SecurityCoach supports integration with your KnowBe4 Security Awareness Training phishing campaigns so you can send real-time coaching SecurityTips to your users after a phishing failure. This integration includes SecurityTip GIFs that show the Social Engineering Indicators (SEI), or red flags, that your users missed from the exact phishing test they failed. Once enabled, these notifications will be sent from a system real-time coaching campaign named Social Engineering Indicators (SEI).

Enabling Social Engineering Indicators (SEI) Coaching

To enable real-time coaching with SEI for a new or existing phishing campaign, see the following sections.

Enabling SEI Coaching for a New Phishing Campaign

To enable real-time coaching with SEI for a new phishing campaign, first follow these steps:

1. Log in to your KSAT console.
2. Navigate to your Phishing > Campaigns tab.
3. Click +Create a Phishing Campaign.
4. Configure your preferred campaign settings by following the Create a Phishing Campaign section of our Create and Manage Phishing Campaigns article.

5. Enable the option to Send SecurityTips that reveal missed Social Engineering Indicators for phishing failures.

   

   Tip:You can preview the SecurityTip by clicking Preview SecurityTip.
6. Click Create Campaign.

Enabling SEI Coaching for an Existing Phishing Campaign

To enable real-time coaching with SEI for an existing phishing campaign, see the steps below:

1. Log in to your KSAT console.
2. Navigate to your Phishing > Campaigns tab.
3. Find your preferred campaign in the Name column. To the right of the campaign’s row, click the drop-down arrow in the Actions column and select Edit from the drop-down menu.

4. Enable the option to Send SecurityTips that reveal missed Social Engineering Indicators for phishing failures.

   

   Tip:You can preview the SecurityTip by clicking Preview SecurityTip.
5. Click Update Campaign at the bottom of the page.

Managing the Social Engineering Indicators (SEI) Campaign

To manage the real-time coaching with SEI for your phishing campaigns, your SecurityCoach console will automatically generate and maintain a system real-time coaching campaign named Social Engineering Indicators (SEI). Any phishing campaigns that have real-time coaching enabled will be listed on this campaign’s setup page. You can find this campaign by navigating to SecurityCoach > Real-Time Coaching.

For more information on managing real-time coaching campaigns, see our Real-Time Coaching Campaign Guide. For more information on managing this system campaign, see the screenshot and list below:

1. Campaign Name: The system campaign name, Social Engineering Indicators (SEI), is automatically generated and can’t be changed.
2. Test Mode: Test how the campaign will perform without sending SecurityTips to your users. You can turn off test mode at any time to begin real-time coaching. For more information, see our Working with Test Mode Campaigns article.
3. Phishing Campaigns with Real-Time Coaching: This section lists all phishing campaigns with real-time coaching enabled. Click on the campaign names to access their individual settings, or click View All to view all of your phishing campaigns.
   
   Note:If real-time coaching is turned off for any phishing campaign, it will no longer appear in this list.
4. Detection Rules: These system campaign detection rules are automatically selected and can’t be changed.
5. SecurityTip Text: Select the SecurityTip notification text template you would like to send to users enrolled in this campaign. Click the eye icon to preview the notification text template.
6. SecurityTip Media: For this system campaign, the SecurityTip Media Social Engineering Indicators (SEI) GIF is automatically selected and can’t be changed.
7. User Feedback Interactions: Use this section to choose which optional feedback you would like your users to submit for your review. You can enable any of these options:
   1. Confirmation of Receipt: Allow your users to confirm they read the SecurityTip.
      
      Tip:We recommend enabling Confirmation of Receipt for your campaigns to verify that your users have received and read their SecurityTips.
   2. Quick Feedback: Allow your users to confirm if they know why they received the SecurityTip.
   3. Custom Feedback: Allow your users to submit custom feedback or questions about the SecurityTip.
8. Additional Criteria: Use this optional drop-down menu to create additional criteria for this campaign. To create criteria, follow the steps below:
   1. Click the Select Criteria drop-down menu.
   2. Select one of the criteria from the drop-down menu.
   3. Complete the fields for the criterion.
   4. Click Save.
9. SecurityTip Preview: Use this section to preview your SecurityTip Text, SecurityTip Media, and User Feedback Interactions selections.
10. SecurityTip Delivery Method: Click this drop-down menu to select how you would like to send the SecurityTip to users. You can select a real-time delivery method and enable email as a backup delivery method.
    
    Note:The backup delivery method will only be used if your real-time delivery method cannot be used or if it is turned off.
11. SecurityTip Delivery Limit: Select how often you want SecurityTips to be sent to your users.
    • Limit to one SecurityTip every 20 minutes: Users won’t receive more than one tip every 20 minutes for this campaign.
    • Limit to one SecurityTip per day: Users won’t receive more than one tip every 24 hours for this campaign.
12. Send Me a Test: Select this option to send a test SecurityTip using your selected SecurityTip Delivery Method.
    
    Note:The email address you provide for this test must be integrated with your selected SecurityTip Delivery Method. For more information, see our Configuring Delivery Methods articles. If your selected SecurityTip Delivery Method or backup delivery method is email, the email address you provide for this test must be an active user in your KSAT console.
13. Save Campaign: Click Save Campaign to save the changes to your settings.
14. Cancel: Click Cancel to cancel the changes to your settings.

Real-Time Coaching Reports for Social Engineering Indicators (SEI)

For information about real-time coaching campaign reports, see our SecurityCoach Reporting Overview article. The Social Engineering Indicators (SEI) real-time coaching campaign also has additional reporting features available for accurate tracking of delivered SecurityTips across different phishing campaigns. For more information on these features, see the screenshot and list below:

1. Phishing Campaigns: Use this filter to view report data for specific phishing campaigns.
2. Phishing Campaign Name: This metadata field indicates the name of the specific phishing campaign that triggered real-time coaching with SEI.
   
   Tip:You can access metadata for campaign activities by clicking the arrow on the far left of each row.
3. SecurityTip: Use the eye icon to view the specific SecurityTip text and GIF that was sent to the user after the phishing failure event.

Managing Social Engineering Indicators (SEI) Coaching for Phishing Campaigns

Real-time coaching for phishing campaigns can be managed for individual phishing campaigns. To see which phishing campaigns have real-time coaching enabled, navigate to your Phishing > Campaigns tab and look for any campaign names that have SecurityCoach Social Engineering Indicators (SEI) linked underneath:

Removing SEI Coaching from Individual Phishing Campaigns

To remove real-time coaching for an individual phishing campaign, see the steps below:

1. Log in to your KSAT console.
2. Navigate to your Phishing > Campaigns tab.
3. In the Name column, find the name of the phishing campaign you want to turn off real-time coaching for.
4. To the right of the campaign’s row, click the drop-down arrow in the Actions column and select Edit from the drop-down menu.
5. Locate the Real-Time Coaching section on the phishing campaign page.
   
6. Turn off the option to Send SecurityTips that reveal missed Social Engineering Indicators for phishing failures.
7. Click Update Campaign at the bottom of the page.