Phishing

SecurityIQ, AwareEd, and PhishSim User's Manual, Pt. 4: Learners & Groups

Infosec
October 15, 2016 by
Infosec

Back to Table of Contents

Learners & Groups

Table of Contents:

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.
Demo Now
  • Overview
  • Licensing
  • Creating Users
  • Managing Individual Learners
  • Importing Multiple Users
  • Managing Groups
  • Active Directory Synchronizer

Objectives

Once you have completed this section, you will be able to:

  • Understand how learners are counted in SecurityIQ
  • Create a single learner manually
  • Create multiple learners by importing a CSV file
  • Create groups
  • Assign learners to a group
  • Delete a group
  • Understand how groups are used in SecurityIQ

 

Overview

As you learned in the Planning section, groups will be a key part of effectively and efficiently delivering security awareness training and simulated phishing attacks to your learners, as well as reporting on their progress. In this section, you will learn how to create learners manually or by importing a large number of them via a CSV file and assigning those learners to the appropriate groups.

Licensing

Before we begin creating learners, it will be helpful to review how SecurityIQ handles licensing. When you subscribe to SecurityIQ, you are purchasing “seats” within the system. Much as with a physical classroom that may have 20 seats that are occupied by students at any given time, students will come and go throughout the year. When a new student arrives to take the place of one who left, you don’t purchase a new seat, you simply re-assign the seat of the student who left. In the same way, when a learner leaves your organization and a new one takes their place, you do not need to purchase an additional seat, you will simply delete the old learner from the system and add the new one.

  IMPORTANT – Deleting a learner from SecurityIQ will also delete all associated training history for that user. If you are required to maintain training records for past learners, you must run and export the appropriate reports containing their information prior to deleting them from the system. You cannot undo a deletion, so be sure to export any needed information before doing so.

Creating Users

There are two quick and easy methods for enrolling learners in SecurityIQ. If you only need to add one or two learners, you can create them manually. In certain situations, however, such as enrolling a large number of learners during the setup process or as part of seasonal hiring, it is more convenient to enroll multiple learners at once, which can be done by importing a comma separated (CSV) file. We will cover both methods.

The only information needed to create a SecurityIQ learner is the first and last name and the email address. No passwords are required in order for learners to use SecurityIQ. It is possible to provide additional information for a user, which can be used to customize the learning experience, and we will explore those options in the Importing Users section.

Managing Individual Learners

The individuals section of your SecurityIQ platform can be found under Learners. Here you can add, edit and delete individual learners. You can also access and individual learners timeline.

Adding an individual User

  1. Click on the New Learner button.
  2. Add the learners information.
  3. Optionally, select the group/s that you want the user to be part of.
  4. Click the Save Button


Find a Specific User

  1. You can find an individual by navigating the list using the left or right arrows.
  2. You can search for a user by clicking on the search icon and entering information pertaining to an individual learner.

Edit an Existing User

  1. Find the learner you wish to edit in your Learners list.
  2. Hover over the learner and click the edit icon.
  3. Edit or add learner information.
  4. Add or remove the learner from group/s.
  5. Click Save.

Deactivating an Individual Learner

By deactivating a learner you will remove them from all PhishSim and AwareEd campaigns. The learners data will be retained in your SecurityIQ platform. The learner will still count against your learner total count.

  1. Find the learner you wish to edit in your Learners list.
  2. Hover over the learner and click the deactivate icon. 
  3. Click the Deactivate Learner Button.

Delete an Individual Learner

Deleting a learner will delete all the learner’s associated data within your SecurityIQ platform. This data will not be recoverable once deleted so if you are required to keep this data export it before deleting a learner.

You can not delete learner’s that are enrolled in active Phishsim or AwareEd campaigns. These campaigns need to be stopped or completed before enrolled learners will be deletable.  
  1. Find the learner you wish to edit in your Learners list.
  2. Hover over the learner and click the delete icon.
  3. Click the Delete button.

IMPORTANT – Deleting a learner from SecurityIQ will also delete all associated training history for that user. If you are required to maintain training records for past learners, you must export their information prior to deleting them from the system. You cannot undo a deletion, so be sure to export any needed information before doing so.

Accessing a Learner’s Timeline

A learners timeline will display information about a learner's behavior within the platform. For example, the timeline will contain an event when a learner opens a phishing email, completes and AwareEd course and many more. You will also find information regarding the learner’s System Details, PhishSim activity, and AwareEd activity.

  1. Find the learner you wish to edit in your Learners list.
  2. Hover over the learner and click the timeline icon.
  3. From here you can see information specific to a learner. This includes a timeline of events and a learner grade.  

Note: The way in which learners are graded is configurable in your account settings.

