Release Notes – v4

Changelog SMARTFENSE – version 4

May 18th, 2024

Platform

Improvements

  • Added a date filter to the gauge chart on the Risk Scoring screens.
  • Added the ability to tag Smishing content.
  • Added the following fields in the SAP SuccessFactors configuration view: 
    • End date format.
    • Institution name.
    • Adjusted hourly rate currency.

Corrections

  • Fixed an issue with the user table that caused the downloaded CSV file to not contain the users displayed on the screen after searching by UPN and attempting to export the table.
  • Fixed an issue related to the translations of feedback for multiple-choice questions in Interactive Module content for instances using authentication without credentials.
  • Corrected notifications for pending campaigns. Previously, these notifications did not respect the configuration of the local server and were always being sent from the SMARTFENSE server.
  • Corrected the user import from Microsoft Entra ID. The issue was preventing some users from being created with the appropriate functional areas and levels of hierarchy, and they were not being recorded in the resulting administrative audit log.

April 20th, 2024

Platform

Improvements

  • A new version of the Phishing Report button for Outlook has been enabled. You can download the new version from Settings > Components > Simulations > Phishing Report Button.

Please note that for the proper operation of this new version, you must validate your corporate domains in Settings > Organization > Corporate Domains.

  • Performance improvements have been made in the views of past, future, and deleted campaign audits.
  • A style improvement has been made to the validation questions of Newsletters and Teachable Moments. With this improvement, the background color of the questions will be inherited from the parent element.

Corrections

  • Fixed an issue in all platform tables where it was not possible to click the buttons or links present in the cells when there was only one log in the table.
  • Fixed an issue that arose when exporting the Campaign Detail of a Smishing campaign to CSV or Excel since the header columns of the CSV did not match the data present in the subsequent rows.
  • Fixed an issue where, in the online help regarding the creation and editing of users, the descriptions of administrative roles were not being displayed correctly.
  • Fixed an issue that arose when configuring a video slide within an Interactive Module. This issue caused the blocking options to be applied to videos referenced from external sources, when they should only apply to videos uploaded from a file.

March 23rd, 2024

Platform

Improvements

  • The option to tag customized content was added. To do this, go to the creation/editing of any content and use the Tags field to classify them as you wish.

The tags available for classifying content are provided by SMARTFENSE. Additionally, it is also possible to create customized tags in the Customized Content > Tags section.

In the Content Gallery, you will find a tag filter to sort your content based on this new classification.

  • Two new fields have been added in the creation and editing of video activity for an Interactive Module content. The purpose is, on one hand, to configure whether the user will be allowed to advance the videos. On the other hand, to configure whether the user will be allowed to move to the next slide without reaching the end of the video.

Corrections

  • Fixed an issue that occurred when importing users via Google and Microsoft Entra ID. This issue arose when the directory had a group whose name contained this character string: \C.
  • Fixed an issue where the teachable moment was not instantly sent via email in Ransomware campaigns configured with this option: “Show instantly in the user’s web browser and also send the Teachable Moment by email at the same time.”

February 24th, 2024

Platform

Improvements

  • A warning has been added when scheduling Phishing and Ransomware simulation campaigns. This warning is related to Whitelist processes and the statistics generated by software.
  • The HTML content editor used in different places within the platform, such as content management for Newsletters, Phishing, Ransomware, and Teachable Moments, has been updated.
  • A modification has been made to the design of the final question in Newsletters and Teachable Moments.

Corrections

  • An issue with feedback in Interactive Module activities has been fixed, as translations were not displaying correctly.
  • An issue that occurred when an instance had a different method configured than SMARTFENSE with credentials, and when pressing Forgot your password, it wasn’t correctly redirecting to the password recovery screen, has been resolved.
  • An error in the audit view of an inactive user has been fixed.

Note

A new section called Corporate Domains has been added in Settings > Organization.

This section allows adding and validating ownership of the organization’s corporate domains.

Validated domains will be used later in SMARTFENSE for different purposes, such as the Microsoft and Google Phishing report buttons.

If desired, you can complete the validation process for your corporate domains to have this step ready for future releases and improvements.

January 27th, 2024

Platform

New features

Videos with Exams

In the creation and editing of Video campaigns, the option to add a related Exam has been introduced.

This is how it works: Users are assigned to the Video campaign, and once it is completed, they have to take an Exam. This can be done either immediately or at a later time.

