Release Notes – v3

Changelog SMARTFENSE – version 3

August 4th, 2023

Platform

Improvements

  • A performance improvement was made in the initial loading of the end-user Dashboard.
  • New elements were added to the end-user Dashboard:
    • Description of earned gamification badges.
    • User’s position in the experience points ranking.
    • Information about the number of experience points granted by different assigned, available, and completed contents.
  • A modification was made in SMARTFENSE’s own authentication process without credentials. End-users now receive a welcome email with a link to navigate the platform.
  • A new delivery option for Teachable Moments was added. This option allows users to instantly view the content in their browser and receive it by email.
  • The manual reminder sending process was improved. It is now possible to view the details of each sent reminder, its current status, and the number of emails sent successfully.
  • Improved the performance in the Users section to get faster search results.
  • An “Edit Campaign” button was added to future campaign details in all components. This button redirects directly to the campaign editing view.

    A “Create Campaign” button was added to the content gallery for each content. This button redirects to the creation view of a new campaign with the pre-selected topic/scenario.

  • An edit criteria button was added to the creation and editing view of smart groups.
  • Improved the performance in the process of sending user assignment emails in regular and random campaigns. This allows campaigns to conclude the email assignment process more quickly.

Corrections

  • Fixed an issue in creating Smart Groups, where users who met interaction criteria in campaigns were not being selected correctly.
  • Corrected the Organization’s heat map to address specific inconsistencies.
  • Fixed a user interface issue in the tour presented to end-users when they first access their dashboard.
  • Fixed an issue that occurred when trying to upload a .gif format image in the platform’s HTML editor.
  • Fixed an issue in the end-user Dashboard that caused Exams and Surveys content to be displayed in the available content section.
  • Fixed an issue that occurred when trying to sort users by Language Code in the Users section.
  • Fixed the interactive bullets activity present in Interactive Modules. The fixed issue caused incorrect visualization of content when using double quotes in certain languages.
  • Fixed the Assigned Actions > Users > Components section. An error occurred when trying to download any of the reports on the details of all campaigns conducted by users. This error only occurred when applying a date filter on the audit screen.

July 7th, 2022

Platform

New features

USB Drop Attack Simulation Campaigns

These campaigns allow you to measure users’ behavior when they find a USB drive that does not belong to them. Specifically, you can determine whether the user opens the files contained in the USB drive and also whether they activate the Macros of the opened files.

Improvements

  • There has been a modification in the way files are compressed to generate the SCORM package in the LMS Integration. This change ensures that the package is correctly read on platforms like SAP SuccessFactors.
  • There has been a modification in the API response of related campaigns when applying the new campaign-id filter. Now, the API response will only bring the users assigned to the specific campaign.

    Additionally, new filters have been added to the API response as optional parameters that vary depending on the campaign type. If no filters are specified, the API will maintain the current default behavior.

  • New filters have been added to the user table in the campaign details. Filters are available in the Groups, Functional Areas, and Levels of Hierarchy columns, allowing you to view in the table only the groupings that were recipients of the campaign.

    Also, new export options have been added to the table. In addition to the existing options, exporting the table respecting the applied filters is now possible.

Corrections

  • Fixed the logic of sending welcome emails to prevent multiple welcome emails from being sent to a user within the context of the same campaign.
  • Modified the file name of the Ransomware attachment when using the Direct Message Injection simulation method via Microsoft. Previously, the Ransomware attachment included extra character strings that were not appropriate.
  • Fixed an issue when trying to create a campaign or customized content using inherited content from a parent instance.
  • Fixed the Interactive Modules component to allow the use of two or more Drag and Drop activities on consecutive slides.
  • Fixed an issue when attempting to download the Risk Scoring view graphs for the organization.
  • Fixed an issue that occurred when trying to download the table of deleted events from any component.
  • Fixed the table exported from Audit – Other user interactions as it was downloading interactions from the Audit – User History section in campaigns section.
  • Fixed the audit log generated when selecting the option for customized assignment notification via email as it was not being generated correctly.
  • Removed the “User Assignment to Exam” field, which was displayed in some audit sections on Exam campaigns that did not originate from an Interactive Module.
  • Fixed an issue in the Proactive Actions Audit view where the dates of some actions were not displaying correctly.
  • Fixed an issue on the Reports > Campaigns > View more details section of any component, as the topic filter was always showing a blank result.

June 3rd, 2023

Platform

New features

Smart Groups

We have introduced a new feature in the Users and Groups section called Smart Groups.

A Smart Group is a special type of grouping where users are automatically kept up to date based on one or more criteria defined by the administrative user.

For instance, you can set up a Smart Group to always include users with high-risk scoring. Or to only include users who have been created in the last 30 days.

The use of a Smart Group, combined with other SMARTFENSE features such as relative duration campaigns, allows for an automatic assignment of users who reach a certain risk level, or to create induction campaigns that automatically target new users created on the platform.

Grouping of campaigns

The possibility of grouping related campaigns was added. The grouped campaigns will appear as a single entity in the calendar.

From the campaign detail, it will be possible to download all the interactions of the grouping, in addition to the individual interactions of each campaign in particular.

Improvements

  • Added a new button in the user table of the Exams and Interactive Modules campaigns detail that allows downloading the certificate corresponding to each particular user in PDF format.
  • A new field named User Assignment to Exam has been added to the Derived Actions section of the Create and Edit Campaign Views for Interactive Modules. This field allows configuring whether users who are not notified about the previously completed Interactive Module can be assigned to the derived Exam or not.

    This new field will only be available for instances that have the option “Assign to all target users but notify only those who have not previously completed the module in question” configured in the Interactive Module assignment settings.

  • The date filter feature of the platform Audit section was improved. Now, the selected end date up to 23:59 is considered in order not to leave out any record of that day.
  • A new configuration was added to the Settings > Components > Video Games > URL Pool, which allows you to choose which URLs will be used in SMARTFENSE’s video games. If you wish to use custom URLs, it is possible to manage them in a new section called “URL Pool” within the Customized Content section.
  • Added the option to import the Employee ID, Levels of Hierarchy, and Functional Areas fields in the user import process with Google.
  • Improved administrative reports to show the dates contained in these reports in the time zone of the instance.
  • Improved performance in calendar loading times.
  • Added a new Video assignment configuration section, which allows configuring whether a user can be reassigned to a Video that has been previously completed either outside a campaign or within a campaign whose status is completed.