 

Deactivate or Activate Learners

By deactivating a learner you will remove them from all PhishSim and AwareEd campaigns. The learners data will be retained in your SecurityIQ platform. The learner will still count against your learner total count. You can select multiple users to activate or deactivate by navigating to the Deactivate/Activate section of your SecurityIQ platform under Learners.

Deleting learners is a permanent and non-reversible action. Once a learner is deleted any and all data associated with that learner is also deleted

 

Activate, Deactivate Delete Learners via Individual Selection

  1. Select if you want to activate, deactivate or delete learners.
  2. Select Individual Learners.
  3. Select learners in the Available Learners list by clicking them. They can be removed from the Selected learners list by clicking.
  4. You can search for learners using the search tool at the bottom of the Available Learners list and Selected Learners list.
  5. After you have made your selection click the Apply button.

Activate, Deactivate or Delete Learners via Dynamic Filters

  1. Select if you want to activate, deactivate or delete learners.
  2. Select Learners via Dynamic Filters.
  3. Select the Filter Relationship. This relationship controls how multiple filters work together. Selecting “And” means that all filters selected will have to be true before a learner is deactivated. Selecting “Or” means that if any of the filters is true the learner will show in the preview.
  4. Next, add at least one filter by filling out the fields and clicking the plus button.
  5. More than one filter can be selected.
  6. For example, if you selected the Field “Phished Count”, the Operator “Greater than or Equal to” and the Value ‘1’, only learners that have been phished at least one time will show in the preview.
  7. Click the Process Learner Preview button and confirm the results.
  8. Click the Apply Button.

Importing Multiple Users

You can import new learners or update existing learners utilizing a CSV file.

  1. Click on Import under Learners.
  2. Click the Download Sample CSV File button.


  3. Enter the relevant information in the CSV file. Do not modify the headers in any way. First Name, Last Name, and Email are required. The other columns are optional. It is recommended that you fill out as many columns as possible because this information can be made use of throughout the platform.
  4. Next, select how the upload will handle groups.
    • Group Listed in CSV - This option will use the group listed in the CSV file. If no group is listed the learner will not be added to any group.
    • Existing Group - This option will give you the opportunity to select an existing group to add uploaded learners too.
    • New Group - This option will allow you to create a new group that uploaded learners will be added to
  5. Next, select how you want existing learners treated during your upload.
    • Update Learners - This option will overwrite existing learners information with the information in the CSV while adding new learners.
    • Ignore Learners - Will ignore existing learners while adding new learners.
  6. Choose your CSV File
  7. Click Preview Upload.
  8. Confirm that the information displayed in the preview is correct and click Upload Learners.

IMPORTANT – Pay close attention to the column headers in the first row of the sample import file. These headings are used during the import and should not be changed. If you create your own import file, your header column names must match those listed in the sample file. If the column names do not match, the import process will fail.

Managing Groups

These instructions will explain the different types of groups within the platform and how groups can be used. The SecurityIQ platform has two types of groups, static and dynamic.

Static groups are groups that once created do not change. You can add and remove learners from the group but you cannot automate adding and removing based on information stored within the SecurityIQ platform.

Dynamic groups are a powerful concept within the SecurityIQ platform. Dynamic groups can help you target specific learners based on their behavior within the platform or information in their profile. This can help you target PhishSim and AwareEd campaigns or identify potential risk points within your organization. This accomplished through the use of filters.

When importing learners via CSV or Active Directory Synchronizer the group specified will be created as a static group if it does not already exist. If the group already exist the learner will be added to that group.

Creating Static Groups

  1. Go to the Groups section of your SecurityQ platform.
  2. Select New Learner Group then select Static.
  3. Next name the Group
  4. You can create a new learner and add it the learner to the group by filling out the required fields and clicking Add Learner.
  5. Select learners from the available learners list by clicking on a learner. Once clicked the learner will be added to the selected learners list. The learner can be removed from the selected learners list by clicking the learner again.  
  6. Click the Save button when finished.

Creating Dynamic Groups

  1. Go to the Groups section of your SecurityQ platform.
  2. Select New Learner Group then select Dynamic.
  3. Next, name the group.
  4. Next add at least one filter by filling out the fields and clicking the plus button.
  5. Filters can be removed by clicking the X button under Selected Filters.
    • More than one filter can be selected.
    • If filtered information changes learners will be added and removed based on the group's filters.
    • For example, if you selected the Field “Phished Count”, the Operator “Greater than or Equal to” and the Value ‘1’, only learners that have been phished at least one time would appear in the group. As more learners get phished they would automatically be added to this group.
  6. Select the Filter Relationship. This relationship controls how multiple filters work together. Selecting “And” means that all filters selected will have to be true before a learner is added to the group. Selecting “Or” means that if any of the filters is true the learner will be added to the group.
  7. When done click the Save button.

