SMARTFENSE is a SaaS platform, and all configurations are done within the instance, except for loading the whitelist, which must be done in the technologies that interact with the organization's emails.
Follow this step-by-step guide to complete the configurations that will allow you to start your first simulation campaign.
Access to the platform
|
Difficulty Level = Low Requires client specialist technicians = No |
Once you have acquired the platform, you will receive a notification email with the instance URL. Access the platform using that link to create your credentials, and you will be logged in as an administrator user, where you can view all the platform’s configuration and management options.
Whitelist Configuration
|
Difficulty Level = Medium Requires client specialist technicians = Yes, to whitelist in client technologies |
Email is the primary means of communication between the SMARTFENSE platform and users. For this reason, it is necessary to add SMARTFENSE's IP addresses and domains to the organization's whitelists. In the Settings > Security > Whitelist section, you will find the list of domains for web browsing that must be enabled on the organization's proxy or other technologies so that users can access content without being blocked.
Follow the steps at: Whitelist Configuration in SMARTFENSE
Direct Message Injection (DMI)
Direct Message Injection (DMI) is a delivery method that injects the email into the user's inbox. It simplifies the whitelist configuration process, but it should be noted that there may be tools that analyze users' inboxes. This will require applying whitelists in such technology/tools.
This configuration will help prevent emails from going to the Spam folder, and in the case of Google, it prevents the appearance of the gray banner or notice in emails.
To enable it, you must go to the Settings > Simulations > Delivery Method section, then select Google or Microsoft depending on the manufacturer of the email server to see the configuration instructions.
Note: If necessary, you can download the instructions to share them with the technical team that will perform the DMI configuration.
IPs and domains of the email sending server
In the Settings > Security > Whitelist section, you will find the list of IPs and domains that must be enabled on the email sending server.
In our Help Center, under the Whitelist category, you will find guide instructions to apply the whitelist by IP address in:
User Registration for a Test Simulation Campaign
|
Difficulty Level = Low Requires client specialist technicians = No |
Once whitelists are configured, it will be necessary to send a test simulation campaign to validate that users receive the emails and that they are not intercepted or manipulated by organization technologies.
To do this, we will manually create at least 5 users and assign them to a group that we will create beforehand. To create the group, go to Users and Groups > Groups, click the New Group button, and assign a name, for example: Testing, which we will then use for the test campaigns.
Once the group to which the users will belong is created, go to the Users and Groups > Users section, and click the New User button to access the registration form. Fill in the requested data, assign the language and the group (in this case: Testing), assign a role, and click the Save button.
The membership of users in groups is not a mandatory condition but a matter of order when configuring a campaign. You can create the users for this test without them belonging to a group, then you will have to individually select the campaign recipients.
In the next steps, we will see how to import and synchronize users from a CSV file, from Google Workspace or Microsoft Entra ID.
Test Phishing Simulation Campaign
|
Difficulty Level = Low Requires client specialist technicians = No |
The next step will be to create our first test simulation campaign, in this case, a phishing campaign, aimed at the users we have registered on the platform.
In this test, we want to validate that users receive the emails and that the statistics reflect the actions of the users.
Navigate to the Content Gallery > Phishing section to see the predefined contents in our Information Security catalog for end users.
From the Campaigns > Calendar section, click the New Campaign button, and choose the Phishing component to go to the campaign configuration window.
Click the More Options button to see all possible configurations. In the upper right margin, you will see an “i” in a blue circle to access online help. Use the blue icons with a ? for more information on each configurable option.
Mode
The campaign mode allows configuring two options:
Single initial assignment and specific expiration date: the users assigned to the campaign will be assigned when the campaign start date arrives. Once started, it is not possible to add new users to the campaign.
Recurrent assignment and relative duration: the users assigned to the campaign will be assigned when the campaign start date arrives. Once started, if new users are added to the recipient groups, those users will be automatically assigned to this campaign the next day at the configured start time of the campaign.
For this campaign, we will use the option of Single initial assignment and specific expiration date.
Recipients
Allows combining the recipient groups of the campaign:
Assign to users that belong to at least one grouping of each type
Assign to users that belong to any of the selected groupings
For this campaign, we will use the option to Assign to users who belong to at least one grouping of each type, and we will specifically send it to a user Group. Add the Testing group, which was created when we registered the users.
Scenario
The scenario is the topic that we will send to users as a phishing simulation. Choose the desired topic from the dropdown menu.
Planning
Planning allows configuring the type of delivery, the date/time of the campaign start, and the date/time of completion.
