Proofpoint: Campaign Export Guide

Carlos Rios
Carlos Rios
  • Updated

Question

I am exporting my Campaign details to CSV but am unsure what all the column headings mean.  Do you have a list of column heading definitions for the campaign CSV export?

Answer

Yes.  Listed below are the CSV column heading definitions:

  • First Name - The user's first name
  • Last Name - The user's last name
  • Campaign Guid - System side unique identifier for the campaign
  • Users Guid - System side unique identifier for this user in this campaign
  • Primary Email Opened - Was the email viewed (True/False)?
  • Date Email Opened - The date/time the email was first viewed
  • Primary Clicked - Was the link in the email clicked (True/False)?
  • Date Clicked - The date/time the link was clicked in the email for the first time
  • Multi Email Open - count of the number of times, beyond the first, that the email was viewed
  • Multi Click Event - count of the number of times, beyond the first, that the phishing link was clicked
  • Email Address - The user's email address
  • Date Sent - The date/time that the email was sent to the user
  • Campaign Title - The name of the campaign chosen by the customer (e.g. "IT Staff first test Jan 2014")Template Sophistication
  • Template Sophistication - no longer users - legacy parameter
  • Campaign Recipient List - The group or department that the campaign was sent to (e.g. IT, HR, Finance)
  • Email Opened IP Address - IP address that could be recorded of the system that downloaded the tracking pixel
  • Email Opened Browser - Browser type of the system that downloaded the tracking pixel (determined by the User Agent String received in the communication)
  • Email Opened Browser Version - Browser version of the system that downloaded the tracking pixel (determined by the User Agent String received in the communication)
  • Email Opened OS - OS type of the system that downloaded the tracking pixel (determined by the User Agent String received in the communication)
  • Email Opened OS Version - OS version of the system that downloaded the tracking pixel (determined by the User Agent String received in the communication)
  • Email Opened User Agent - User Agent String received in the communication during the download of the tracking pixel
  • Clicked IP Address - IP address that could be recorded of the system that the link was clicked 
  • Clicked Host Name - Hostname that could be recorded of the system that the link was clicked
  • Clicked Browser - Browser type that could be recorded of the system that the link was clicked
  • Clicked Browser Version - Browser version that could be recorded of the system that the link was clicked
  • Clicked OS - OS type that could be recorded of the system that the link was clicked
  • Clicked OS Version - OS version that could be recorded of the system that the link was clicked
  • Clicked User Agent - User Agent String received in the communication during the click of the phishing link
  • Teachable Moment Started - Did the user make it to the teachable moment (True/False)?
  • Acknowledgement Completed - Did the user click the acknowledge button at the bottom of the teachable moment page affirming that they read and understood the teachable moment (True/False)?
  • Date Acknowledged - The date/time that the user clicked the Acknowledge button on the Teachable Moment
  • Weak Egress - Was the user able to download the tracking pixel for Weak Egress detection (TRUE/FALSE)
  • Reported - Did the user report the phish to the infosec group using PhishAlarm or another mechanism (True/False)?
  • Date Reported - The date/time that the user reported the phishing email
  • Whois Latitude - The latitude of the IP address of the first click 
  • Whois Longitude - The longitude of the IP address of the first click 
  • Whois City - The city of the IP address of the first click 
  • Whois State - The state of the IP address of the first click 
  • Whois Country - The country of the IP address of the first click 
  • Whois Continent - The continent of the IP address of the first click 
  • Whois Domain - The domain of the IP address of the first click 
  • Whois ISP - The ISP of the IP address of the first click 
  • Whois Organization - The organization of the IP address of the first click 
  • Email Bounced - Was the delivered email bounced back or had an automated reply returned (TRUE/FALSE)
  • Passed? - Did the user meet the requirements to not fail the phishing campaign type (TRUE/FALSE)
  • Vulnerability Count - Count of the number of plugins that were detected as vulnerable
  • Adobe PDF Version - The version of Acrobat in use
  • Adobe PDF Vulnerable - Is/was the version of Acrobat out of date at the time of the campaign (True/False)?
  • Current Adobe PDF Version - Version of software reported as current by the vendor
  • Adobe Flash Version - The version of Flash in use
  • Adobe Flash Vulnerable - Is/was the version of Flash out of date at the time of the campaign (True/False)?
  • Current Adobe Flash Version - Version of software reported as current by the vendor
  • QuickTime Version - The version of Quicktime in use
  • QuickTime Vulnerable - Is/was the version of Quicktime out of date at the time of the campaign (True/False)?
  • Current Quicktime Version - Version of software reported as current by the vendor
  • RealPlayer Version - The version of RealPlayer in use
  • RealPlayer Vulnerable - Is/was the version of RealPlayer out of date at the time of the campaign (True/False)?
  • Current RealPlayer Version - Version of software reported as current by the vendor
  • Java Version - The version of Java in use
  • Java Vulnerable - Is/was the version of Java out of date at the time of the campaign (True/False)?
  • Current Java Version - Version of software reported as current by the vendor
  • Silverlight Version - The version of Silverlight in use
  • Silverlight Vulnerable - Is/was the version of Flash out of date at the time of the campaign (True/False)?
  • Current Silverlight Version - Version of software reported as current by the vendor
  • Windows Media Player Version - The version of Windows Media Player in use
  • Windows Media Player Vulnerable - Is/was the version of Windows Media Player out of date at the time of the campaign (True/False)?
  • Current Windows Media Player Version - Version of software reported as current by the vendor
  • Various columns entered here - depending on Custom Properties Uploaded
  • Phishing Template - Name of the Phishing Template sent to the user from the campaign