Phishing Data Entry Campaign CSV Header Definitions

Created by Antonio Ortiz, Modified on Fri, 11 Sep, 2020 at 8:37 AM by Jason Carreiro

Question

What is the definition for each of the CSV headers in my Data Entry Campaign export?

Answer

Please see the table below for the header name and definition.

Phishing Data Entry Campaign CSV Header Definitions

Header

Definition

First NameRecipient's First Name
Last NameRecipient's Last Name
Campaign GuidUnique ID of campaign
Users GuidUnique ID of user within the campaign
Primary Email OpenedWas tracking pixel loaded (inferring the user viewed the email)
Date Email OpenedTimestamp in UTC as to when the tracking image was first loaded by the user
Primary ClickedWas one of the links in the email clicked 
Date ClickedTimestamp in UTC as to when the first click for this user happened
Primary Compromised LoginDid the user click the Submit button on the Data Entry page?
Date Login CompromisedTimestamp the Submit button was clicked on the Data Entry page
Multi Email OpenWas the tracking image loaded more than once
Multi Click EventWas a link in the body of the email clicked more than once
Multi CompromisedNot possible
Email AddressEmail address of recipient
Date SentTimestamp in UTC as to when the email was sent from the ThreatSim mail servers
Campaign TitleTitle of the Phishing Campaign
Template SophisticationNo longer used
Campaign Recipient ListGroup user was included in
Email Opened IP AddressIP Address received from the system that initiated the download of the tracking pixel embedded in the phishing email
Email Opened BrowserBrowser type, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email
Email Opened Browser VersionBrowser version, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email
Email Opened OSOperating System name, as determined by the received User Agent String, of the system that downloaded the tracking pixel in the phishing email
Email Opened OS VersionVersion of the Operating System, as determined by the User Agent String, of the system that downloaded the tracking pixel in the phishing email
Email Opened User AgentThe received User Agent String of the system that downloaded the tracking pixel in the phishing email
Clicked IP AddressIP Address received from the system that triggered one of the links in the phishing email
Clicked Host NameHostname received from the system that triggered one of the links in the phishing email (if received)
Clicked BrowserBrowser type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email
Clicked Browser VersionBrowser version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email
Clicked OSOperating System type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email
Clicked OS VersionOperating System version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email
Clicked User AgentUser Agent String received from the system that triggered one of the links in the phishing email
UsernameWhat did the user enter into the Username field on the Data Entry page
Teachable Moment StartedDid the user load the Teachable Moment?
Acknowledgement CompletedDid the user click the Acknowledge button on the Teachable Moment?
Date AcknowledgedTimestamp in UTC as to when the user first clicked on the Acknowledge link in the Teachable Moment
Weak EgressWas the tracking image hosted over 49152 loaded by the end user?
ReportedDid the user report the phish?
Date ReportedTimestamp when the user first reported the phish
Email BouncedDid the phish bounce back to the Proofpoint Security Awareness Training mail server?
Passed?Did the user pass the phishing assessment by NOT clicking the Submit on the Data Entry page?
Password EnteredDid the user enter any data in the Password field on the Data Entry page?
Vulnerability CountHow many out of date web browser plugins exist for this user?
Adobe PDF VersionPlugin version detected on the user’s system
Adobe PDF VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Adobe PDF VersionCurrent version of plugin, as advertised by the plugin vendor
Adobe Flash VersionPlugin version detected on the user’s system
Adobe Flash VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Adobe Flash VersionCurrent version of plugin, as advertised by the plugin vendor
QuickTime VersionPlugin version detected on the user’s system
QuickTime VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Quicktime VersionCurrent version of plugin, as advertised by the plugin vendor
RealPlayer VersionPlugin version detected on the user’s system
RealPlayer VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current RealPlayer VersionCurrent version of plugin, as advertised by the plugin vendor
Java VersionPlugin version detected on the user’s system
Java VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Java VersionCurrent version of plugin, as advertised by the plugin vendor
Silverlight VersionPlugin version detected on the user’s system
Silverlight VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Silverlight VersionCurrent version of plugin, as advertised by the plugin vendor
Windows Media Player VersionPlugin version detected on the user’s system
Windows Media Player VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Windows Media Player VersionCurrent version of plugin, as advertised by the plugin vendor
Phishing TemplateWhat phishing template was sent to the user