Title and Two Columns"
Available Activities
A slide can contain these activities:
Image
Video
Text
Multiple Choice Question
Drag and Drop Activity (*)
Password Fortress: This activity uses the configuration set in Settings > Security > Password Policy. To see the applied settings, select the activity, set the title, and save. Then preview the slide to see the configuration reflected.
Classify Pairs Activity (*)
Email
Interactive Bullets (*)
HTML Content (*)
(*) Only available in Title and Body slides.
HTML Content
The HTML Content activity allows you to insert custom HTML, CSS, and JavaScript code within a slide.
The content is written in a code editor with syntax highlighting and can be previewed before saving changes.
The editor supports the use of personalization variables such as $name, $lastname, and $email, among others. This allows the content to dynamically adapt to each user.
It is also possible to define whether the user must complete the activity in order to proceed within the interactive module. To mark the activity as completed, the HTML code must send the corresponding message to the platform through the browser messaging API.
Custom Newsletters
You can create custom Newsletters by modifying a previous one or creating one from scratch.
Define the email subject and create the content with the WYSIWYG editor, or directly in HTML format.
If you need attachments, add Attachments up to 10 MB with the following extensions: word, txt, pdf, jpg, png, zip, and excel.
If you add a validation question at the end of the newsletter, choose the possible answers and feedback for each.
Additionally, from the Settings > Awareness > Newsletters section, you can customize the feedback for the answers to the final question, the title, and the color of the final reading validation question.
Custom URL Pool
You can create custom URLs by modifying an existing one or creating a new one from scratch, in order to use them in the game "Gupi's Adventures".
Data visible by the Administrator: whether the URL is Active or Inactive.
-
Data visible by the User:
Full URL that the user must classify. Required field
Type: Safe or Unsafe. Required field
Help message. A message intended to help the end user determine whether the URL is safe or unsafe. Required field
Feedback displayed when correctly classifying this URL. This is a message that can be displayed to the end user if they classified the URL correctly. Optional field.
Feedback displayed when incorrectly classifying this URL. This is a message that can be displayed to the end user if they classified the URL incorrectly. Optional field.
General feedback. A message that provides a general explanation or information about the URL. Required field.
| Note: It is possible to apply bold formatting using the tags [b] and [/b]. For example: ALERT! The real domain is [b]paypal.com[/b] |
Additionally, in the section Settings > Awareness > Video Games > URL Pool you can define whether the game will display active predefined and custom URLs or only custom ones.
Custom Videos
You can create custom Videos by modifying a previous one or creating one from scratch.
Add the video file (maximum size: 250 MB).
Make sure to use a format supported by HTML5 playback, for example: mp4.
If you add a validation question at the end of the video, choose the possible answers and feedback for each.
Custom Phishing
You can manage your own Phishing content. To create Phishing content from scratch, click New Phishing.
| Important: the content will be created in the same language as the administrative user performing the action. |
Custom Phishing from Template
You can customize a Phishing based on predefined content by selecting it from the dropdown list under the title Create new Phishing from template.
A view will open with preloaded fields that can be freely modified.
Edit Phishing
Email Content
Email Subject: allows using First Name and Last Name variables by pressing the button next to the text field; these will then carry the data of each end user receiving the Phishing simulation email.
Email Content: body of the Phishing simulation email in HTML format. It can be designed with the editor provided by the platform or you can enter the source code from the View > Source Code menu.
The editor offers useful buttons such as User Data and Organization Data, with variables to customize content.
It is essential to add the Phishing Link. This can be done by pressing the Phishing Link button or by using the variable $phishing_link. This link will direct users to the Phishing landing page.
Landing Page
The landing page of the Phishing simulation email is where end users arrive when they click the Phishing link received in the email (designed in the previous step).
It can be designed with the editor provided by the platform or directly enter source code from the View > Source Code menu.
It must include a form that captures the end user's intent. The Add login form button allows adding a model form.
You can create your own, but consider the basic HTML structure referenced in the platform’s online help. This code must be present for the correct functioning of Phishing traps. Based on this, you can add any other code to visually adjust the form.
Required Landing Page Content
If you want to create your own form, keep in mind the following basic structure used by the platform:
<form action="$phishing_landing_action_url" method="POST">
<span style="display: none;">$csrf_token</span>
User: <input type="text" name="user" autocomplete="off" />
Password: <input dont_allow_password_entry="" type="password" name="password" autocomplete="off" />
<input type="submit" value="Login" />
</form>
| Important: in bold, the tags, attributes, and mandatory values that must be present for the correct functioning of Phishing traps. Meeting this base, you can add any other code to visually adjust the form and achieve the desired result. |
Final Recommendations for Customizing Phishing Simulations
After creating a Phishing scenario, it is recommended to launch at least one test campaign with an end user. It is important to verify that the scenario can be completed from start to finish and that all statistics (phishing opened, link clicked, data entered) are generated correctly.
Test campaigns
These types of campaigns should be carried out in the same environment that will later be used for the actual campaigns, and they should be sent to multiple users.
The objective is to verify the correct configuration of SMARTFENSE in the organization’s different whitelists and the proper functioning of the different statistics for each type of campaign.
Phishing Simulation
Create a new Phishing campaign, indicating in the advanced section that the campaign is a test. (For more information, consult the Phishing Campaign Creation section of the SMARTFENSE Administration Manual).
When the campaign start date and time arrive, check that the Phishing simulation email is in the recipients’ inbox.
In the Campaign Details, verify that the statistics correctly reflect the sending of the campaign emails, and do not record any other statistic such as email opens. (For more information, consult the Campaign Details section of the SMARTFENSE Administration Manual).
Open the email for the Phishing simulation as the different recipient users.
In the Campaign Details, verify that the statistics correctly reflect the opening of the campaign emails, and that there are no missing open records.
Click the link in the Phishing simulation email as the different recipient users.
In the Campaign Details, verify that the statistics correctly reflect the click on the phishing link in the campaign emails.
Enter data in the form on the landing page of the Phishing Simulation as the different recipient users.
In the Campaign Details, verify that the statistics correctly reflect the data entry for each user correctly.
| For customizing Ransomware and Smishing simulations, the process is very similar to the Phishing process described above. |
Custom Teachable Moments
You can create custom Teachable Moments from templates or by creating them from scratch.
Define the email subject (only if scheduled for a later date) and create the content with the WYSIWYG editor, or directly in HTML format.
If you add a validation question at the end of the Teachable Moment, choose the possible answers and feedback for each.
Custom Exams
You can create custom Exams from templates or by creating them from scratch.
Define each question and up to 4 possible answers, which will be presented to the user to choose the one they consider correct.
Define duration in minutes and minimum passing percentage.
Create feedback corresponding to each possible answer. Then, from the campaign scheduling, you can decide whether that feedback will be shown to the user.
Custom Surveys
You can create custom Surveys from templates or by creating them from scratch.
Define the email subject and create the content with the WYSIWYG editor, or directly in HTML format.
Select the question type: a Multiple Choice question with up to 10 options or an open question.
💡 Best Practices
Before publishing custom content, validate languages and translations to avoid users receiving the original template without changes.
For simulation content (Phishing, Ransomware, Smishing), run a test campaign with an end user to verify the flow and the generation of statistics.
Maintain organized management: archive unused content to reduce noise in the instance and facilitate searches by the administrator.
If you work with material from a partner, standardize structure and variables (for example, $phishing_link) to ensure consistency and facilitate maintenance.