Phishing Reports

Customize and View Phishing Activity Reports

From the Reports tab of your KnowBe4 account, you can view phishing activity reports to monitor your organization's phishing-related data. Phishing activity reports display comprehensive information about your users' Phishing Security Test (PST) results. You can also customize the reports to display specific data, such as PST data for individual user groups.

If you would like to download your phishing activity reports for future use, you can export information from the report as a CSV file or export a report overview graph as a PDF file. 

Note: Data from your KMSAT console can take up to 24 hours to process and display in your phishing activity reports.

See the sections below to learn how to customize and view phishing activity reports. 

Customizing Phishing Activity Reports

When you create a phishing activity report, you can apply filters to the report to view specific data. For example, to view data for users who are in a specific group and phishing campaign, you would select the group in the User Groups filter and the phishing campaign in the Phishing Campaigns filter. 

To learn about the filters you can apply to phishing activity reports, see the screenshot and list below: Phishing Activity Report Filters

  1. Report Type: Use this filter to select your report type. You can select either All Phishing Activity or All Phishing Activity Grouped by User, depending on how you would like to organize your data. If you select All Phishing Activity, the report will display individual PSTs. If you select All Phishing Activity Grouped by User, the report will display PST data grouped by user. To learn more about these report types, see the All Phishing Activity and All Phishing Activity Grouped by User subsections below. 
  2. Phishing Campaigns: Use this filter to select the phishing campaigns that you would like to display data for. 
  3. User Groups: Use this filter to select the user groups that you would like to display data for. 
  4. Date Range: Use this filter to select the date range that you would like to display data for. This date range is based on when the PST was sent.
  5. Phishing Security Test Outcome: Use this filter to select the test outcomes that you would like to display data for. 
    Note: If you selected All Phishing Data Grouped by User in the Report Type filter, the Phishing Security Test Outcome filter will not display on the page.
  6. User Status: Use this filter to select Active or Archived if you would like to display only one user status. To view this filter, you will need to click the + Additional Filters menu. 
  7. Exclude User Groups: Use this filter to select the user groups that you would like to exclude from the report. If a user is included in both the User Groups filter and the Exclude User Groups filter, the user will be excluded from the report. To view this filter, you will need to click the + Additional Filters menu. 
  8. Template Attack Vectors: Use this filter to select the types of attack vectors that you would like to include in your report. The attack vectors are the types of attachments that were included in the PST. For more information, see our What Attachments Can I Add to My Phishing Campaign and How Are They Tracked? article. To view this filter, you will need to click the + Additional Filters menu. 

After you select your filters, click the View Report button.

Tip: After you click the View Report button, you can click the Save Report button if you would like to view the report later. When you click the Save Report button, your report will automatically display in the Reports tab under the Saved Reports subtab. For more information about saving reports, see our How to Save and Send Reports article.

Viewing Phishing Activity Reports

After you customize your phishing activity report, your report will display a graph and a table. If you would like, you can download the graph as a PDF file and the table data as a CSV file.

To learn how to view your phishing activity reports based on report type, see the subsections below.

All Phishing Activity

If you selected All Phishing Activity for your report type, your report will display detailed information for each PST, while the All Phishing Activity Grouped by User report displays combined data for all PSTs that a user has received.  

For this report type, you can view the bar graph to monitor the number of PSTs that have been delivered, failed, and reported. To view the exact numbers for each of these PSTs, you can hover your mouse over the bar graph. You can also remove a bar from the graph by clicking the corresponding label in the legend at the bottom of the graph. For example, you can click Failed from the legend to remove the Failed bar from the graph.  All Phishing Activity Graph

Below the graph, you can view a table that displays information about the phishing campaigns that each user is enrolled in. The table contains a separate row for each PST included in the campaign. For example, if a user is enrolled in one phishing campaign that includes three PSTs, the report will include three rows for the user.

You can customize the table by selecting columns to display and sort your results. To learn how to customize the table and download your report, see the screenshot and list below:  All Phishing Activity Grouped by User table

  1. Search: Search for a user by entering their name or email address into the search bar.
  2. Add or Remove Columns: Click this button to display a drop-down menu that contains a list of available columns. From the drop-down menu, you can deselect the default columns and select additional columns to display in the table.
    Note: If you download a CSV file of your report, the columns that you have selected in the Add or Remove Columns drop-down menu will display in the CSV file. If you save your report by clicking the Save Report button, the columns that you have selected will display in the saved report.
  3. Arrow icon: Click this icon in the column headers to sort the results in the table.
  4. Generate PDF: Click this button to generate a PDF file of the bar graph, which you can download from the Download Center. For information about the Download Center, see our Download Center Guide.
  5. Generate CSV: Click this button to generate a CSV file of the table, which you can download from the Download Center. For information about the Download Center, see our Download Center Guide.

All Phishing Activity Grouped by User

If you selected All Phishing Activity Grouped by User for your report type, your report will display more general data about your users' PST results, while the All Phishing Activity report displays data for individual PSTs.

For this report type, you can view the bar graph to monitor the number of PSTs that the users have failed and reported, including the number of clicks, replies, attachments opened, macros enabled, and data entered. The bar graph also displays the users' average Phish-prone Percentage. To view the exact numbers for each of these events, you can hover your mouse over each bar in the bar graph. Next to the bar graph, you can also view the average Phish-prone Percentage, Phish-failure Percentage, and PAB-reported Percentage.  Grouped by User Graph

Below the graph, you can view a table that displays information about the phishing campaigns that each user is enrolled in. The table contains one row for each user by combining the data for all of the phishing campaigns the user is enrolled in. For example, if a user is enrolled in one phishing campaign that includes three PSTs, the report will combine the data for the three PSTs into one row for the user.

You can customize the table by selecting columns to display and sort your results. To learn how to customize the table and download your report, see the screenshot and list below: 

Note: In this table, the Calculated Phish-prone Percentage column displays each user's Phish-prone Percentage based on the selected filters. For example, if you have selected a specific phishing campaign in the Phishing Campaigns filter, this column will display each user's Phish-prone Percentage for that campaign.

All Phishing Activity Grouped by User Table

  1. Search: Search for a user by entering their name or email address into the search bar.
  2. Add or Remove Columns: Click this button to display a drop-down menu that contains a list of available columns. From the drop-down menu, you can deselect the default columns and select additional columns to display in the table.
    Note:If you download a CSV file of your report, the columns that you have selected in the Add or Remove Columns drop-down menu will display in the CSV file. If you save your report by clicking the Save Report button, the columns that you have selected will display in the saved report.
  3. Arrow icon: Click this icon in the column headers to sort the results in the table.
  4. Generate PDF: Click this button to generate a PDF file of the bar graph, which you can download from the Download Center. For information about the Download Center, see our Download Center Guide.
  5. Generate CSV: Click this button to generate a CSV file of the table, which you can download from the Download Center. For information about the Download Center, see our Download Center Guide.

Can't find what you're looking for?

Contact Support
circle-arrow-up