    This section was also added for Exams and allows configuring whether a user can be reassigned to a previously passed Exam.

Corrections

  • Fixed an issue in the Settings view of the simulation sending media where an incorrect validation was being performed. The view editing was disabled when authentication to the platform was configured without credentials.
  • Corrected an issue in the content creation of Interactive Modules from template. This problem occurred only if the selected module had the Classify pairs activity. In this case, this activity was not created with its corresponding translations, i.e., it was only created in its original language.
  • Fixed an issue that occurred when a Ransomware campaign was sent using the Direct Message Injection configuration via Microsoft and the selected scenario had attachments. The issue was that the attachment could be attached more than once to each email.
  • Fixed an issue that was preventing the sending of notification tests.
  • Fixed the Automatic Reminders Settings whereby when selecting the send via Slack option and send a test, the test was being sent via email instead of Slack.
  • Fixed an issue that occurred when modifying the order of the slides of an Interactive Module.
  • Fixed an issue related to the display of the title when accessed through a browser in a language for which no specific translation had been defined. Previously, in this situation, the default title was displayed instead of an existing customization.
  • Fixed the “Scenario/Subject” and “Campaign Detail” columns of the Audit table – Phishing report button, since the information was displayed incorrectly when exporting it.

May 12th, 2023

Platform

Improvements

  • Added the creation of backup codes within the activation process of the Two-Factor Authentication for administrative users.
  • Added an Administrative Audit log that is generated when authorizing or suspending the integration with Vanta.
  • Modified the SCORM package generated by the platform for integration with LMS. The objective is to make the package compatible with SAP SuccessFactors.
  • A performance improvement was made in the end-user Dashboard to load assigned, available, and completed contents faster.
  • Added a search field in the Content Gallery that allows searching by content name.

Corrections

  • Fixed an issue in the “Continue with the Exam” button displayed in Interactive Modules with derived Exam where it was not displaying correctly translated.
  • Fixed an issue that prevented the immediate display of content changes when sending test emails.
  • The interactions “Records the best score at the end of a campaign” and “Records a score within the top 3 at the end of a campaign” were removed from the Video Game campaign detail funnel.
  • Fixed an issue in the Interactive Modules player where when reaching the end of an Interactive Module with a derived Exam, the close button was not working.
  • Fixed an issue where the Campaign History table was not downloading correctly.
  • Fixed an issue in the Administrative Audit section where records were not being loaded correctly when the administrator user had set the Catalan language.
  • Fixed an issue that arose when attempting to create the audit log related to resetting a user’s password by an administrative user from the user table.
  • Fixed an issue where it was not possible to view some contents from the “Completed Content” section.
  • Fixed an issue that arose when trying to save a profile image in .jpeg format.
  • Fixed an issue in which the export of the user table present in the campaign detail did not take into account the software-generated statistics filters configured in the Whitelist section.
  • Fixed an issue where the interactive module completion or exam pass certificate PDF attachment was not being received correctly when the Own Email Server using OAuth 2.0 option for Microsoft Exchange Online was configured.
  • Fixed an issue where the translation of the “Done” button in the one-time help tour shown to users when they first enter the interactive modules, exams, and surveys content player was not being displayed correctly.
  • Fixed a problem in the calendar where campaigns created in the Italian language were not displayed correctly when one of them had double quotes in its name.
  • Corrected the file generated when downloading the table of users of the campaign detail. The issue fixed was that the empty cells were being exported with a colon and comma inside them.
  • Corrected a performance issue that arose when trying to load the users table of the campaign detail. In some cases, the delay was too long and the table was not loaded correctly.

April 22nd, 2023

Platform

New features

Phishing traps with QR codes

The use of QR codes in real phishing traps is intended to bypass the possible controls that several technical tools perform on links.

On the SMARTFENSE platform, a new button was added to the creation/editing screen of Phishing and Ransomware content, which allows adding a QR code.

This QR code is equivalent to the use of a link. When the campaign is sent, it will be replaced by a unique QR code for each recipient user. If a user scans the QR code and enters the URL, an interaction equivalent to “Click on Phishing link” or “Ransomware downloaded” will be generated as appropriate.

Platform color customization

A new section was added to Settings > Organization called Colors, which allows the customization of the colors that the end user views on the platform.

Improvements

  • Added a new report related to Gamification, which shows four rankings of users regarding their experience points and badges earned within the platform. This report is in the Reports > Gamification section.
  • The name of Ransomware campaign interactions was unified in the different audit views of the platform to avoid confusion.
  • A new filter was added to the APIs used to obtain information about all campaigns in which a user participated. The filter, called campaign-id, allows getting information on a particular campaign.
  • When a user obtains a badge, they also earn a certain number of experience points. Information about the number of points earned in the email informing about the badge achievement was added.
  • Added a new filter in the calendar that allows filtering campaigns by type: actual campaigns or test campaigns.
  • A modification was made to the size at which the image is displayed in a single-column slide of Interactive Modules.
  • Added a new configuration option for welcome notifications, which allows deciding which users will receive this email.
  • Added a new field to the certificate settings for Interactive Modules and Exams to customize the name of the attached PDF certificate.
  • Added a new configuration option to the Settings > Notifications > Reminders screen that allows specifying the frequency in days of the reminder sending for each campaign.

Corrections

  • The information in the audit screen where the user’s answers are displayed in an exam can be downloaded as Excel or CSV. Corrected the name of the last column of the downloaded file.
  • Fixed an issue where some users were not removed from the organization’s heat map when deactivated.
  • Fixed an issue when trying to delete a hostname.
  • Fixed an issue in the drag-and-drop activity of Interactive Modules. When using special characters in a category item, the item was not accepted in any of the available categories.
  • Fixed the process of creating customized assignment notifications. When creating a new customized notification, the predefined SMARTFENSE subject was not preloaded correctly.
  • Fixed the date that appears on the Exam and Interactive Modules certificates when an administrative user manually sends them.
  • A change was made to prevent a delay when saving a video larger than 100MB in an interactive module slide or the video component.
  • Fixed an issue that occurred when importing users via CSV, either manually or via FTP. The language of the administrator user was not correctly detected when the language of the user to be imported was not specified.

March 17th, 2023

Platform

New features

Two-factor authentication for administrative users

Added the possibility of configuring two-factor authentication for administrative users using SMARTFENSE’s own authentication.

