Change Logs and Release Notes

PhishER Change Log

Use this article to stay up-to-date with changes to KnowBe4’s PhishER platform.

Note:Changes to PhishER may include new, updated, deprecated, or removed features. KnowBe4 reserves the right to terminate access to, use of, and support of features that are included as part of the Subscription Services, which is common with SaaS services as they are constantly changing and improving. This allows us to adapt to the evolving cybersecurity industry so we can provide current, high-quality services.

See the table below for a list of updates, with the latest updates displayed at the top.

Release Date  Description

May 2024

  • We’ve released Threat Intel for PhishER Plus! KnowBe4’s Threat Intel integration is powered by Webroot BrightCloud Security Services. This integration allows PhishER to automatically scan and analyze URLs using Webroot’s threat intelligence database. For more information, read our Integrate Threat Intel with Your PhishER Platform article.

April 2024

  • We’ve added the QR Code Decoder! This feature operates in the background of your platform to automatically scan for QR codes in reported emails. When the QR Code Decoder detects a QR code in the body of a message, it extracts the URL embedded in the QR code and assigns a tag to the message. For more information, read the QR Code Decoder Tags section of our Create and Manage PhishER Rules article.

March 2024

  • We've added the User Mailboxes Selection setting for PhishRIP queries! From the Mail Servers subtab of your PhishER Settings, you can update your mail server instances to create lists of email domains or regular expressions. PhishRIP queries will only search in the mailboxes of users who have a matching domain or regex string from your created lists. For more information, read our PhishER Settings: Integrations article.
Release Date  Description

November 2023

  • We've added new system rules! From the Rules tab in your platform, KnowBe4 now provides four additional system rules to help you manage messages in your Inbox.

October 2023

  • We’ve added a CrowdStrike Falcon Sandbox integration to PhishER Plus! This integration allows you to send data to your CrowdStrike Falcon platform to safely analyze attachments and URLs from reported emails in a protected sandbox environment. For more information, read our How to Integrate CrowdStrike with Your PhishER Platform article.

September 2023

  • We've added system actions for new PhishER users! From the Actions tab in your platform, KnowBe4 now provides several actions to help you manage the messages in your Inbox. These actions can be enabled and used with minimal configuration, allowing you to start reviewing reported emails immediately.

August 2023

  • We have released PhishER Plus! This new subscription includes the Global Blocklist and Global PhishRIP features. You can use these features to strengthen your organization’s email filters and prevent active phishing attacks by combining crowd-sourced information with existing features in your platform. To learn more, see our PhishER Plus product page.

June 2023

  • We've added the Audit Log feature for your PhishER Blocklist! From the Blocklist tab in your platform, you can click the Audit Log subtab to view information about when entries are created, deleted, and synced with mail servers. For more information, see our How to Use the PhishER Blocklist article.

January 2023

  • We've released the new PhishER Blocklist feature! The blocklist synchronizes with your Microsoft 365 mail server to automatically filter malicious and spam emails from your users' inboxes. From the Blocklist tab, you can create and manage a unique list of blocklist entries for your organization. For more information, see our How to Use the PhishER Blocklist article. We’ve also added a Mail Servers tab, which allows you to connect and manage your mail servers. For more information, see our PhishER Settings article.
Release Date Description
December 2022
  • We've added the option for reporting email addresses to only receive manually-reported emails. If you enable this option, PhishER will recognize emails with EML attachments as manually-reported emails. You can find the Forwarded Only setting in the Reporting Emails sub-tab of your PhishER Settings. For more information, see our PhishER Settings article.
August 2022
  • We've added the new Resource Center feature to your platform. From the Resource Center, you can view a full list of product guides and release notes, search our Knowledge Base, and create support tickets. For more information, see the Using the Resource Center section of our How to Use the Product Guide Feature article.
  • We've released the new product guide feature. Product guides walk you through specific features to help you get the most out of your platform. For more information, see our How to Use the Product Guide Feature article.
  • We’ve added global variables to allow you to update multiple rules at once if the rules use the same strings. In the Rules section of your platform, you can create global variables from the Global Variables tab. You can use either the Basic Editor or Advanced Editor to create rules containing global variables. For more information, see our How to Write YARA Rules article and PhishER Product Manual.
  • You can now set a password to protect the files and attachments that you download from reported messages in PhishER. To set a password, enable the Password Protect Downloads setting in the Preferences tab of your PhishER Settings.
July 2022
  • In the PhishRIP section of your platform, we've added the option to filter messages by the PhishFLIP status. For general information about PhishRIP, see our PhishRIP article.
April 2022
  • We've released our new Basic Editor feature for rules. This feature guides you through creating a custom rule in PhishER. Rules are logical expressions used to disposition emails forwarded to your PhishER inbox. For more information, see our How Do I Create a Rule and Action in PhishER? article.
February 2022
  • We've updated our PhishRIP feature to support more than one instance of Microsoft 365 and Google Workspace. For more information, see our PhishER Settings article.
  • We've improved the User Comments and Email Disposition feature for the Hybrid PAB. Now, this feature adds tags and user discussions to your platform. For more information, see our Adding User Comments and Email Disposition to the Phish Alert Button article.
January 2022
  • We've added the option to send notifications to your users based on your different rooms in PhishER. You can send these notifications to multiple users over a specific timeframe. You can customize notifications to only alert users when a room has more or less than the desired number of emails. For more information, see the Notifications section of our PhishER Settings article. 
Release Date Description

