Question
What is the definition for each of the CSV headers in my Drive-By Campaign export?
Answer
Please see the table below for the header name and definition.
Phishing Drive-By Campaign CSV Header Definitions
Header | Definition |
| First Name | Recipient's First Name |
| Last Name | Recipient's Last Name |
| Campaign Guid | Unique ID of campaign |
| Users Guid | Unique ID of user within the campaign |
| Primary Email Opened | Was tracking pixel loaded (inferring the user viewed the email) |
| Date Email Opened | Timestamp in UTC as to when the tracking image was first loaded by the user |
| Primary Clicked | Was one of the links in the email clicked |
| Date Clicked | Timestamp in UTC as to when the first click for this user happened |
| Multi Email Open | Was the tracking image loaded more than once |
| Multi Click Event | Was a link in the body of the email clicked more than once |
| Email Address | Email address of recipient |
| Date Sent | Timestamp in UTC as to when the email was sent from the ThreatSim mail servers |
| Campaign Title | Title of the Phishing Campaign |
| Template Sophistication | No longer used |
| Campaign Recipient List | Group user was included in |
| Email Opened IP Address | IP Address received from the system that initiated the download of the tracking pixel embedded in the phishing email |
| Email Opened Browser | Browser type, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email |
| Email Opened Browser Version | Browser version, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email |
| Email Opened OS | Operating System name, as determined by the received User Agent String, of the system that downloaded the tracking pixel in the phishing email |
| Email Opened OS Version | Version of the Operating System, as determined by the User Agent String, of the system that downloaded the tracking pixel in the phishing email |
| Email Opened User Agent | The received User Agent String of the system that downloaded the tracking pixel in the phishing email |
| Clicked IP Address | IP Address received from the system that triggered one of the links in the phishing email |
| Clicked Host Name | Hostname received from the system that triggered one of the links in the phishing email (if received) |
| Clicked Browser | Browser type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email |
| Clicked Browser Version | Browser version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email |
| Clicked OS | Operating System type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email |
| Clicked OS Version | Operating System version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email |
| Clicked User Agent | User Agent String received from the system that triggered one of the links in the phishing email |
| Teachable Moment Started | Did the user load the Teachable Moment? |
| Acknowledgement Completed | Did the user click the Acknowledge button on the Teachable Moment? |
| Date Acknowledged | Timestamp in UTC as to when the user first clicked on the Acknowledge link in the Teachable Moment |
| Weak Egress | Was the tracking image hosted over 49152 loaded by the end user? |
| Reported | Did the user report the phish? |
| Date Reported | Timestamp when the user first reported the phish |
| Email Bounced | Did the phish bounce back to the Proofpoint Security Awareness Training mail server? |
| Passed? | Did the user pass the phishing assessment by NOT clicking one of the links in the delivered email? |
| Vulnerability Count | How many out of date web browser plugins exist for this user? |
| Adobe PDF Version | Plugin version detected on the user’s system |
| Adobe PDF Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Adobe PDF Version | Current version of plugin, as advertised by the plugin vendor |
| Adobe Flash Version | Plugin version detected on the user’s system |
| Adobe Flash Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Adobe Flash Version | Current version of plugin, as advertised by the plugin vendor |
| QuickTime Version | Plugin version detected on the user’s system |
| QuickTime Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Quicktime Version | Current version of plugin, as advertised by the plugin vendor |
| RealPlayer Version | Plugin version detected on the user’s system |
| RealPlayer Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current RealPlayer Version | Current version of plugin, as advertised by the plugin vendor |
| Java Version | Plugin version detected on the user’s system |
| Java Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Java Version | Current version of plugin, as advertised by the plugin vendor |
| Silverlight Version | Plugin version detected on the user’s system |
| Silverlight Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Silverlight Version | Current version of plugin, as advertised by the plugin vendor |
| Windows Media Player Version | Plugin version detected on the user’s system |
| Windows Media Player Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Windows Media Player Version | Current version of plugin, as advertised by the plugin vendor |
| Phishing Template | What phishing template was sent to the user |