You can enable two-factor authentication from your profile, in the Security section.

Improvements

  • A performance improvement was made in the Audit > Assigned Actions > Users > General view section..
  • Added a new column to the user table in the campaign detail that indicates the “Employee ID” of each user.
  • Modified the way the video game leaderboard is displayed. Now usernames with more than 15 characters are truncated so that they do not go outside the leaderboard container.
  • Updated the Google connection configuration instructions for the Users and Groups > Authentication and Users and Groups > Import and Synchronization. This change does not imply any action by the instances that already have this connection configured and working correctly.
  • Modified the modal displayed when sending reminders manually from the campaign detail view. A progress bar was added to the sending.

Corrections

  • Fixed a translation issue in the feedback of drag-and-drop and classify pairs activities in Interactive Modules. The issue caused the fixed part of the feedback not to be displayed correctly translated.
  • Corrected the video game scoring table so that it only shows users’ final scores and does not consider partial scores.
  • Corrected the graphs displayed when viewing the detail of survey answers. The issue occurred when an answer type “Other” had commas. In this case, the graph did not correctly represent the number of answers of this type.
  • Fixed a bug in a particular case of importing users and groups through a CSV file. The issue occurred when the user to be imported had an email address already registered in the platform under another username.
  • Fixed a bug that occurred when sending a customized Interactive Module certificate test from the Settings > Components > Interactive Modules > Certificates section.
  • Corrected the name of the audit table pages of a user’s campaign details, the word “Campaigns” was changed to “Interactions”.
  • Corrected the download file format for a Survey and Exam answer detail.
  • Fixed a bug that occurred when trying to edit the administrative user itself from the Users table.
  • Corrected the tour that was being shown to the end user when the instance did not have Gamification permission.
  • Corrected the manual sending of reminders to prevent a timeout from occurring during sending.
  • Fixed an issue where, when editing the translation of a Newsletter content, the validation question was not being displayed in the correct language.
  • Fixed an issue where the status of a campaign was not correctly displayed in the calendar. This occurred only in campaigns with “Recurrent assignment and relative duration” mode.

February 18, 2023

Platform

New features

Direct Message Injection (DMI) through Microsoft

This option allows you to directly inject the corresponding emails with Phishing and Ransomware simulations into the inbox of the recipient users of the campaign. This is done through a secure link between SMARTFENSE and Microsoft.

This simulation delivery method allows you in many cases to simplify the Whitelist process, or even eliminate the need for it. This is because DMI bypasses the organization’s email filtering tools and rules.

To configure DMI through Microsoft, go to Settings > Components > Simulations > Delivery method.

Experience points and levels

Experience points and levels are new features for those clients that use the SMARTFENSE Gamification component.

The objective is to award experience points to the user as they perform meaningful actions within the platform, to generate a sense of progress. As the user acquires experience points, they will level up.

One of the actions that allow the user to earn experience points is obtaining badges. You can check the number of points awarded by the platform’s badges in Settings > Components > Gamification > Badges.

In addition, there are other specific actions that allow the user to earn points. You can find these specific actions in Settings > Components > Gamification > Experience points.

Improvements

  • It was improved the Phishing report process that users can apply by using the SMARTFENSE report button. This improvement allows the end user to send the reported email to their SPAM box.
  • A new filter was added to the Users and Groups > Users section that allows filtering users by their Status. In addition, when exporting the table in CSV or Excel format, the filters applied will be considered.
  • A performance improvement was made for the search of users in the tables present in Risk Scoring > Users and Risk Scoring > Groups.
  • Performance improvements were made in the calendar loading.
  • A new configuration option was added to the Settings > Components > Videos > End User View section that allows the user to see in their Available Videos section only the active custom videos on the platform.
  • A new audit section called Phishing Report Button was added. In this section, it is possible to view a summary of the emails reported by users with useful information such as the date of the report and the associated campaign.
  • An improvement was made to the Multiple-Choice Questions activity in Interactive Modules so that clicking on the answer will display a spinner until the feedback is loaded.
  • A modification was made in the Simulation delivery means configuration so that when entering it, previously saved configuration values are not shown. This is to avoid a possible information leak.
  • A small modification was made to the icon of the full-screen button in the Interactive Modules, Exams, and Surveys player. Now the button is called Maximize.
  • The following options that activate a Teachable Moment in Ransomware campaigns were modified:
    1. Opening the downloaded Ransomware through the download link received by email
    2. Opening the downloaded Ransomware through the attached file received by email
They were unified by a single option called “Opening Downloaded Ransomware”, which is activated in either of two cases: when opening ransomware downloaded via link or via attachment.

Corrections

  • A correction was made to the “Send me test” button present in the content gallery and campaign creation/editing views, which was not working correctly when pressed more than once.
  • It was fixed an issue where the report of Audit > Assigned actions > Campaigns > Past Events section was not being downloaded.
  • It was fixed an issue that arose in instances where the authentication method was through SMARTFENSE without credentials. This error caused a problem when trying to assign badges to users.
  • It was fixed an issue where the drag-and-drop activity of Interactive Modules was not working properly. This problem occurred when the category had a small number of characters.
  • It was fixed an issue that arose in the “Interactive Bullets” activity of an Interactive Module when the next button was clicked before it was enabled.
  • It was fixed an issue that prevented downloading the heat map of some specific campaigns.
  • It was fixed an issue in the User History view in campaigns where the Export to CSV or Excel button was not working correctly.

January 14th, 2023

Platform

New features

Customized Videos

It was added the possibility to create custom video content. Just like the rest of the SMARTFENSE components.

Please note that, when creating a video from template, the video provided by SMARTFENSE can be replaced with another one, but the platform does not include a video editor to retouch the existing one.

