Question
What is the definition for each of the CSV headers in my Drive By Campaign export?
Answer
Please see the table below for the header name and definition.
Phishing Drive By Campaign CSV Header Definitions
Header |
Definition |
| First Name | Recipient's First Name |
| Last Name | Recipient's Last Name |
| Campaign Guid | Unique ID of campaign |
| Users Guid | Unique ID of user within the campaign |
| Primary Email Opened | Was tracking pixel loaded (inferring the user viewed the email) |
| Date Email Opened | Timestamp in UTC as to when the tracking image was first loaded by the user |
| Primary Clicked | Was one of the links in the email clicked |
| Date Clicked | Timestamp in UTC as to when the first click for this user happened |
| Multi Email Open | Was the tracking image loaded more than once |
| Multi Click Event | Was a link in the body of the email clicked more than once |
| Email Address | Email address of recipient |
| Date Sent | Timestamp in UTC as to when the email was sent from the ThreatSim mail servers |
| Campaign Title | Title of the Phishing Campaign |
| Template Sophistication | No longer used |
| Campaign Recipient List | Group user was included in |
| Email Opened IP Address | IP Address received from the system that initiated the download of the tracking pixel embedded in the phishing email |
| Email Opened Browser | Browser type, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email |
| Email Opened Browser Version | Browser version, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email |
| Email Opened OS | Operating System name, as determined by the received User Agent String, of the system that downloaded the tracking pixel in the phishing email |
| Email Opened OS Version | Version of the Operating System, as determined by the User Agent String, of the system that downloaded the tracking pixel in the phishing email |
| Email Opened User Agent | The received User Agent String of the system that downloaded the tracking pixel in the phishing email |
| Clicked IP Address | IP Address received from the system that triggered one of the links in the phishing email |
| Clicked Host Name | Hostname received from the system that triggered one of the links in the phishing email (if received) |
| Clicked Browser | Browser type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email |
| Clicked Browser Version | Browser version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email |
| Clicked OS | Operating System type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email |
| Clicked OS Version | Operating System version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email |
| Clicked User Agent | User Agent String received from the system that triggered one of the links in the phishing email |
| Teachable Moment Started | Did the user load the Teachable Moment? |
| Acknowledgement Completed | Did the user click the Acknowledge button on the Teachable Moment? |
| Date Acknowledged | Timestamp in UTC as to when the user first clicked on the Acknowledge link in the Teachable Moment |
| Weak Egress | Was the tracking image hosted over 49152 loaded by the end user? |
| Reported | Did the user report the phish? |
| Date Reported | Timestamp when the user first reported the phish |
| Email Bounced | Did the phish bounce back to the Proofpoint Security Awareness Training mail server? |
| Passed? | Did the user pass the phishing assessment by NOT clicking one of the links in the delivered email? |
| Vulnerability Count | How many out of date web browser plugins exist for this user? |
| Adobe PDF Version | Plugin version detected on the user’s system |
| Adobe PDF Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Adobe PDF Version | Current version of plugin, as advertised by the plugin vendor |
| Adobe Flash Version | Plugin version detected on the user’s system |
| Adobe Flash Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Adobe Flash Version | Current version of plugin, as advertised by the plugin vendor |
| QuickTime Version | Plugin version detected on the user’s system |
| QuickTime Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Quicktime Version | Current version of plugin, as advertised by the plugin vendor |
| RealPlayer Version | Plugin version detected on the user’s system |
| RealPlayer Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current RealPlayer Version | Current version of plugin, as advertised by the plugin vendor |
| Java Version | Plugin version detected on the user’s system |
| Java Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Java Version | Current version of plugin, as advertised by the plugin vendor |
| Silverlight Version | Plugin version detected on the user’s system |
| Silverlight Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Silverlight Version | Current version of plugin, as advertised by the plugin vendor |
| Windows Media Player Version | Plugin version detected on the user’s system |
| Windows Media Player Vulnerable | Does the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE |
| Current Windows Media Player Version | Current version of plugin, as advertised by the plugin vendor |
| Phishing Template | What phishing template was sent to the user |
Carlos Rios
Comments