Forum Discussion
Executive reporting for Attack Simulation Training
Good day,
My organization has decided to use Microsoft Attack Simulation Training to train our userbase to resist phishing and social engineering attacks. I am experiencing a few challenges:
1. Reporting is not very friendly. Short of using spreadsheets to track and manage user compliance, what are the best native methods for tracking?
2. An analyst prior to me had run a few haphazard simulations. Is there a way to exclude those tests from my reporting? Is it possible to delete old simulations?
3. to be considered a failure, the user must go all the way supplying credentials. I believe that if the user does anything beyond reading and/or reporting the message, they should be considered failing the test. Is there a way to adjust the failure point in Attack Simulation?
4. For repeat offenders, is there a way to split the simulations to see what simulations were failed?
I have used other vendors phishing simulators. The reporting and campaign design is much better in the other solutions. Hopefully Microsoft can make vast improvements to their solution.
Any and all help is greatly appreciated.
Thanks,
Chris O.
2 Replies
- 1) I would say Excel is not too much work unless you have many simulations to keep track of. I see that you have already spotted the Repeat Offender feature. I must admit that I have not used it.
2) I think the filter is it. Payloads can be archived, but not simulations. Given that payloads and notices need testing, you are never going to have a completely "clean" simulation table. Choose your simulation names wisely and the filter will screen the clutter.
3) You could copy the payload code view from a Credential Harvest payload to a Drive-by URL payload then set a new phishing link, or simply choose or create a Drive-by URL payload. With the Credential Harvest, the User export shows you those who clicked on the first stage but went no further. The same report also tells you those who reported the message (assuming you are counting EXO user submissions rather than some internal service desk process).
4. I do not use the feature but I have tested the Repeat Offenders report and its export, and the data is there if you don't mind unpacking comma-separated lists in cells.
HTH
Yes, I only have one hammer, and it is square and green... - I'm also on the same boat, for testing purposes I would like to make sure it sends out correctly to see that the payload & landing pages look correct for when EU do click on these simulations.
But you cannot remove test users from reporting.