Improvements

  • The design of the Interactive Modules, Exams, and Surveys player was renewed.
  • A button named “Mark as test campaign” has been added to the campaign detail to change the status from a normal campaign to a test campaign.
  • It was added the possibility to import Functional Areas and Levels of hierarchy in the user import process from Microsoft Azure Active Directory.
  • A new section called “Users to import” was added to the import from Google settings view. This section shows a new filter that allows you to import only users belonging to certain groups.
  • A new button was added to the campaign detail named “Send reminders now”, whose objective is to manually run the reminder delivery to all the users that meet the necessary requirements to receive it at that moment.
  • A drop-down button with the “Export” text was added to the Phishing and Ransomware campaign detail and the Risk Scoring section of the organization. This button generates a CVS file to download with the detail of each user illustrated in the heat map being displayed.
  • The following Gamification Badges were added:
    • Gamer: It is awarded to the user who plays a video game for the first time.
    • Number 1: It is awarded to the user who wins first place in a video game.
    • Superstar: It is awarded to the user who achieves a score within the top 3 in a video game.
    • Eminence: It is awarded to the user who completes an exam by answering all the questions correctly.
  • A new audit view was added to the User Audit section, where a log is displayed for each login of the user being analyzed. This new view is accessed by going to Audit > Assigned Actions > Users > General View. After clicking on the user of interest, you will see the button: Other user interactions.

Corrections

  • It was fixed a text translation issue in the deployment dashboard.
  • It was fixed an issue where an error occurred when opening the administrative audit event detail that is generated when a welcome email is set up.

December 17th, 2022

Platform

Improvements

  • A subsection was added to the Settings > Components > Simulations section, called Reply to, which allows configuring the Reply-to header present in SMARTFENSE simulation emails.
  • The video game component was added to the proactive action audit section.
  • It was added the possibility to create custom content translations in these languages:
    • Dutch
    • Russian
    • Czech
    • Vietnamese
    • Polish
    • Galician
    • UK English
  • Improvements were made to the configuration interface to send Phishing and Ransomware simulations through DMI via Google.
  • Improvements were made to the user import process from Google and Microsoft Azure AD to avoid duplicate users in SMARTFENSE.

Corrections

  • A correction was made in the Phishing and Ransomware campaign creation and editing view, whereby the preview modal was not working correctly when more than one scenario was selected.
  • It was fixed a UI issue in the Deployment Dashboard related to the welcome notification settings.
  • A problem was corrected in which when trying to create a campaign, in some cases it was incorrectly notified that the selected content used variables whose value had not been loaded.
  • A correction was made in the Users section and the Audits > Assigned Actions > Users > Components section, in which the search field was not working correctly.
  • It was fixed an inconsistency that occurred when saving a new import or user authentication configuration through Google that caused the new configuration data to be ignored and the previously saved data to continue to be used.

November 19th, 2022

Platform

New features

Direct Message Injection (DMI) through Google

This option allows you to directly inject the corresponding emails with Phishing and Ransomware simulations into the inbox of the targeted users of the campaign. This is done through a secure link between SMARTFENSE and Google Workspace.

This simulation delivery method allows you in many cases to simplify the Whitelist process, or even eliminate the need for it. This is because DMI bypasses the organization’s email filtering tools and rules.

To configure DMI through Google, go to Settings > Components > Simulations > Delivery method.

Slack Integration

The purpose of this integration is to send certain notifications from the SMARTFENSE platform to end users through Slack.

The notifications included in this integration are:

  • Welcome
  • Assignments
  • Reminders

Vanta Integration

The purpose of this integration is to send SMARTFENSE’s audit logs related to the awareness actions carried out to Vanta.

User import from API

It was added the possibility of importing users from an API to SMARTFENSE.

Improvements

  • It was added the option to customize the certificates that are sent upon completion of an Interactive Module or passing an Exam.
  • The following Gamification Badges were added:
    • Competent: Correctly answering the validation question in the first newsletter
    • Model: Correctly answering the validation question of 5 newsletters
    • Outstanding: Correctly answering the validation question of 10 newsletters
    • Resilient: Activating and then correctly answering the first Teachable Moment
    • Bodyguardb: Reporting 1 email in a Phishing or Ransomware simulation campaign
    • Titan: Reporting 2 emails in Phishing or Ransomware simulation campaigns
    • Super Detective: Reporting 3 emails in Phishing or Ransomware simulation campaigns
  • A heat map was added to the Organization’s Risk Scoring section. This map illustrates the probability that each of the organization’s active users is likely to perform actions with different levels of impact.
  • It was added the option to sort the columns of Groups, Levels of Hierarchy, and Functional Areas in the Users section.
  • A new column “Percentage of correct answers” was added to the campaign detail table of the Exam campaigns, which shows the percentage of correct answers of each user, corresponding to their last attempt.
  • The possibility of exporting platform graphs in new formats was added.
  • Details were added when an error was generated in the connection with Microsoft Azure Active Directory and Google to facilitate deployment tasks.
  • The page shown to users when they tried to enter a campaign that had already expired was modified. Previously, a 404 error was displayed. Now the user is notified that the campaign has expired.
  • The possibility of choosing how to combine different types of groupings (groups, functional areas, levels of hierarchy) selected as targets of the campaign was added. By default, they are always assigned to users belonging to at least one grouping of each type. It is now possible to assign them to users that belong to any of the selected groupings.
  • The possibility of customizing the 404 error page was added.

Corrections

  • It was fixed a UI issue in the notification displayed when trying to disable content that is currently being used in a campaign in progress or is planned in a future campaign.
  • It was fixed an issue in the /audit/sap/ audit table which caused audit logs to be displayed for Newsletters campaigns that did not have a campaign identifier.
  • An inconsistency that arose in the creation of groups with users who passed or failed an exam has been corrected. Now, only the result of the last attempt made by each user is taken into account.
  • A correction was made in the design of the error message that is displayed when entering an incorrect password during the password modification process located in the edition of an administrative user’s profile.
  • It was fixed an error that arouse when entering the Audit > Deleted Events view.
  • A correction was made in the end-user Dashboard whereby the contents were duplicated when double-clicking on some indicators and buttons.
  • It was added validation in the front end of the user creation and editing view related to the catalogs over which the user has permissions.
  • It was fixed an issue where all instance settings were restored when pressing the Save button in Settings > Organization > End User Dashboard.
  • It was fixed an issue where the button to download XLS/CSV tables from the Audit > Assigned actions > Users > Components view was not working.
  • A correction was made as the UPN field was not saved correctly when importing users from a CSV file.