Group List

  1. The groups you created can be found in the TargetGroups list found in the Groups section of your SecurityIQ platform.
  2. By hovering over a group in the list you can edit or delete the group.

 

  IMPORTANT – Groups that are assigned to either a PhishSim or AwareEd campaign cannot be removed. When attempting to delete a group that is associated with a campaign, a message will be displayed indicating which campaigns it belongs to. The campaign must be deleted before the group can be deleted. If this action is required, please see Deleting a Campaign in the PhishSim or AwareEd section of this manual for information on how to perform that process.

9

 

Active Directory Synchronizer

These instructions will guide you through using the SecurityIQ Active Directory Synchronizer to automatically import your learners into your SecurityIQ account.

System Requirements

  1. Requires Windows 7 SP1 or Higher or Windows Server 2008 R2 or Higher.
  2. PowerShell 4.0 or higher

Downloading the Active Directory Utility:

  1. Navigate and login to your SecurityIQ account.
  2. Click on Active Directory Synchronizer under Learners.
  3.    Click the download link.
  4.    Take note of your secret key.

5. If this is your first sync or you are making significant changes remember to override the safety switch and click Save.

6. Extract the downloaded ActiveDirectorySynchronizer to the folder that you wish the utility to reside.

  IMPORTANT – Before conducting your initial import, you must enable the “Override safety switch on next sync” option with the Active Directory Synchronizer section of the SecurityIQ web portal. The initial import will fail if this step isn’t taken.


Using the Active Directory Utility with a GUI:

  1. Navigate to the extracted ActiveDirectorySynchronizer directory.
  2. Double click the GUI-AD-Import.exe file and run it.
  3. The first box will have a list of your Active Directory Forest. Select your desired domain and click the Select button.
  4. Copy your Secret Key and click the Paste button.
  5. Select any group(s) of users that you would like to import into SecurityIQ.
  6. The “Save config” will save the current configuration of the tool. You must save a configuration file if you wish to setup the synchronization as a scheduled task. Before saving the configuration file make sure the tool is configured in the way you want to work in future runs. This includes the remove groups and EU server options.
  7. Exclude Groups checkbox will prevent the tool from uploading your Active Directory group names to your SecurityIQ platform.  It is recommend that you check the option to remove groups to limit unwanted groups imported into SecurityIQ.
  8. European Union users please check the “Sync to EU Server” checkbox.
  9. By default, the tool selects all accounts in your selected Active Directory Forest. To filter learners out click the filter button. Here you will be able to create a list of excluded users. The users selected in this step will not be uploaded.
  10. Notice that in the upper right corner you can filter users out of the list. Remember, you are creating an exclusions list so people filtered from this view will be uploaded.
  11. Select users by clicking on their name. Select multiple users by ctrl or shift-clicking. Select all pressing ctrl + a.
  12. After you have selected the desired users click the OK button. A file will be created called “Exclusions.csv”. This file will contain the users you just selected. These users will not be uploaded to your SecurityIQ platform on your current and future syncs.
  13. Clicking the Save CSV button will save a file that has the users that would be currently uploaded to SecurityIQ.
  14. When ready click the Upload button to sync your users to your SecurityIQ platform.

Using the Active Directory Utility with Windows Task Scheduler:

Before using the scheduler run the Active Directory Utility as described above and make sure to select the Save Config button.

  1. Open Microsoft’s Task Scheduler Service and Create a Basic Task.
  2. Name your task and click Next.
  3. Configure your trigger and click Next.
  4. Select “Start a program” and click Next.
  5. Browse to select the Scheduled-AD-Import.ps1 file.
  6. Click Next.
  7. Click Finish

Deleting Learners:

You can delete learners using the Active Directory Utility and SecurityIQ.

  1. Select Update existing learners and override the safety switch. Click Save.
  2. Remove or disable the learners you want to delete in your active directory and run the Active Directory Utility.
  3. Navigate to Learners to Delete in the Active Directory Synchronizer section of SecurityIQ account.

  4. Confirm that the learners that you expect are flagged for deletion. From here you can delete specific learners or delete all learners.

    5. [caption id="attachment_42262" align="aligncenter" width="505"]     [/caption]

Change Log

The Active Directory Synchronizer Change Log page displays an overview of synchronization activity between the ADS utility and SecurityIQ. If any changes were made during the synchronization, a “Download CSV” link will be available under the Changes and Errors columns. This document will provide a detailed report of any changes that took place during the sync.


