Using Reports

Security Awareness Training Console Reporting Overview

KnowBe4’s security awareness training console offers a wide range of reports that give insight into the effectiveness of your security awareness training program. Each available report in your console can be downloaded as either a CSV file or a PDF file, depending on the type of report.

Dashboard

The Dashboard tab of your console contains your organization’s Risk Score and phishing reports. These reports provide general information about your organization’s Phish-prone Percentage at the time of the phishing campaign and your users’ actions during the campaigns. You can hover over the points in the table for get more details on specific phishing campaigns, how many users each test was sent to, and your users’ actions.

To view a more detailed report that includes additional filters, click on the See More Phishing Reports (click to view) link just above the Industry Benchmark Data header.

On the Dashboard tab, you can also download a report about the emails that your users report using the Phish Alert Button (PAB). This report contains information on the number of times the PAB was installed and uninstalled, the total number of emails reported, the number of simulated emails reported, and the number of non-simulated emails that have been reported. For more information, visit our Dashboard article. 

Phishing

The Campaigns subtab under the Phishing tab contains reports that are useful if you want to see when users completed an action on a phishing test. If you click the phishing campaign name in the Campaigns subtab, it will lead you to the campaign’s page. Then, you can view the phishing campaign’s data by clicking on the Users subtab.

Timestamps are available for the following actions:

  • Delivered
  • Opened
  • Clicked
  • QR Code Scanned
  • Replied
  • Attachment Open
  • Macro Enabled
  • Data Entered
  • Vulnerable Plugins (Retired)
  • Reported
  • Bounced

Also, if you would like your account admin to receive an email report at the end of Phishing Security Tests, select the Send an email report to account admins after each Phishing Security Test check box when creating a new campaign.

The Reports subtab under the Phishing tab contains reports that are useful for totaling user actions on multiple campaigns. For example, you can use these reports to determine how many times each user clicked on a simulated phishing link.

Your report can be filtered by specific date range, certain campaigns, and campaigns sent to certain users. You can also compare failures with emails reported using the Phish Alert Button, or you can compare results by groups.

Once you have set the filters that you want to include in your report, you can download a CSV file with that information, or you can print the report that includes a graph. More information can be found in our How to Monitor and Review Overall Phishing Reports article.

Note:A Compare selection must be made before the Group Comparisons by drop-down menu displays.

Training

The Campaigns subtab under the Training tab contains reports for specific campaigns. When you click on the title of a campaign from this subtab, you have the option to download a CSV file from the Users subtab. 

The report from the Overview page will have the following information:

  • The total number of users.
  • The number of users that have not completed their training.
  • The number of users that have not started the training.
  • The number of users that have a training course in progress.
  • The number of users that have completed the training.
  • The number of users that have past due training.

The report from the Users page will only include information about the users that have incomplete training or past due training assigned to them. Both of these reports can be downloaded from any campaign that is currently in progress, closed, or has not started yet.

The Reports subtab under the Training tab contains a report that shows which users have logged in at least once and a report of which users have never logged in. Both reports are available for download as a CSV file.

In the Reports subtab, you can also create reports based on specific courses offered in the console. This report can be filtered to include All Users or specific groups, and it can have a certain start or end date. You also have the option of including archived users.

These reports can provide the following information about your users:

  • Users who have started their courses in the given date range.
  • Users who were enrolled in the given date range but have not started their courses.
  • Users who started their courses in the given date range but have not finished them.
  • Users who were enrolled in the given date range but have not started or finished their courses.
  • Users who completed their courses in the given date range.
  • Users who were enrolled in the given date range but have not acknowledged their course-attached policies.
  • Users who acknowledged their course-attached policies in the given date range.

If you are looking for highly detailed information for a large number of campaigns, we recommend using our API feature. This will allow you to export all of the information that is in the console to an external platform and that raw data can be combined in any way you wish. More information about how to use our API feature can be found in our KSAT Reporting Guide.

Reporting

The Reports tab contains reports that are useful for capturing actionable metrics. These reports are useful for sharing with executives or stakeholders to show progress with your security awareness training.