October 22nd, 2022

Platform

Improvements

  • The calendar loading time was improved to avoid delay problems in instances with a large number of scheduled campaigns.
  • The Group, Functional Area, and Levels of Hierarchy filters present in the Campaign Detail now also affect the Heat Map of Phishing and Ransomware campaigns.
  • It was added the possibility to edit Sury’s image displayed on the end user’s dashboard when there is no pending assigned content. This configuration is in the Settings > Organization > End User Dashboard section.
  • It was added administrative audit logs for the modification of the final exam message configuration.
  • The game Leaderboard was added in the Video Game Campaigns detail so that user administrators can know who won.
  • It was added an extra detail in the email that is sent when checking the email server connection in case of an unsuccessful connection.
  • A performance improvement was made in the downloading of the CSV and XLS files of the campaign details.
  • In the heat map present in the Phishing and Ransomware campaigns, it is now possible to visualize in detail which users are represented in each block of the map by clicking on the number of interest.
  • A filter was added in the Groups, Functional Areas, and Levels of Hierarchy sections to show/hide inactive groupings.
  • The pagination interface has been modified in all tables of the platform. It is now possible to indicate the specific page number to be rendered.

Corrections

  • It was fixed an issue where the Risk Scoring graphs were not displayed correctly with an EN-US language user.
  • It was fixed an issue that occurred when entering the Phishing campaign details from a Multitenant instance that prevented the heat map from being displayed correctly.
  • It was corrected an inconsistency in the scenario filter located in the See more detail section of the Phishing and Ransomware reports. This filter did not produce correct results when it involved campaigns with multiple scenarios.
  • The subject and text of predefined assignment and reminder emails for SMARTFENSE Videos and Video Games were corrected, as they had a typo.
  • A code improvement was made when editing the slides of an Exam or Survey so that this edition does not interfere negatively with possible campaigns in progress that are using the same content. This avoids a 500 error that could be displayed to end users.
  • It was fixed an error that caused campaigns not to be displayed in the calendar when the associated content had an inactive status.
  • It was fixed an issue in the Audit section of SAP SuccessFactors that caused the generation of logs in campaigns that did not have a campaign identifier.

September 24th, 2022

Platform

Improvements

  • In the Settings > Components > Simulations section, a new section called Senders was added to allow global configuration of the sender’s email address for Phishing and Ransomware simulations.
  • The possibility to use the Nunito font in the platform’s HTML editor was added.
  • More detail was added to the error message that appears when creating and editing campaigns when a topic is selected that uses variables whose value has not yet been defined.
  • The UPN field in the user edit view has been modified so that it can be edited. Previously it was a read-only field.

Corrections

  • It was fixed an error that occurred when creating campaigns with the use of reminders disabled.
  • It was fixed an issue where the Scenarios column of the user table present in the detail of Phishing and Ransomware campaigns was not being considered in the export of the table via CSV and Excel.
  • It was fixed an issue where the employee ID field was not being displayed correctly in the end user profile.
  • It was fixed an issue where an error occurred when creating and editing individual users when the user import method configured was different from CSV.
  • It was fixed an issue where inactive content was being listed in the finished content section of the end-user Dashboard.
  • It was fixed an issue where the funnel chart was not loading correctly when entering the campaign detail.
  • It was fixed an issue where an error occurred when manually creating and editing users.
  • An error was fixed when creating a campaign using contents that used a variable, but its value was not defined.
  • It was fixed an issue where users with the Auditor role could not use the filters present in the Users view.

September 3rd, 2022

Platform

Improvements

  • It was added the possibility to customize the date of the automatic reminders of the platform.
  • It was added a control on user import from Google to prevent creating two different users with the same email address.
  • The UPN column was added to the table in the Platform Users section. It was also added the ability to include this field in the CSV file used to import users, both manually and via an FTP connection.
  • The colors and design of all SMARTFENSE platform graphs were updated.

Corrections

  • A problem was fixed whereby when creating an Interactive Modules campaign with Recurring assignment and relative duration and a linked exam, the exam did not respect the selected mode.
  • It was fixed a problem in the replacement of variables in contents. The problem occurred if the variable had no value for the es-ar language and did have a value for the es-es language. In this case, the value of the variable was not replaced correctly.
  • It was fixed an issue that arose in the Proactive Audit view when listing a user with no proactive activity.
  • It was fixed an issue where an error occurred when trying to enter the details of past Phishing and Ransomware campaigns with two or more topics and one of them inactive.

August 13th, 2022

Platform

Improvements

  • It was added a new audit section that shows details about users’ proactive interactions, i.e., those they perform outside the context of a campaign.
  • It was added the ability to disable a Badge from the Settings > Gamification section to prevent users from receiving it.
  • The possibility of customizing the assignment email for Video Game campaigns was added to the Assignment notification configuration view.
  • The Settings section has been reorganized to make it easier to navigate.
  • It was added a heat map in the detail of Phishing and Ransomware campaigns created from a Multi-tenant instance.

Corrections

  • It was fixed an issue that arose when performing a user import via Microsoft Azure Active Directory having selected the option to Deactivate deleted users in Azure.
  • It was fixed an issue where certain views and sections of the platform were not loading the Italian translation correctly.

July 23rd, 2022

Platform

Improvements

  • The captcha shown on the platform login screen has been modified to appear after 3 failed login attempts on the same user or from the same IP address.
  • A new field was added to the Groups filter in the Microsoft Azure Active Directory configuration to only import groups whose names exactly match the entered character string.
  • New options were added for username creation when importing users with Microsoft Azure Active Directory.
  • The data type accepted by the “Completion Status” field in the SAP SuccessFactors Configuration view was modified to allow alphanumeric characters to be entered.
  • A new section was added within Settings > Video Games, where the administrative user will be able to choose which content will be available to the end user.

Corrections

  • It was fixed an issue where sending a campaign with a relative end date was not being sent on the correct date.
  • It was fixed an issue where there was an inconsistency in the delivery of Phishing and Ransomware campaigns with random delivery and relative end date.
  • It was fixed an issue where an audit log was being created for each user page that is imported within a single import task from Microsoft Azure Active Directory.
  • It was fixed a problem in the Fast & Secure video game where a user whose language was set to Italian was shown some questions in Spanish.
  • It was fixed an issue in which an error occurred when JFIF formatted images were uploaded to the end user’s profile.
  • It was fixed an issue in which the heat map, in the detail of relative Phishing and Ransomware campaigns, was not displaying the probability data correctly.
  • It was fixed an issue in which an error occurred when importing from Microsoft Azure Active Directory for some particular directories.
  • It was fixed an error that arose when trying to view the results of a survey campaign whose content had been edited while the campaign was in progress.
  • It was fixed an issue in which in the Audit – Users view, the date filter at the top of the screen was not working correctly.
  • It was fixed an issue in which an error occurred when importing groups from Microsoft Azure Active Directory when the group name was a number with decimals.