To use this new feature, click the More options button in the Video campaign creation view and locate the Derived Actions section.

Improvements

  • All occurrences of “Microsoft Azure Active Directory” in the platform have been replaced with “Microsoft Entra ID.”
  • The loading time for campaign details has been improved.

Corrections

  • Fixed an issue that affected the proper functioning of filters in the Content Gallery when loading new items while scrolling on the screen.
  • Fixed an issue in the Smart Groups Editing section that caused the export of all users in the instance when attempting to export only the users of a specific Smart Group.
  • Fixed an issue in the creation and editing section of Interactive Modules. Previously, when copying a slide, the link to edit the content of the new slide was not generated correctly, requiring a page reload for it to work. 
  • Fixed an issue in the Audit – Newsletter Campaigns List section, where the campaign’s completion date was not exported correctly when exporting the table.
  • Fixed interface issues that arose when using quotation marks in the content of slides in Interactive Modules, Exams, and Surveys.
  • Fixed an issue that prevented the proper functioning of grouping filters in the campaign details.
  • Fixed the interruption of the daily user import process in some specific instances.
  • Fixed the user import process from Microsoft Entra ID. With this correction, the direct and indirect groups of each imported user will be considered again during the import process.

December 30th, 2023

Platform

New features

Final Validation Question in Videos

Validation questions have been added to predefined video content.

Now, the playback interface for this type of content has three steps:

  1. Video Player
  2. Multiple-choice question to validate understanding of the video
  3. Feedback on the user’s answer

Customized videos can also include validation questions. To do this, edit an existing content or create a new one.

Note that this question is optional, and you can continue to use videos without this new feature.

Pending Campaign Notifications

The pending campaign notification is a new type of notification that you can set up in Settings > Notifications > Pending Campaigns.

The pending campaign notification is an automatic notification sent to users who have one or more assigned campaigns that have not yet concluded. This notification covers:

  •     Interactive Modules
  •     Videos
  •     Video Games
  •     Exams
  •     Surveys

The purpose is to provide users with a summary of their pending campaigns and inform them of the expiration date for each one.

Improvements

  • Compatibility has been expanded to include new types of groupings in the integration with Microsoft Entra ID (Microsoft Azure Active Directory). Previously, it was only possible to import groups of the “Security” type. Now, the support extends to the rest of the Microsoft Entra ID groups.
  • A new version of the executable file type has been developed to use in Ransomware content.

Corrections

  • Fixed an encoding issue in SMS sending, where Smishing scenarios containing accents were not being sent correctly.
  • Fixed an issue related to campaign assignment through autoenrollment. In some cases, an incorrect expiration date was reported in the assignment email.
  • An issue related to obtaining groups from the Microsoft Azure Active Directory API has been corrected. Previously, the import was restricted to a maximum of 15 groups.
  • Corrected relative campaigns configured with Autoenrollment. Previously, despite selecting the option not to send notifications, notification emails were sent in the first assignment (but not in subsequent ones).
  • Fixed an issue with the “Send me test” button in the content gallery and the creation or editing of Phishing and Ransomware campaigns. It was not working when configuring the delivery method through Direct Message Injection.
  • Fixed an issue in the tables of the Gamification Reports section. They were not sorting correctly when done from lower to higher or vice versa.
  • Fixed an issue in the date selector used to specify the start/expiration date of campaigns. It was not being translated correctly according to the user’s language.
  • Corrected the email sent to the end user when they receive a new badge. The badge image was displayed in a very large size in the Microsoft Outlook Desktop email client.
  • Added information to the campaign details when errors occur in sending the welcome email to a user.
  • Corrected the export options of the campaign detail table. The options for exporting while respecting applied filters on the table were not working correctly. Filters in columns with “Yes/No” options were not being considered.
  • Fixed an issue that arose when attempting to modify a profile image with an unrecognized format.
  • Fixed an issue where the $username variable was not being replaced correctly in the certificates sent to users.

December 2nd, 2023

Platform

Improvements

  • Modified the logic of importing users through CSV files. Now, when importing users via CSV, the system will follow the logic of searching by email and then by username.
  • Improved the performance of loading indicators on the Dashboard.
  • Improved the performance of updating the status (active/inactive) of multiple users from the Users table.
  • Improved the performance in loading the Campaign List.