This tab allows you to see reports based on the following categories:

  • Risk Score Reports: These reports can help you determine how likely users, user groups, or locations are to fall for attacks.
  • Group and User Report Cards: These report cards can help you determine the Risk Score, Phish-prone Percentage, and other helpful data about your groups.
  • Phish-prone Percentage Reports:  These reports can help you determine how susceptible your user groups are to phishing attacks based on their Phish-prone Percentages.
  • Failure Types Report: This report can help you discover the social engineering attack vectors your users are most susceptible to.
  • Phish-failure Percentage Reports: These reports can help you determine the likelihood of your user groups failing a phishing attack based on their Phish-failure Percentages.
  • Email Templates Sent Reports: These reports can help you identify what phishing email templates have been sent to your users and how your users typically act when they receive that particular template. You can also learn how many phishing tests your users have received.
  • Failures by Phishing Template Report: This report can help you find out how many failures each of your phishing test templates has received and what these failures are.
  • Phishing Activity Reports: These reports can help you analyze your organization’s phishing activity by Phishing Security Tests. You can also change the report type to group phishing activity by user.
  • Training Activity Reports:  These reports can help you analyze the completion status of the courses your users have been assigned to ensure that you are building a human firewall.
  • Learner Platform Reports: These reports can help you analyze your organization’s percentage of training by platform.
  • Real-Time Coaching Activity Reports: These reports can help you analyze your organization’s real-time coaching activity in SecurityCoach.
  • Detection Rules Activity Reports: These reports can help you analyze your organization’s detection rules activity in SecuirtyCoach.
  • Training Status Overview Reports: These reports can help you review the number of courses users are enrolled in and their current status, organized by campaign, course, or group.
  • Training Status by Campaign: This report allows you to review whether each of your users has or has not started training, and how much time they spend on training.
  • Training Comparison Reports: These reports can help you to find out if your training is lowering your Phish-prone Percentage and Risk Score.
  • Training Hours Reports: These reports allow you to see how many hours your users are spending on training.
  • Security Awareness Proficiency Assessment Reports: These reports allow you to see the results of your organization's Security Awareness Proficiency Assessment (SAPA).
  • Security Culture Survey Reports: These reports allow you to see the results of your organization's Security Culture Survey (SCS).
  • Unphished and Untrained User Reports: These reports allow you to find out if your users are actively participating in their training program or what users may still need to be phished or enrolled in training.
  • User Count and Login Reports: These reports allow you to find out how many active users you have in the KSAT console and to review the number of users that have been added or removed.
  • Phishing Results by User Count: This report allows you to discover how Phish-prone your users and user groups are on a scale of 0 percent to 100 percent.
  • Training Content Survey: This report allows you to view your users’ training survey results to determine what training content is most effective. This data can also help you select training content for your campaigns.

For more detailed information on all of the available reports in the Reports tab, read our KSAT Reporting Guide.

In the Report Viewer subtab, you can filter any of the above categories by date range and other parameters designed specifically for that category. The reports can then be downloaded as a PDF file or a CSV file.

If additional details are needed, such as individual user performance on campaigns, we recommend using one of the other types of reports mentioned in this article.

Smart Groups

If you have a Platinum or Diamond subscription, you can create ad hoc reports via our Smart Groups feature. These reports will include information about your users, such as their Phish-prone Percentage and Risk Score.

For example, if a Smart Group has the following criteria, "The user must have been created in the last 1 month" or "The user must not have been created prior to the last 12 months", a CSV file can be downloaded that will show you which users meet the criteria.

Ad hoc reports can be created using specific criteria. These specific criteria can be filtered down further to include customized information about your organization's security awareness training. Examples of search criteria are listed below:

  • User Field
  • User Date
  • Phish Event
  • PhishFlip Event
  • Vish Event
  • Breach Event
  • Training
  • After Training
  • Assessment
  • Custom Event
  • PasswordIQ Event
  • PasswordIQ State
  • SecurityCoach Detection Rules
  • SecurityCoach Real-Time Coaching

More detailed information can be found in our How to Use Smart Groups: Use Cases article.

Can't find what you're looking for?

Contact Support