July 2nd, 2022

Contents

New Video Available

A new Video was added to the SMARTFENSE catalog: How to detect malicious Internet addresses.

New Survey Available

A new Survey was added to the SMARTFENSE catalog: Do you know how to classify information to protect it?

New Exam Available

A new Exam was added to the SMARTFENSE catalog: Information classification.

Platform

Improvements

  • It was added the possibility of configuring an own Microsoft Exchange Online server with OAuth 2.0 as the authentication method.
  • Three APIs were added to obtain the Risk Scoring of Users, Groups, and the Organization.
  • It was added a control on user import from Microsoft Azure Active Directory to prevent creating two different users with the same email address.
  • A modification was made to the response limit, from 4 to 10, for the multiple-choice questions in the Surveys.
  • In the Audit > Campaign List section, the possibility of displaying the row for those campaigns that have a derived action, or that derive from a main campaign, has been added. This detail was also added to the Campaign Detail.
  • The possibility of customizing the final message displayed at the end of the Survey campaigns has been added.
  • Visual improvements were made to the heat map graph to facilitate the understanding of its data.
  • The possibility of customizing the reminder notification for Videos and Video Games was added.

Corrections

  • It was fixed an issue where an error occurred when duplicating the content slides of Interactive Modules, Exams, and Surveys.
  • It was fixed an issue where the language of users imported from Google was not being retrieved correctly.
  • It was fixed an issue where the heat map, in the detail of Phishing and Ransomware campaigns, was not displaying the probability data correctly.
  • It was fixed a problem caused by the fact that when a Phishing or Ransomware campaign was finished, either normally or by manually stopping it, the interactions corresponding to that campaign were not displayed in the reports section.
  • A problem was corrected where, in the campaign detail of Interactive Modules with derived Exam, in the users table, the exam statistics were not correctly aligned with the corresponding columns.
  • An issue was fixed where completed exams were not being graded. When an exam ended, users who did not start the exam were marked as failed. This was not happening in particular cases, which were corrected.
  • It was fixed an issue where an error occurred when trying to delete a previously deleted user.
  • The link in the end-user interface of the Exam and Survey completed contents was removed since they cannot be navigated again once they have been completed.
  • It was fixed an issue where in the edit view of users of a group, functional area, or level of hierarchy, the checkbox to select all users did not work.
  • It was fixed an issue with the Sent, Started, and Finished statistics filters in the user table of the Video Game Campaigns Detail.
  • It was fixed an issue where in the user profile template, the Save changes phrase was not in the context of final_user_interface, and also, the Basque translation was not loaded.
  • A correction was made in the grading of exam campaigns with more than one attempt that had been started and left in the middle. Also, a problem was corrected in which the filter in the user table of the campaign detail was not working correctly.

June 11th, 2022

Contents

New Newsletters Available

The following Newsletters were added to the SMARTFENSE catalog:

  • Let’s protect our accounts with two-factor authentication!
  • Let’s classify the information to protect it

New Interactive Module Available

The following Interactive Module was added to the SMARTFENSE catalog: “Information classification”.

Platform

New features

Campaigns with recurring assignment and relative duration

A new campaign method was added to the platform. To the current method, called Single initial assignment and specific expiration date, a new one is added: Recurring assignment and relative duration.

The new method allows the creation of campaigns with relative end date. This means that the duration of the campaign for each user can be set without specifying a specific end date. Campaigns that use this method offer the possibility of assigning users after the campaign has started.

Improvements

  • A new IP was added to the /whitelist section, in the IP and domains of the email sending server table.
  • A spinner was added to the button used to resend certificates, which is in the campaign detail of Exams and Interactive Modules. Also, a success or error message was added to the upper right corner of the screen, as appropriate.
  • A new online help was added to the creation and edition of Video Game campaigns.
  • It was changed the Outlook Phishing report button installer to support Outlook Mobile. To take advantage of this support, it is necessary to re-download the installer and deploy it again.
  • A modification was made to the character limit of the Component type field: CPNT_TYP_ID of the /config/sap-global-data/ view to allow a maximum of 30 characters.
  • In the creation and editing views of all contents, the distribution of the columns was changed to improve the display of the interface in large resolutions.
  • A new section called “Security” was added in Settings to mitigate the risk of user enumeration from the login screen.

Corrections

  • It was fixed an interface issue where, when entering the organization’s risk scoring view, for a new tenant whose users have not yet received Phishing or Ransomware campaigns, the bar graphs were not displayed correctly.
  • It was fixed an inconsistency that occurred in some Newsletters with attachments. This inconsistency caused these Newsletters not to be sent with the attachments selected at the time of creation.
  • It was fixed an issue where in the end-user view, the count of completed content did not match the content actually completed by the end user.
  • An interface problem experienced by end users in instances configured with authentication without credentials was fixed. In these cases, when the end user entered a Video Game or Videos campaign, they could see the different sections of the navigation bar, sections that should not be displayed with this type of authentication.
  • It was fixed an issue where the interactive bullets activity did not correctly display the translation of the message “Click on the + symbol to see more information” when the user’s profile was in the Basque language.
  • It was fixed an issue where the file that is downloaded from the “Export as Excel” button of the user audit table was exported in TXT format instead of Excel.
  • It was fixed an issue in which the administrative audit record that is generated in Settings > Notifications, when the content of the different platform notifications was edited, did not load correctly.
  • It was corrected an interface problem in which the graphs that illustrate the answers of the Exam and Survey campaigns were not being displayed correctly.
  • It was fixed an issue that arose when editing a campaign created in a multitenant instance. If the recipients of the campaign belonged to the multitenant instance itself, the campaign editing view would not load correctly.
  • It was corrected an interface problem that affected instances that use authentication without credentials. In these instances, when an end user finished watching a video and pressed the end button, the informative modal indicating that the tab could now be closed did not open.
  • It was fixed an issue where the final question in Newsletters was not displayed correctly translated when the user’s profile was in the Basque language.
  • It was fixed an issue where an error occurred when pressing the Send me test button from the creation and editing of Phishing and Ransomware campaigns. This error occurred only if more than one scenario was selected for the campaign.