October 2021

September 2021

  • We've released an improvement to our PhishRIP queries.

July 2021

  • We've updated our Custom DKIM feature to now allow you to add your own custom signing domains to your platform. For more information, visit our How to Enable and Customize DKIM Signatures in PhishER article.
  • We've released our new PhishER APIs to allow you to evaluate all of the suspicious emails that make it through to your users' inboxes. For more information, see our KnowBe4 API Reference Guide and our KnowBe4 PhishER API article.
  • We've released Custom DKIM signatures for PhishER. Admins can now use allowed domains as signing domains for PhishER. For more information, see our PhishER Settings article.
  • You can now use PhishFlip without having to have PhishRIP enabled. In order to access the PhishFlip feature, you must have full PhishRIP Security Role access. See our PhishFlip and our PhishER Settings articles for more information.
  • You can now retry your failed PhishRIP Queries. You can use the Retry button to run the query again without creating a new query. See our PhishRIP article for more information.

June 2021

  • We've added a new filtering drop-down menu in the Domains and URLs section and the Attachment section of the Message Details. You can use these filters to only view the domains, URLs, or attachments that you're interested in. For more information, see our PhishER Product Manual.

May 2021

  • We've released our new PhishFlip feature. This feature allows you to create KSAT phishing templates from the user-reported emails that were sent to PhishER. For more information, see our PhishFlip article.

March 2021

  • We've added the option to create webhooks for your platform. Webhooks allow you to provide other applications with real-time information. You will be able to receive a callback based on an Action that is attached to a message. For more information, see our PhishER Settings article.

February 2021

  • We've removed the character limit when you view a raw message in the Message Details.
  • We've updated the Message Details section of your Inbox to allow for PhishRIP messages with similar subjects and senders to be grouped by AttackID when clicking the View Queries button. For more information on this new feature, see our PhishRIP article.

January 2021

  • We've added widgets to your Dashboard. You can add and remove different charts to see the information that is important to your organization and to customize your Dashboard. For more information on the new Dashboard features, see our PhishER Product Manual.
Release Date  Description

December 2020

  • Your PhishER platform now allows you to create Security Roles for the PhishER platform. This allows you to add users from your KnowBe4 Security Awareness platform and grant them Limited or Full access to different areas of PhishER including Rooms, Inbox, Rules, Actions, PhishRIP, and Settings. You also have the ability to create Tag Limitations for the various Security Roles that you create. For more information, please visit our PhishER Settings article.

October 2020

  • Your PhishER platform can now be integrated with KnowBe4 Security Awareness Console. You can now send PhishER Events and Actions to the user timeline and create Smart Groups based on the information that you gather from your users through this integration. For more information, please visit our PhishER Settings article.
  • Your VirusTotal integration with your PhishER platform now allows you to include domains that you would like to ignore when completing a VirusTotal scan. For more information, please visit our PhishER Settings article.
  • The Reports section of your PhishER platform now offers a new bar graph that shows the most common Attachments, Reporters, Senders, Domains and URLs, and Tags.
  • The Rooms section of your PhishER platform now offers the ability to go to a filtered Inbox, Dashboard, or Report based on your Saved Queries or the System Generated filters. 
  • Your PhishER platform now allows you to connect the PhishRIP feature with your Google Workspace instance. For more information, please visit our PhishER Settings article.

September 2020

  • When you sign out of your PhishER platform, you will also be signed out of your KnowBe4 console.

August 2020

  • Your PhishER platform now allows for to pick which columns you would like to see included on the Reports page. For more information on this new feature, visit our PhishER Product Manual.
  • Your PhishER platform now includes a new Search bar. You can use the Search bar to find a dashboard or executive report for a specific search or campaign. For more information on the new Dashboard features, visit our PhishER Product Manual.
  • Your PhishER platform Dashboard now gives you the ability to click on any of the following fields and taken to an automatically filtered inbox: Reported Messages, Automatically Resolved, Manually Resolved, Unresolved, Category, and Priorities. For more information on the new Dashboard features, visit our PhishER Product Manual.
  • Your PhishER platform now allows for empty searches to be performed in Rooms as long as there is a particular field specified for the empty search.

