Question

What is the definition for each of the CSV headers in my Attachment Campaign export?

Answer

Please see the table below for the header name and definition.

Phishing Attachment Campaign CSV Header Definitions

Header

Definition

First NameRecipient's First Name
Last NameRecipient's Last Name
Campaign GuidUnique ID of campaign
Users GuidUnique ID of user within the campaign
Primary Email OpenedWas tracking pixel loaded (inferring the user viewed the email)
Date Email OpenedTimestamp in UTC as to when the tracking image was first loaded by the user
Primary ClickedWas one of the links in the email clicked 
Date ClickedTimestamp in UTC as to when the first click for this user happened
Primary Attachment OpenedWas the attachment opened by the user
Date Attachment OpenedTimestamp the attachment was first opened in UTC
Multi Email OpenWas the tracking image loaded more than once
Multi Click EventWas a link in the body of the email clicked more than once
Multi Attachment OpenWas the attachment opened more than once
Email AddressEmail address of recipient
Date SentTimestamp in UTC as to when the email was sent from the ThreatSim mail servers
Campaign TitleTitle of the Phishing Campaign
Template SophisticationNo longer used
Campaign Recipient ListGroup user was included in
Email Opened IP AddressIP Address received from the system that initiated the download of the tracking pixel embedded in the phishing email
Email Opened BrowserBrowser type, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email
Email Opened Browser VersionBrowser version, as determined by the received User Agent String, used by the system that downloaded the tracking pixel in the phishing email
Email Opened OSOperating System name, as determined by the received User Agent String, of the system that downloaded the tracking pixel in the phishing email
Email Opened OS VersionVersion of the Operating System, as determined by the User Agent String, of the system that downloaded the tracking pixel in the phishing email
Email Opened User AgentThe received User Agent String of the system that downloaded the tracking pixel in the phishing email
Attachment Opened IP AddressIP Address received from the system that initiated either:
  1. The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment)
  2. Followed the link to the Teachable Moment for files sent as part of the phishing campaign (Attachment)
Attachment Opened BrowserBrowser type, determined by the received User Agent String, received from the system that initiated either:
  1. The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment)
  2. Followed the link to the Teachable Moment for files sent as part of the phishing campaign (Attachment)
Attachment Opened Browser VersionBrowser version, determined by the received User Agent String, received from the system that initiated either:
  1. The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment)
  2. Followed the link to the Teachable Moment for files sent as part of the phishing campaign (Attachment)
Attachment Opened OSOperating System type, determined by the received User Agent String, received from the system that initiated either:
  1. The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment)
  2. Followed the link to the Teachable Moment for files sent as part of the phishing campaign (Attachment)
Attachment Opened OS VersionOperating System version, determined by the received User Agent String, received from the system that initiated either:
  1. The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment)
  2. Followed the link to the Teachable Moment for files sent as part of the phishing campaign (Attachment)
Attachment Opened User AgentUser Agent String received from the system that initiated either:
  1. The download of the tracking pixel in the file attached to the emails from the phishing campaign (Classic Attachment)
  2. Followed the link to the Teachable Moment for files sent as part of the phishing campaign (Attachment)
Clicked IP AddressIP Address received from the system that triggered one of the links in the phishing email
Clicked Host NameHostname received from the system that triggered one of the links in the phishing email (if received).
Clicked BrowserBrowser type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email
Clicked Browser VersionBrowser version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email
Clicked OSOperating System type, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email
Clicked OS VersionOperating System version, as determined by the received User Agent String, from the system that triggered one of the links in the phishing email
Clicked User AgentUser Agent String received from the system that triggered one of the links in the phishing email
Date AcknowledgedTimestamp in UTC as to when the user first clicked on the Acknowledge link in the teachable moment
Weak EgressWas the tracking image hosted over 49152 loaded by the end user?
ReportedDid the user report the phish?
Date ReportedTimestamp when the user first reported the phish
Email BouncedDid the phish bounce back to the Proofpoint Security Awareness Training mail server?
Passed?Did the user pass the phishing assessment by NOT committing the failure condition of the phishing campaign. Failure conditions are:
  1. Attachment: Opening the attachment and following the link presented
  2. Classic Attachment: Opening the attached file
Vulnerability CountHow many out of date web browser plugins exist for this user?
Adobe PDF VersionPlugin version detected on the user’s system
Adobe PDF VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Adobe PDF VersionCurrent version of plugin, as advertised by the plugin vendor
Adobe Flash VersionPlugin version detected on the user’s system
Adobe Flash VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Adobe Flash VersionCurrent version of plugin, as advertised by the plugin vendor
QuickTime VersionPlugin version detected on the user’s system
QuickTime VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Quicktime VersionCurrent version of plugin, as advertised by the plugin vendor
RealPlayer VersionPlugin version detected on the user’s system
RealPlayer VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current RealPlayer VersionCurrent version of plugin, as advertised by the plugin vendor
Java VersionPlugin version detected on the user’s system
Java VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Java VersionCurrent version of plugin, as advertised by the plugin vendor
Silverlight VersionPlugin version detected on the user’s system
Silverlight VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Silverlight VersionCurrent version of plugin, as advertised by the plugin vendor
Windows Media Player VersionPlugin version detected on the user’s system
Windows Media Player VulnerableDoes the installed plugin version match the current plugin version? If detected version < current version then Vulnerable = TRUE
Current Windows Media Player VersionCurrent version of plugin, as advertised by the plugin vendor
Phishing TemplateWhat phishing template was sent to the user