Corrections

  • An issue that arose when accessing the campaign details of some deleted campaigns has been fixed.
  • An issue in the monthly ranking displayed on the End User Dashboard, where scores were not showing correctly in specific cases, has been corrected.
  • A correction was made to the start and expiration dates of campaigns listed in the Campaign List. From now on, these dates will be displayed in the time zone of the administrative user viewing the list.
  • An issue that arose when deleting a parameter in the campaign creation URL from the campaign list has been fixed.
  • A correction was made to the title of the Risk Scoring card for groups. Previously, the word “group” always appeared in English, regardless of the user’s language.  
  • An issue in Audit > Campaign Detail for the User, where user interactions in the campaign were not displaying correctly, has been fixed.
  • A modification was made to the data export file of the Past Campaigns table. The topic column in the exported file showed extra information that did not apply. 
  • A correction was made in the translation of notifications sent via Slack.
  • An issue in the End User Dashboard that caused repeated content to be displayed in the available content section in some cases has been fixed.
  • A correction was made in the “Match Pairs” activity of the Interactive Modules component. The issue occurred when incorrectly displaying the highlighting color when matching the correct pairs. This happened only when there were two activities of this type in consecutive slides. 
  • An issue identified when viewing users belonging to Levels of Hierarchy and Functional Areas has been fixed. It turned out that users who were not actually in these groups were being displayed. This issue did not affect campaign sending. 
  • An issue that arose when trying to create template content using inactive content has been fixed. 

October 27th, 2023

Platform

Improvements

  • Improved the performance in loading the Reports > Campaigns section.
  • Improved the maintenance message displayed in the user’s browser language when the platform is under maintenance.
  • Modified the way user language import is managed. The user language will not be changed by any import process if the end user has selected a specific language in their profile or if an administrative user has assigned a specific language from the Users and Groups > Users section.
  • Standardized the character limit for the username field in various user import methods.
  • Added two new columns to the user table located in Users and Groups > Users. The columns are:
    • Creation Date: Displays the date and time of each user’s creation.
    • Edition Date: Displays the date and time of the last edit for each user.
    Additionally, two new options for exporting all data from the user table have been added:
    • CSV with complete information of this table (not suitable for import).
    • Excel with complete information of this table (not suitable for import).
    These files are unsuitable for import because they have a different structure containing more information than what is required in the user import section using CSV.
  • Added the ability to use the Hanken Grotesk and Montecatini Pro fonts in the platform’s HTML editor.
  • Improved sending speed for simulation emails through Direct Message Injection, both for Microsoft and Google.
    Error handling for incorrect configurations has also been improved.

Corrections

  • An issue that occurred when reassigning users in a campaign with auto-enrollment has been fixed. In some cases, the reassignment email was not being sent correctly.
  • Translation issues in the texts of certain administrative sections of the platform have been fixed. This issue caused some text fragments to be displayed in Spanish even when the administrative user had a different language configuration.
  • An issue related to case sensitivity when importing users from Microsoft Azure Active Directory and Google has been corrected.
  • An issue that arose when accessing the details of an empty campaign group has been fixed.
  • An issue related to the language filter in the content gallery has been fixed. This issue caused results that did not meet the filter criteria to be displayed.
  • A correction in the logic of the Autoenrollment process in derived campaigns has been made. The automatic assignment was not working correctly for exams.
  • An issue in the Groups, Functional Areas, Levels of Hierarchy, and Smart Groups sections where table content was not being displayed has been fixed.
  • An issue that occurred when consulting available content from the end user dashboard has been fixed. This issue sometimes caused the loading of available content to fail, requiring the user to press the “Load More Content” button again.
  • An issue that occurred when accessing a test campaign of Interactive Modules integrated with LMS has been fixed. The issue redirected users to the SMARTFENSE login screen upon entering the module.
  • An issue that occurred when accessing a user’s audit section from the Audit > Assigned Actions > Users > General View section has been fixed.
  • Missing headers in Phishing and Ransomware simulations sent via DMI with Microsoft have been added.
  • The user import process from Microsoft Azure Active Directory has been corrected. The issue occurred when configuring the import of Functional Areas or Hierarchical Levels, and a user did not have information in the selected fields to obtain the data.
  • An issue that affected the search for campaigns in the Campaigns > Campaign List section when the instance name began with numbers has been fixed.

September 29th, 2023

Platform

New features

Smishing Simulation Campaigns

Smishing simulation campaigns allow you to test users’ behavior when they receive an SMS with socially engineered content.