July 2020

  • A count for the number of Attachments and Domains and URLs that exist in the message was added to the Preview tab of the Message Details screen.
  • Your PhishER platform now includes the ability to customize the Body field in the Find Similar Messages window. You can create a new PhishRIP query by selecting the Body and modifying the text field. For more information on Customized Criteria, visit our PhishRIP documentation.

June 2020

  • Your PhishER platform now includes Customized Criteria. You can create a new PhishRIP query by selecting one of the following fields and modifying the text: Subject, Sender, Recipient, and Attachment. For more information on Customized Criteria, visit our PhishRIP documentation.
  • The Actions section of your PhishER platform now offers the option of including Find Similar Messages in your Action. If the Find Similar Messages option is enabled, you can select the criteria that you would like the Action to create a new PhishRIP Query for when the Action is triggered. For more information on how to use the Find Similar Message section when creating an Action, visit our How Do I Create a Rule and Action in PhishER documentation.
  • The Actions and Discussion sidebar of the Message Details page now include information on the number of PhishRIP queries that were initiated and the date of the last query that was initiated by the selected message. To learn more about the new information included under the PhishRIP section of the Actions and Discussion sidebar, visit our PhishER Product Manual.

April 2020

  • Your PhishER platform now includes PhishRIP, an email quarantine feature that allows your organization to search for user-reported emails across all of the mailboxes tied to your Microsoft 365 instance. Using PhishRIP, you can prevent active phishing attacks by removing potential email threats from the inbox of your users. Visit here to learn how to enable PhishRIP in your PhishER platform. 
Release Date  Description

August 2019

  • Your PhishER platform now includes PhishML, a machine-learning module that analyzes all messages forwarded to your PhishER inbox. Visit here to learn how PhishML provides you with information that can make your prioritization process easier, faster, and more accurate.
  • A Tags report was added to the Reports section of PhishER. Check out this report to view a list of your most common tags.
  • Two columns were added to the PhishER inbox: Current Disposition Date and First Disposition Date.
  • The PhishER Email Template Editor now includes a Source code option for HTML customization.  

June 2019

  • Modify your Dashboard view to display a custom date range of data using the PhishER date picker. Visit here for more information.
  • New placeholders were added to the Email Template Editor. Check out our Email Template Placeholders table for all of the details.
  • The option to enable VirusTotal Automatic Scanning is now available. Click here to learn more about your automatic scanning settings.
  • If you select messages in your PhishER inbox, a Run drop-down will now appear. This drop-down presents two sections: Replay and Actions. If you want to run all rules or all rules and actions against selected messages, choose an option from the Replay section. If you want to run an action against selected messages, choose an action from the Actions section. Visit here for more information about this recursive drop-down!
  • A Download CSV option was added to the PhishER Inbox and Reports page.
  • An Email section was added to the Run drop-down in your PhishER inbox. When a message is selected, this new section allows you the option to send a custom email. For more information about this feature, visit here.

April 2019

  • When creating an action, you can now choose the Delete matching messages option. If this option is selected, all matching messages will be permanently deleted from your PhishER inbox when the action is triggered or run.
  • Preview how a YARA rule would affect messages in your PhishER inbox by using the Preview Rule option. Visit here for more information about this feature.
  • If your PhishER platform is integrated with VirusTotal, you can now run a VirusTotal scan on attachments and URLs from the Message Details screen.

March 2019

  • An Email Templates section was added to the PhishER Settings page. This setting allows you to attach custom email templates to your PhishER actions.
  • Track the history of a message from the Message Details section of your PhishER Inbox. Message history will list all of the events that changed or modified a message.
  • QuickActions bar was added to the PhishER Inbox. Add your most frequently used actions to the QuickActions bar for quick accessibility.
  • You can now manage admin and user access to PhishER by enabling or disabling PhishER under an individual's User Profile settings in the KnowBe4 console.

February 2019

  • A Data Retention section was added to the PhishER Settings page for custom configuration.
  • Bulk tagging can be done from the PhishER Inbox. This means that multiple tags can be added to multiple selected messages at the same time.
  • All tags, attachment names, and email addresses are clickable filters. Clicking on one of these items will display a filtered view of your PhishER inbox.
Release Date  Description

December 2018

  • Bookmark this page to learn about PhishER updates.

Can't find what you're looking for?

Contact Support