Grades

Grades are a quick way to understand the risk associated with your learners behavior in the platform. You can access grades in different ways throughout the platform. Under the Learners menu there is a quick way to view grades and generate analytical reports based on grading.   

Once in the Grades section of your SecurityIQ platform, you will see an overview of all your learner’s grades. From here you can create groups and reports related to learner’s grades.

Narrowing the Scope of the Grade Report

  1. On the left side of the platform, there is a drop-down menu labeled “Data Selection”. From this drop-down, you can select “Learner Department” or “Learner Groups”.
  2. Next, select the specific group or department that you want grades displayed for.


Generating a CSV Report of Learner Grades

  1. Select the scope of the report using the “Data Selection” drop-down menus. You can also generate a report for all learners by selecting “All Learners” in the “Data Selection” drop-down menu.
  2. Scroll down to the bottom of the screen and click the Generate CSV button.

Creating Groups from Grades Date

  1. Select “All Learners” in the “Data Selection” drop-down menu.
  2. Select at least one grade level check box to create a group from.
  3. Click the Create Grade Level Group button.
  4. Name the group.

  5. Select the group type.
  6. Click the Save button.

 


Creating a Dynamic Report from Grades

  1. Select the scope of your report by using the data selection menu.
  2. Next, to letter grade of your choice click the details icon.
  3. With the report generated you can scroll down to save or print the report.
  4. After the Report is saved you can download a CSV file of the report.
  5. After the report is saved you can find, edit, and view the report under the Analytics section of your SecurityIQ platform.

 

Rankings

The Rankings feature can be found under the Learners menu in your SecurityIQ platform. Rankings enables you to get a score and grade for specific Groups, Departments or Managers. This data can be used to help identify weak points in your organization's security posture or to gamify good security practices.



Selecting Ranking View

  1. On the left side of the platform select or view in the “View” drop down menu.

    • “Groups” Displays the grades and scores of all the learner’s combined in the associated group.
    • “Departments” Displays the grades and scores of all the learner’s combined in the associated department.

    • “Managers” Displays the grades and scores of all the learner’s combined managed by the associated manager.


Creating Analytics Reports from Rankings Information

  1. Select the view that you want to generate the report from.

  2. Click the details icon on the right.

  3. With the report generated you can scroll down to save or print the report.

  4. After the Report is saved you can download a CSV file of the report.
  5. After the report is saved you can find, edit, and view the report under the Analytics section of your SecurityIQ platform.

 

PhishNotify+ Defender

This feature works with clients using the the Microsoft Outlook desktop client and the PhishNotify plugin. For more information about the plugin visit:
/securityiq-awareed-and-phishsim-users-manual-pt-5-phishsim-phishing-simulator/#Plugin-Behavior

PhishDefender works by dynamically linking security awareness learner data to real-time email communications. Program managers can set criteria in PhishDefender to activate stronger security settings on high-risk learner email accounts. Learners that match the set criteria will experience:

  • Restricted links: Links are stripped and disabled from all email body text; HTML link text is copied and placed into the body of the email without hyperlinks.
  • Link indicators: Root linking domains are highlighted in red for extra emphasis on link destinations.
  • Advanced protections: Within Outlook’s admin settings, program managers control whether a link can be CTRL clicked, or not clicked at all. For more visit: https://support.office.com/en-us/article/Turn-on-or-off-links-in-email-messages-2D79B907-93B6-4774-82E6-1F0385CF20F8


Selecting Learners to Receive PhishDefender’s Advanced Protections

Get six free posters

Get six free posters

Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.

Download Now
  1. Install the latest version of the PhishNotify plugin.
  2. Navigate to PhishNotify+ Defender section of your platform.
  3. Next, select the groups that you wish to receive the add PhishDefender’s Advanced Protections. Notice that you can select dynamic groups. This allow you to configure a group that will be selected based on specific behavior, events or more.
  4. After selecting your Groups click Save.

Viewing Activated Defender Learners

  1. Click the View Activated Defender Learners button. You will be presented with an Analytics report. This report list all Activated Defender Learner along with some other information.
  2. Form the report you can save or print by clicking the appropriate icon. Once saved the report will be in the Analytics section of your SecurityIQ platform.
Posted: October 15, 2016
Infosec
Infosec
View Profile

In this Series

See Infosec IQ in Action
We’ll customize our demo to your
  • Security awareness goals
  • Existing security and employee training tools
  • Industry and compliance requirements
Demo Now

Phishing

Keeping your inbox safe: How to prevent business email compromise

Phishing

The best 9 phishing simulators for employee security awareness training (2023)

Phishing

How to set up a phishing attack with the Social-Engineer Toolkit

Phishing

Extortion: How attackers double down on threats