Phishing Attachment Campaign Header Definitions – PSAT

AnswerPlease see the table below for the header name and definition.

Phishing Attachment Campaign CSV Header Definitions

Header

Definition

First Name

Recipient's First Name

Last Name

Recipient's Last Name

Campaign Guide

Unique ID of campaign

Organization Admin

Users with this role can create and update End Users and Silent Users within their​​ Organization.

End-User

Users with this role can manage their own configuration (UI only).

Silent User

User with this role may not interact directly with the system.

Users Guide

Unique ID of user within the campaign

Primary Email Opened

Was​​ tracking pixel loaded (inferring the user viewed the email)

Date​​ Email Opened

Timestamp in UTC as to when the tracking image was first loaded by the user

Primary Clicked

Was one of the links in the email clicked 

Date Clicked

Timestamp in UTC as to​​ when the first click for this user happened

Primary Attachment Opened

Was the attachment opened by the user

Date Attachment Opened

Timestamp the attachment was first opened in UTC

Multi Email Open

Was the tracking image loaded more than once

Multi​​ Click Event

Was a link in the body of the email clicked more than once

Multi Attachment Open

Was the attachment opened more than once

Users Guid

Unique ID of user within the campaign

Primary Email Opened

Was tracking pixel loaded (inferring the user​​ viewed the email)

Date Email Opened

Timestamp in UTC as to when the tracking image was first loaded by the user

Primary Clicked

Was one of the links in the email clicked 

Date Clicked

Timestamp in UTC as to when the first click for this user happened

Primary Attachment Opened

Was the attachment opened by the user

Date Attachment Opened

Timestamp the attachment was first opened in UTC

Multi Email Open

Was the tracking image loaded more than once

Multi Click Event

Was a link in the body of the​​ email clicked more than once

Multi Attachment Open

Was the attachment opened more than once

Email Address

Email address of recipient

Date Sent

Timestamp in UTC as to when the email was sent from the ThreatSim mail servers

Campaign Title

Title of the​​ Phishing Campaign

Template Sophistication

No longer used

Campaign Recipient List

Group user was included in

Email Opened IP Address

IP Address received from the system that initiated the download of the tracking pixel embedded in the phishing email

Email Opened Browser

Browser type, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email

Email Opened Browser Version

Browser version, as determined by the received User Agent String,​​ used by the system that downloaded the tracking pixel in the phishing email

Email Opened OS

Operating System name, as determined by the received User Agent String, of the system that downloaded the tracking pixel in the phishing email

Email Opened OS Version

Version of the Operating System, as determined by the User Agent String, of the system that downloaded the tracking pixel in the phishing email

Email Opened User Agent

The received User Agent String of the system that downloaded the tracking​​ pixel in the phishing email

Attachment Opened IP Address

 ​​ ​​​​ IP Address received from the system that initiated either:

  • The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment) Followed the link​​ to the Teachable Moment for files sent as part of the phishing campaign (Attachment)

Attachment Opened Browser

 ​​ ​​​​ Browser type, determined by the received User Agent String, received from the system that initiated either:

  • The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment) Followed the link to the Teachable Moment for files sent as part of the phishing campaign (Attachment)

Attachment Opened Browser Version

 ​​ ​​​​ Browser version, determined by​​ the received User Agent String, received from the system that initiated either:

  • The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment) Followed the link to the Teachable Moment for files​​ sent as part of the phishing campaign (Attachment)

Attachment Opened OS

 ​​ ​​​​ Operating System type, determined by the received User Agent String, received from the system that initiated either:

  • The download of the tracking pixel in the file attached to the​​ emails from the phishing campaign (Classic Attachment) Followed the link to the Teachable Moment for files sent as part of the phishing campaign (Attachment)

Attachment Opened OS Version

 ​​ ​​​​ Operating System version, determined by the received User Agent String, received from the system that initiated either:

  • The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment) Followed the link to the Teachable Moment for files sent as part of the phishing campaign (Attachment)

Attachment Opened User Agent

 ​​ ​​​​ User Agent String received from the system that initiated either:

  • The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment) Followed the​​ link to the Teachable Moment for files sent as part of the phishing campaign (Attachment)

Clicked IP Address

IP Address received from the system that triggered one of the links in the phishing email

Clicked Host Name

Hostname received from the​​ system that triggered one of the links in the phishing email (if received).

Clicked Browser

Browser type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email

Clicked Browser Version

Browser version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email

Clicked OS

Operating System type, as determined by the received User Agent String, from the system that triggered one of​​ the links in the phishing email

Clicked OS Version

Operating System version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email

Clicked User Agent

User Agent String received from the system that triggered one of the links in the phishing email

Date Acknowledged

Timestamp in UTC as to when the user first clicked on the Acknowledge link in the teachable moment

Weak Egress

Was the tracking image hosted over 49152 loaded by the end user?

Reported

Did the user report the phish?

Date Reported

Timestamp when the user first reported the phish

Email Bounced

Did the phish bounce back to the Proofpoint Security Awareness Training mail server?

Passed?

 ​​ ​​​​ Did the user pass the phishing​​ assessment by NOT committing the failure condition of the phishing campaign? Failure conditions are:

 

  • Attachment: Opening the attachment and following the link presented Classic Attachment: Opening the attached file

Vulnerability Count

How many out of date web browser plugins exist for this user?

Adobe PDF Version

Plugin version detected on the user’s system

Adobe PDF Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version, then​​ Vulnerable = TRUE

Current Adobe PDF Version

Current version of plugin, as advertised by the plugin vendor

Adobe Flash Version

Plugin version detected on the user’s system

Adobe Flash Vulnerable

Does the installed plugin version match the current​​ plugin version? If detected version < current version, then Vulnerable = TRUE

Current Adobe Flash Version

Current version of plugin, as advertised by the plugin vendor

QuickTime Version

Plugin version detected on the user’s system

QuickTime​​ Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version, then Vulnerable = TRUE

Current QuickTime Version

Current version of plugin, as advertised by the plugin vendor

RealPlayer Version

Plugin​​ version detected on the user’s system

RealPlayer Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version, then Vulnerable = TRUE

Current RealPlayer Version

Current version of plugin, as advertised by the plugin vendor

Java Version

Plugin version detected on the user’s system

Java Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version, then Vulnerable = TRUE

Current Java​​ Version

Current version of plugin, as advertised by the plugin vendor

Silverlight Version

Plugin version detected on the user’s system

Silverlight Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version, then Vulnerable = TRUE

Current Silverlight Version

Current version of plugin, as advertised by the plugin vendor

Windows Media Player Version

Plugin version detected on the user’s system

Windows Media Player Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version, then Vulnerable = TRUE

Current Windows Media Player Version

Current version of plugin, as advertised by the plugin vendor

Phishing Template

What phishing template was​​ sent to the user

Current Java Version

Current version of plugin, as advertised by the plugin vendor

Silverlight Version

Plugin version detected on the user’s system

Silverlight Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version, then Vulnerable = TRUE

Current Silverlight Version

Current version of plugin, as advertised by the plugin vendor

Windows Media Player Version

Plugin version detected on the user’s system

Windows Media​​ Player Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version, then Vulnerable = TRUE

Current Windows Media Player Version

Current version of plugin, as advertised by the plugin vendor

Phishing Template

What phishing template was sent to the user