Working with Reports in the Security Awareness Training Platform
KnowBe4’s Security Awareness Training platform offers a wide range of reports that gives insight into the effectiveness of your security awareness training program. Each available report in your console can be downloaded as either a CSV or PDF file, depending on the type of report.
Read the guide below to learn more about the different types of reports available to you.
Smart Groups (For Platinum and Diamond only)
The Dashboard of your console contains your Organization’s Risk Score and Phishing reports. These reports provide general information about your organization’s Phish-prone Percentage at the time of the phishing campaign and your users’ actions during the campaigns. You can hover over the points in the table to get more details on specific phishing campaigns, how many users each test was sent to, and your users’ actions.
To view a more detailed report that includes additional filters, click on the See More Phishing Reports (click to view) link just above the Industry Benchmark Data header.
The Dashboard also allows you to download a report about the emails that are reported using the Phish Alert Button. This report contains information on the number of times the Phish Alert Button was installed and uninstalled, the total number of emails reported, the number of simulated emails reported, and the number of non-simulated emails that have been reported. More information on the Dashboard, can be found here or in the Additional Resource section of this guide.
The Campaigns subtab under the Phishing tab contains reports that are useful if you want to see when users completed an action on a phishing test (click to view). Timestamps are available for the following actions:
- Attachment Open
- Macro Enabled
- Data Entered
- Vulnerable Plugins (Retired)
Also, if you would like your account admin to receive an email report at the end of phishing security tests, check the box that says Send an email report to account admins after each Phishing Security Test when creating a new campaign.
The Reports subtab under the Phishing tab contains reports that are useful for totaling user actions on multiple campaigns. (For example, how many times did each user click on a phishing link?).
Your report can be filtered by specific date range, certain campaigns, and campaigns sent to certain users. You can also compare failures, reported phishing emails (emails reported using the Phish Alert Button), or compare results by groups.
Once you have set the filters that you want to include in your report, you can download a CSV with that information, or you can print the report which includes a graph. More information on how to monitor and review overall phishing reports can be found here or in the Additional Resource section of this guide.
A Compare selection must be made before the Group Comparisons By box appears.
The Campaign subtab under the Training tab contains reports for specific campaigns. When you click on the title of a campaign from this subtab, you have the option to download a CSV from either the Overview page or the Users page. The report from the Overview page (click to view) will have the following information:
- The total number of users
- The number of users that have not completed their training
- The number of users that have not started the training
- The number of users that has training course in progress
- The number of users that have completed the training
- The number of users that have past due training
The report from the Users page will only include information about the users that have an incomplete or past due training assigned to them (click to view). Both of these reports can be downloaded from any campaign that is currently In Progress, Closed, or that has not started yet.
The Reports subtab under the Training tab contains reports that shows which users have logged in at least once and a report of which users have never logged in. Both reports are available for download as a CSV file.
In the Reports subtab, you can also create reports based on specific courses offered in the console. This report can be filtered to include All Users or certain groups and can have a certain start or end date; you also have the option of including archived users.
These reports can provide the following information about your users:
- Users who have started their courses within the given date range
- Users who were enrolled within the given date range but have not started their courses
- Users who started their courses within the given date range but have not finished them
- Users who were enrolled within the given date range but have not started or finished their courses
- Users who completed their courses within the given date range
- Users who were enrolled within the given date range but have not acknowledged their course-attached policies
- Users who acknowledged their course-attached policies within the given date range
If you are looking for highly-detailed information for a large number of campaigns, we recommend using our API feature. This will allow you to export all of the information that is in the console to an external platform and that raw data can be combined in any way you wish. More information about how to use our API feature can be found here or in the Additional Resource section of this guide.
The Reports tab contains reports that are useful for capturing actionable metrics. These reports are useful for sharing with executives or stakeholders to show progress with your security awareness training.
This tab allows you to see reports based on the following categories:
- Risk Score Reports – this will generate a predictive report to indicate how likely users, user groups, or locations are to fall for attacks.
- Group Report Card – this will help you determine the Risk Score, Phish-prone Percentage, and other helpful data about your groups.
- User Report Card – this will help you assess the Risk Score, Phish-prone Percentage, and other helpful data about your group(s).
- Phish-prone Percentage Reports – this will help you learn how susceptible your user groups are to phishing attacks by creating reports based on Phish-prone Percentage.
- Failure Types – this will help you discover the social engineering attack vectors your users are most susceptible to.
- Initial Phish-prone Percentage – this will help you understand how vulnerable your newest employees are to a phishing attack by analyzing the average Phish-prone Percentage of their first phishing test.
- Phish-failure Percentage Reports – this will help you learn the likelihood of your user groups failing a phishing attack by creating reports based on Phish-failure Percentage.
- Email Templates Sent Reports – this will help you identify what phishing email templates have been sent to your users and how your users typically act when they receive that particular template. You can also learn how many phishing test your users have received.
- Failures by Phishing Template – this will help you find out how many failures each of your phishing test templates have received and what these failures are.
- Training Status Reports – this will help you analyze the completion status of the courses your users have been assigned to ensure that you are building a human firewall.
- Training Status by Campaign – this will allow you to review whether each of your users has or has not started training, and how much time they spend on training.
- Training Comparison Reports – this will help you to find out if your training is lowering your Phish-prone Percentage and Risk Score.
- Training Hours Reports – this will allow you to see how many hours your users are spending on training.
- Security Awareness Proficiency Assessment Reports – this will allow you to see the results of your organization's Security Awareness Proficiency Assessment (SAPA).
- Security Culture Survey Reports – this will allow you to see the results of your organization's Security Culture Survey (SCS).
- Unphished and Untrained User Reports – this will allow you to find out if your users are actively participating in their training program or what users may still need to be phished or enrolled in training.
- User Count and Login Reports – this will allow you to find out how many active users you have in KnowBe4 console and to review the number of users that have been added or removed.
- Phish-prone Percentage by User Count – this allows you to discover how Phish-prone your users and user groups are on a scale of 0% to 100%.
For more detailed information on all of the available reports in the Reporting tab, click here.
In the Report Viewer subtab, you can filter any of the above categories by date range and other parameters designed specifically for that category. The reports can then be downloaded as a PDF or CSV file.
If additional details are needed, such as individual user performance on campaigns, we recommend using one of the other types of reports mentioned in this article.
If you have a Platinum and Diamond subscription, you can create ad hoc Reports via our Smart Groups feature. These reports will include information about your users, such as their Phish-prone Percentage and Risk Score.
For example, if a Smart Group has the following criteria, "The user must have been created in the last 1 month" and/or "The user must not have been created prior to the last 12 months", a CSV file can be downloaded that will show you which users meet the criteria.
Ad hoc reports can be created using the following search criteria. This criteria can be filtered down further to include customized information about your organization's security awareness training:
- User Field
- User Date
- Phish Event
- PhishFlip Event
- Vish Event
- After Training
- Custom Event
More detailed information on the use cases for Smart Groups can be found here or in the Additional Resource section of this guide.
- Monitoring and Reviewing Overall Phishing Reports
- Training Reports
- KnowBe4’s Reporting APIs
- Vishing Reports
- Reporting Guide
- Smart Groups
Article is closed for comments.