The delivery type can be:
Normal: Sends all the emails consecutively
Random: Sends emails in batches, distributed over time
Phishing and ransomware simulations have a maximum duration of 4 days. We share this article from our blog How long do Phishing campaigns last? for you to consider when planning future campaigns.
Campaign data
Specify a name and description to identify the campaign on the platform. Remember that it is a test campaign, and you must select Test Campaign: yes.
Note: Test campaigns do not impact risk scoring. Although they allow you to view statistics in the campaign details, they do not create user or campaign audit logs.
Derived actions
It is the result of a user's action. For this test exercise, we will not use the teachable moment. If you want to use it in future campaigns, the teachable moment will appear when the user performs a risky action.
Advanced
In this section, you can define whether the campaign delivery will be a sample or not. If it is a sample, it will only send the content to a percentage of users and not to all of them. That percentage is customizable.
Phishing URL: allows customizing the URL of the phishing link in simulation emails. For this test exercise, we will use the option Use SMARTFENSE's URL.
Password Entry: this option allows or prevents the user from entering their password on the phishing scenario landing page. When the Prevent user from entering their password option is selected, the password field will be disabled on the login form of the landing page.
Once you have configured the campaign, click the Save button, and it will be visible in the SMARTFENSE calendar.
We share our Phishing guide located in our Help Center under the Calendar and Components category. There you can see the instructions for configuring campaigns for each SMARTFENSE component (interactive Modules, videos, newsletters, ransomware and smishing simulations, video games, USB Drop, surveys, and exams).
Analysis of Test Campaign Statistics
|
Difficulty Level = Low Requires client specialist technicians = No |
When the campaign starts, and the users from the Testing group begin to interact with the displayed emails, we must review the statistics to analyze their behavior. Here, we can validate if any technologies interacted with the emails. If so, we should review the whitelist load. The purpose of this campaign is to analyze the effective loading of these lists.
From the Campaigns > Calendar section, identify the campaign with the name configured in the campaign data and click the View campaign details button, symbolized by a small pie chart. Alternatively, you can search for the campaign from Calendar > Campaign List.
Click the “View Campaign Details” button to navigate to Audit – Campaign Details.
This screen will display the configured campaign data under the Information and Actions tab, and a funnel chart under the Charts tab showing the visual results of the actions taken by the targeted users (Testing group)..
Under the “Users Assigned to the Campaign” tab, there will be a table listing the participating users.
Scroll right to see more fields in the table and identify a user who has opened the email and clicked on the link. You can apply filters to view such users.
For each user, it will be necessary to expand the information by analyzing the actions performed. Click on the user's name, and it will open a screen with the Audit - User campaign details.
This table will provide information on the date/time, action type, action, IP, and User Agent for each action performed by the selected user. We must analyze whether they were user actions or if any technology interacted with the email to avoid confusing it with a user-type action.
What can we analyze to know if any technology interacted with the simulation email?
That the actions were recorded consecutively at the same time (minimum difference of seconds/milliseconds) from the phishing open action.
That the Action type is software-related, except for Phishing Delivery.
That the IPs belong to a known technology and not to a user's host or workstation.
If the analysis determines that there were technologies that interacted with the email, it will be necessary to adjust the whitelist load. The IPs reflected in the statistics will be important to identify the manufacturer of that technology. The following URL can be useful to obtain more information about the IPs: https://www.infobyip.com/ipbulklookup.php
If the phishing simulation campaign is successful and the statistics are not affected by technologies, it will be time to perform the mass enrollment of the contracted users.
User Import and Synchronization
|
Difficulty Level = Low Requires client specialist technicians = Yes, to link Google or Microsoft Entra ID to SMARTFENSE |
There are different methods to import and synchronize users into SMARTFENSE. In the Users and Groups > Import and Synchronization section, you can choose the desired method.
You can refer to the following guides from our Help Center in the Users category:
Review the user import methods offered by SMARTFENSE in our Help Center, in the User and group management section.
First Real Campaign Scheduling
|
Difficulty Level = Low Requires client specialist technicians = No |
Up to this point, we have made the initial configurations, set up the whitelists, created a test campaign, and enrolled users in the platform. Now we will send our first real campaign.
From the Campaigns > Calendar section, press the New campaign button and select the component to use. We will make the known configurations when scheduling the test campaign:
Campaign mode
Recipients
Scenario
Planning
Campaign data: Important: here select Test Campaign: No
Derived action according to the selected component (teachable moment). This action is optional.
Note: In this campaign, do not mark it as a test, and it must reach at least 50% of the users for a real measurement.
Once the campaign has started, you can analyze the users' behavior from the Audit - Campaign Detail.