From the SMS delivered in each campaign, it is possible to measure the opening of links and the input of data on simulated phishing websites.

The contents of smishing traps are 100% customizable, and it is possible to create new ones from scratch.

This component integrates with all platform audit reports and logs, the administrative dashboard, and user, group, and organization risk scoring.

Improvements

  • Added the ability to configure the second factor of authentication for end users in instances configured with SMARTFENSE credentials authentication.
  • Improved the user import process with all methods for groupings to support the “&” character in the name field.
  • Modified the message displayed when requesting password recovery from the login screen.
  • Enhanced performance in loading the table in the Administrative Audit section.
  • Modified the sidebar in the Calendar section. This section is now named “Campaigns” and includes two subsections, Calendar and Campaign List. The latter is a new section that displays past and future campaigns in the instance in a table with various filtering options.
  • Added new available languages to the predefined USB Drop files.
  • Improved the Drag and Drop activity in Interactive Modules to work correctly when the browser has translation extensions like Google Translator.

Corrections

  • An issue was fixed where the QR code was not being received correctly when sending a Phishing or Ransomware simulation with a QR code via DMI through Microsoft.
  • A correction was made in the Smart Groups editing screen as the last update date of the group did not update correctly.
  • An issue that arose during user imports from Microsoft Azure Active Directory with certain specific configurations has been fixed.
  • A correction was made in the campaign details of Interactive Modules with Derived Exams. Interactions from each user’s Exam were not being generated correctly in the CSV or Excel resulting from the export.
  • An issue in the campaign detail table where it was not possible to click the buttons in the cell when there was only one user was fixed.
  • An issue in the administrative audit log related to user imports from Microsoft Azure Active Directory was fixed.

September 1st, 2023

Platform

New features

BeyGoo Integration

The integration between SMARTFENSE and BeyGoo allows the detection of users’ compromised credentials on both the surface network and the Deep & Dark Web. This information is included in the risk-scoring reports of SMARTFENSE.

Autoenrollment

In campaigns with the “Recurring assignment and relative duration” mode, a new functionality has been added that allows for the automatic reassignment of users who have not completed the campaign within the specified time.

This automatic reassignment is known as Autoenrollment and can be performed a finite number of times or continuously until the user completes the campaign in question.

Improvements

  • The loading speed of the calendar was optimized. Additionally, the popover that appeared when hovering over each campaign was replaced by a modal that can be viewed by clicking the “View more information” button present in each of them.
  • The download speed of the grouping campaign details was optimized.
  • Performance improvements were made in SMARTFENSE’s APIs.
  • The “phishalertbutton.com” domain was added to the Whitelist section.
  • An interface correction was implemented in the content gallery. Previously, when selecting an item with text longer than the width of the filter, the display was not optimal.
  • A time improvement was made in the user import process through Microsoft Azure.
  • Improvements were made to the “Create Group” and “Create Reverse Group” buttons in the campaign detail view. Previously, when the percentage was 0%, the buttons did not appear. Now, validation is based on the number of interactions rather than the percentage.
  • Performance improvement was carried out in the Content Gallery.

Corrections

  • A correction was made in the end user’s Dashboard. The issue was that in some cases, the available attempts count for exam campaigns was displayed incorrectly.
  • A modification was made in the Campaign Audit section to display zero instead of “None” when the USB Drop content has no past, future, or deleted events.
  • A correction was applied to USB Drop campaigns. The file name was not being displayed correctly in the campaign detail.
  • An issue that arose when performing a search in the Audit – User History section in campaigns was fixed.
  • An issue that occurred when sending the report for finished campaigns was fixed.
  • A correction was made in the campaign editing process. Previously, when creating a campaign and then editing it, the previously chosen topic was not loaded correctly.
  • An issue when attempting to stop a campaign was fixed.
  • A correction was made to an issue that arose when viewing the User Ranking on the End User Dashboard in instances with fewer than six users.
  • A correction was made in the user import process from Microsoft Azure. Users with a null “last name” field were not being imported.
  • An issue that arose when trying to edit an Interactive Module campaign with derived exams was fixed.
  • Content navigation issues that arose when configuring authentication without credentials on the platform were fixed.
  • An issue in the end user’s Dashboard was fixed. When completing a Newsletter campaign without a validation question, the content was not moved to the Completed Content section but remained in the Assigned Content section.