Phishing Data Entry Campaign CSV Header Definitions – PSAT

Answer – Please see the table below for the header name and definition.

Phishing Data Entry Campaign CSV Header Definitions

Header

Definition

First Name

Recipient's First Name

Last Name

Recipient's Last Name

Campaign Guid

Unique ID of campaign

Users Guid

Unique ID of user within the campaign

Primary Email Opened

Was tracking pixel loaded (inferring the user viewed the email)

Date Email Opened

Timestamp in UTC as to when the tracking image was first loaded by the user

Primary Clicked

Was one of the links in the email clicked 

Date Clicked

Timestamp in UTC as to when the first click for this user happened

Primary Compromised Login

Did the user click the Submit button on the Data Entry page?

Date Login Compromised

Timestamp the Submit button was clicked on the Data Entry page

Multi Email Open

Was the tracking image loaded more than once

Multi Click Event

Was a link in the body of the email clicked more than once

Multi Compromised

Not possible

Email Address

Email address of recipient

Date Sent

Timestamp in UTC as to when the email was sent from the ThreatSim mail servers

Campaign Title

Title of the Phishing Campaign

Template Sophistication

No longer used

Campaign Recipient List

Group user was included in

Email Opened IP Address

IP Address received from the system that initiated the download of the tracking pixel embedded in the phishing email

Email Opened Browser

Browser type, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email

Email Opened Browser Version

Browser version, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email

Email Opened OS

Operating System name, as determined by the received User Agent String, of the system that downloaded the tracking pixel in the phishing email

Email Opened OS Version

Version of the Operating System, as determined by the User Agent String, of the system that downloaded the tracking pixel in the phishing email

Email Opened User Agent

The received User Agent String of the system that downloaded the tracking pixel in the phishing email

Clicked IP Address

IP Address received from the system that triggered one of the links in the phishing email

Clicked Host Name

Hostname received from the system that triggered one of the links in the phishing email (if received)

Clicked Browser

Browser type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email

Clicked Browser Version

Browser version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email

Clicked OS

Operating System type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email

Clicked OS Version

Operating System version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email

Clicked User Agent

User Agent String received from the system that triggered one of the links in the phishing email

Username

What did the user enter into the Username field on the Data Entry page

Teachable Moment Started

Did the user load the Teachable Moment?

Acknowledgement Completed

Did the user click the Acknowledge button on the Teachable Moment?

Date Acknowledged

Timestamp in UTC as to when the user first clicked on the Acknowledge link in the Teachable Moment

Weak Egress

Was the tracking image hosted over 49152 loaded by the end user?

Reported

Did the user report the phish?

Date Reported

  • Timestamp when the user first reported the phish

Email Bounced

  • Did the phish bounce back to the Proofpoint Security Awareness Training mail server?

Passed?

  • Did the user pass the phishing assessment by NOT clicking the Submit on the Data Entry page?

Password Entered

  • Did the user enter any data in the Password field on the Data Entry page?

Vulnerability Count

  • How many out of date web browser plugins exist for this user?

Adobe PDF Version

  • Plugin version detected on the user’s system

Adobe PDF Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE

Current Adobe PDF Version

Current version of plugin, as advertised by the plugin vendor

Adobe Flash Version

Plugin version detected on the user’s system

Adobe Flash Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE

Current Adobe Flash Version

Current version of plugin, as advertised by the plugin vendor

QuickTime Version

Plugin version detected on the user’s system

QuickTime Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE

Current Quicktime Version

Current version of plugin, as advertised by the plugin vendor

RealPlayer Version

Plugin version detected on the user’s system

RealPlayer Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE

Current RealPlayer Version

Current version of plugin, as advertised by the plugin vendor

Java Version

Plugin version detected on the user’s system

Java Vulnerable

  • Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE

Current Java Version

Current version of plugin, as advertised by the plugin vendor

Silverlight Version

Plugin version detected on the user’s system

Silverlight Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE

Current Silverlight Version

Current version of plugin, as advertised by the plugin vendor

Windows Media Player Version

Plugin version detected on the user’s system

Windows Media Player Vulnerable

Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE

Current Windows Media Player Version

Current version of plugin, as advertised by the plugin vendor

Phishing Template

What phishing template was sent to the user