May 21st, 2022

Contents

New Interactive Module Available

A new Interactive Module was added to the SMARTFENSE catalog: Let’s protect our accounts with two-factor authentication!

New Exams Available

The following Exams were added to the SMARTFENSE catalog:

  • Let’s protect our accounts with two-factor authentication!
  • Bullying: How to detect it and overcome it

New Surveys Available

The following Surveys were added to the SMARTFENSE catalog:

  • Do you know how to protect your accounts with two-factor authentication?
  • Do you know how to detect and overcome Bullying?

Platform

New features

Risk Scoring

A heat map was added to the Phishing and Ransomware campaign detail, whose purpose is to represent the occurrence probability of each user’s risk actions together with their impact.

Improvements

  • Reminders were added to the Video Game campaigns.
  • A button to stop campaigns In Progress was added to the Video campaign detail view.
  • A new column called Certificates was added to the table present in the campaign details of Interactive Modules and Exams, and in each cell, a button with the text Resend Certificate was added to manually resend certificates to users who meet the conditions to use it.
  • The default expiration date when creating and editing a campaign has been modified so it is 24 hours after the start date.
  • Improvements were made in the Phishing and Ransomware campaign creation and editing view to allow campaigns to be created by selecting more than one scenario. When sending the campaign, each user will receive a particular scenario randomly selected from the list of selected scenarios.
  • A new button called Archive was added to the creation and editing view of all types of content, which aims to archive deprecated content.
  • The maximum height of the organization’s logo was modified on the platform’s login screens.
  • Video and Video game campaigns were added to the integration of SMARTFENSE with Sap SuccessFactors.

Corrections

  • An error that arose in the campaign detail in multitenant instances when filtering the results by recipient organization was corrected.
  • It was fixed an issue in the Interactive Module preview where an error would appear when completing the content.

April 30th, 2022

Contents

New Video Game Available

A new Video Game was added to the SMARTFENSE catalog: Sudden Change.

On this occasion, Sury, the main character in our contents, will be involved in an Escape Room type game. Through different challenges and clues, the user will be able to help Sury to get out of her office.

New Interactive Module Available

A new Interactive Module was added to the SMARTFENSE catalog: Bullying: How to detect it and overcome it.

Platform

Improvements

  • The operation of the Interactive Modules with Exam campaigns was modified. Now it is no longer necessary to choose a start and end date for the Exam, since it will be available from the beginning of the Interactive Module. Users will be able to take the Exam instantly at the end of the Interactive Module, or take it later.
  • New interface designs were applied to the end-user sections to play Videos, Newsletters, and Video Games.
  • A performance improvement was made for the export of the Users table and for the report that is generated with the Download detail of all the Interactive Module campaigns button found in the Audit – Users – View by component section: Interactive Modules.
  • A new additional authentication method was added to the own server configuration view using the Microsoft Graph API to send the email.

Corrections

  • It was fixed an issue where, in Microsoft Azure Active Directory configuration views, the Azure application secret field was being displayed incorrectly translated and without the corresponding per-field help.
  • It was fixed an issue in the LMS Integration view which arose when a user was linked with an email that does not exist on the platform. The validation message displayed was “Duplicate LMS ID” instead of “No existing user in SMARTFENSE with the email address entered”.
  • It was fixed an issue where the note displayed on campaign creation and editing about how many users are reached counted inactive users.
  • It was fixed an issue in which a certificate sending error occurred when passing an Exam but exiting the Exam without completing it.

April 9th, 2022

Contents

CEO Fraud

The following contents were added to the SMARTFENSE catalog:

  • Interactive Module: CEO Fraud.
  • Exam: CEO Fraud
  • Survey: What do you know about CEO Fraud?

New Teachable Moment available

The following Teachable Moment was added to the SMARTFENSE catalog: ¡CTB-Locker: a real Ransomware! It is the first interactive Teachable Moment of the platform.

New Exam Available

The following Exam was added to the SMARTFENSE catalog: Security outside the office.

New Survey Available

The following Survey was added to the SMARTFENSE catalog: Do you protect confidential information outside the office?

New Newsletter available

The following Newsletter was added to the SMARTFENSE catalog: Let’s protect information on our business trips

Platform

New features

Risk Scoring

It was added a new subsection in the Risk scoring section called Organization, whose objective is to show the complete risk scoring of the organization entirely.

Improvements

  • It was added online help in the LMS Integration section.
  • A hidden text was added to the beginning of the HTML email of the Newsletter and Teachable Moment campaigns. It has the same content as the subject and prevents some email client previews from displaying potential links.
  • Improvements were made in the creation, edition, and preview of Newsletters with attachments.
  • An improvement was made to include, in the creation of a Newsletter content from template (both predefined and custom), the attachments of the original content.
  • The new design of the end user dashboard supports IE11.
  • A new audit section called Audit – Campaign Reminders has been added to show all the reminders that were sent in a campaign. This section can be accessed through the button View sent reminders located in the Campaign Detail.
  • The possibility of exporting the records of the different Risk Scoring tables was added.
  • Reminders were added to the Video campaigns.
  • In the user import configuration view from Microsoft Azure Active Directory, it was added the possibility to import those users who do not have an email address defined in Microsoft Azure Active Directory.
  • New roles were added to the Platform.
    • User and Group Administrator: User with permissions to manage users and groups. This role is independent of the platform catalogs.
    • Configuration Administrator: User with permissions to make configurations on the platform. This role is independent of the platform catalogs.

Corrections

  • It was fixed an issue where, in the Risk Scoring Users section, when a word was written in the Group, Functional Area, or Hierarchical Level filter to perform the filtering action, that word was also placed in the Search field.
  • It was fixed an issue where the funnel chart was not shown in the campaign completion report emails, but rather the actions and their percentage in plain text.
  • It was updated, in the Import Users and Groups from Microsoft Azure Active Directory view, the configuration instructions that are downloaded in PDF format.
  • It was fixed an issue where, in some particular cases, opening a Teachable Moment in an expired campaign would automatically generate a previous email opening statistic.
  • It was fixed an interface inconsistency where, in the creation and edition campaign view that allows the sending of reminders, the field to choose the expiration date was being displayed below the informative note of the reminders.
  • It was fixed an issue where, in the end user dashboard, the amount of assigned content could display as zero when the dashboard was accessed from a particular URL.
  • It was fixed an issue where an error occurred when setting up a user import from Google for the first time.

March 19th, 2022

Contents

New Interactive Module Available

The Interactive Module Safety outside the office was added to the SMARTFENSE catalog.

Platform

Improvements

  • The Spanish (Mexico) language was added to the languages supported by the platform.

Corrections

  • It was fixed an issue with the button used to download all user interactions in a parent campaign. It was not possible to display the log export options.
  • It was fixed a problem where, in the available contents section, end users could view the same content twice.
  • It was fixed a problem in which, in the campaign detail, if an error occurred when sending an email to a user, it was not possible to see the error detail.
  • It was fixed an issue where the dates were not displayed correctly when editing Phishing and Ransomware campaigns.

February 26th, 2022

Contents

Acceptable Use Policies

The following contents were added to the SMARTFENSE catalog:

  • Interactive Module: Acceptable Use Policies.
  • Exam: Acceptable Use Policies.
  • Survey: Do you consider it necessary to respect the Acceptable Use Policies?

Fake profiles in social networks

The following Contents were added to the SMARTFENSE catalog:

  • Interactive Module: Fake profiles in social networks
  • Newsletter: Fake profiles in social networks
  • Exam: Fake profiles in social networks
  • Survey: Do you know how to identify a fake profile in social networks?

New Newsletters Available

The following Newsletters were added to the SMARTFENSE catalog:

  • Tips to protect our data privacy
  • Pieces of advice to educate children on digital privacy

New Phishing and Ransomware simulations

New Phishing and Ransomware simulation traps were added to the platform. They are related to:

  • Inappropriate content notice in a video player platform.

Platform

Enhancements

  • A new field was added to the creation and editing of Newsletters content called Email Attachments, whose purpose is to provide the possibility of adding attached files in the Newsletters contents.

Corrections

  • It was fixed an issue where the title of some end-user dashboard views displayed the word SMARTFENSE instead of the organization name configured in the Organization Data section.
  • It was fixed an issue where the SMARTFENSE logo was displayed on the end-user dashboard only for administrative users instead of the organization logo configured in the Organization Data section.
  • It was fixed an issue by which, in the Drag-and-Drop activity of an Interactive Module content, the answers to the question were not fully displayed.

December 18th, 2021

Contents

Newsletters

A new Newsletter was added to the SMARTFENSE catalog: Safe shopping on online stores and social networks.

Interactive Modules

A new Interactive Module was added to the SMARTFENSE catalog: Fake News.

Exams

A new Exam was added to the SMARTFENSE catalog: Fake News.

Surveys

A new Survey was added to the SMARTFENSE catalog: Do you know the dangers of Fake News?

Platform

New features

Gamification

Gamification refers to the use of design techniques and elements typical of games used in different contexts, with the aim of motivating and attracting people’s attention.

In SMARTFENSE, the Gamification component implies the addition of the concept of Badges within the platform. These are a graphic representation of merit or achievement obtained by the user, thus serving as a recognition of important symbolic power, encouraging continuity and working as a guide for the user.

SMARTFENSE’s Badges are designed by experts and seek to encourage key aspects of an awareness program. They are automatically granted by the platform when the user completes the actions defined to obtain them. Also, they can be granted to a user manually, through an action of an administrative user.

When a Badge is granted, the user is notified at the same time to reinforce and emphasize the relationship between the performed action and the award. Furthermore, the notification is reinforced by sending an email to the user with the Badge obtained.

The end user can view their Badges in their Dashboard, and they have the option to click on any of them to see more details.

Video Games

Video games are audiovisual content created and designed by experts in cybersecurity and Game Based Learning, which raise awareness among users on good habits in information security in a more entertaining and fun way.

Video games provided by SMARTFENSE are designed to be played in a short time and show the user a Leaderboard to promote healthy competition within the organization.

All Video Games combine skill or strategy challenges, with feedback designed for the user to assimilate safe behaviors in a fun way.

End User Dashboard

It is the main page of the end user interface within SMARTFENSE.

It has been designed to provide the user with a unique and entertaining experience within the platform, thus favoring the assimilation of content and promoting positive predisposition to awareness-raising actions.

In the Dashboard, the user can easily view the number of Gamification Badges that they have obtained due to their actions within the platform and know the details of each one of them.

What is more, through Avatars, the user can express their identity in a simple and fun way, without the need of loading an image file or profile photo. This feature, in line with the Gamification Badges, adds freshness and diversity to the platform.

The Dashboard provides the user with a summary of everything they need to know in a simple and organized way, such as, for example, what is the list of their assigned pending content, ordered by expiration date. In addition to this, it facilitates tasks such as changing the language of the platform, editing the profile, and proactively creating content.

The modern design and the use of specific colors for each component allow the user to recognize each one intuitively and filter them directly according to their convenience.

Risk Scoring

SMARTFENSE incorporates an algorithm that allows representing the risk level of a user or group of users in the organization through a numerical value, known as Risk Scoring.
This Scoring is calculated considering the user’s probability of becoming a victim of a Phishing or Ransomware trap (depending on the result of the simulation campaigns to which the user was assigned) and the possible impact of their risk actions.
To enrich this data, the platform provides 4 graphs with information related to Risk Scoring:

  • Tachometer graph with the current numerical and qualitative risk level.
  • Evolutionary chart of the level of risk over time.
  • Radar chart of the factors related to Phishing simulation campaigns that influence the value of the risk scoring.
  • Radar chart of the factors related to Ransomware simulation campaigns that influence the value of the risk scoring.

LMS Integration

SMARTFENSE offers the possibility of linking with LMS platforms such as Moodle or Cornerstone through a SCORM package.

For this, it is enough to generate from SMARTFENSE the SCORM package and link the users of both systems. The SCORM package will be directly related to a SMARTFENSE platform campaign and will be loaded in a course on the desired LMS platform.

In this way, users can access the SMARTFENSE platform from the LMS to perform the assigned campaign.

Corrections

  • It was fixed an issue where when auditing an Interactive Modules campaign, Started was marked when the user entered the campaign URL in the end-user view instead of when they clicked the start button.
  • It was fixed an issue in which using the Forgot your password function with a user who is not logged into the SMARTFENSE platform did not work and was redirected to the main login view.
  • They were solved inconsistencies in the way in which the users who are going to receive an Exam campaign linked to an Interactive Module are defined.
  • It was fixed an issue where when creating a translation for Exam or Survey content, the correct answer to each question was not being marked consistently.