Technical Documentation
WebsiteLinkedIn
  • Technical Documentation
  • Admin Guides
    • Epiphany Intelligence Platform Administrator Guide
      • Epiphany Intelligence Platform Overview
      • Using Epiphany: A Quickstart Guide
      • Epiphany Tools
        • Dashboards
        • Path Finder
          • Path Finder Search Strings
        • Impact Matrix
        • Vulnerabilities
        • Rogue Report
          • Coverage Area
          • Host List and the Query Builder
        • Inventory
          • Active Directory
        • Tickets
          • Creating Tickets
          • Adding comments to a ticket
          • Ticket Activity
          • Closing A Ticket
          • Reveald Ticket Synchronization
          • Supported Markdown
      • Administration
        • User Management
        • Source Management
          • Site Collectors Setup
          • Cloud-Based Data Sources
            • Data Source Examples
          • On-Prem Data Sources
            • Example
      • Search and Query Guidelines
        • Search Basics
        • Query Operators
        • Complex Epiphany Queries
        • Search Keywords
      • Other Resources
    • Epiphany Validation Engine User's Guide
      • Chapter 1: Architecture of EVE
        • Endpoint
        • Platform
      • Chapter 2 : EVE Endpoint
        • Hardware Requirements
        • Operating System Requirements
        • Custom Threat Module Requirements
        • EVE Agent Requirements
          • Endpoint (physical or VM) with Golden Image.
          • Exclusion of E.V.E. paths in third-party Endpoint solutions
          • Third-party communications configuration in the EVE Platform.
          • Privileges
          • Communication between Endpoint and Platform
          • Frameworks
        • Obtaining The EVE Agent
        • The E.V.E. Agent
          • Controls
          • Notifications
          • Isolation
        • Installing the EVE Agent
          • EVE Agent Installation on Windows EndPoints
          • Validating the Installation of EVE Agent on Windows
          • EVE Agent Installation on Linux Endpoints
          • Validating the Installation of EVE Agent on Linux
          • Backup of the Virtual Machine with Golden Image
        • Updating EVE Agent
        • Uninstalling the EVE Agent
        • Troubleshooting
          • Obtaining Logs of the Agent from the cloud instance
          • Obtaining Logs locally of the EVE Agent on Windows Systems
          • Obtaining Logs locally of the EVE Agent on Linux Systems
          • Obtaining Logs of the Isolation Process
      • Chapter 3: EVE Platform
        • Logging in to the Platform for the first time
        • Navigation Tabs
          • Dashboard
          • Emulation Control
            • Endpoints
              • Endpoints Table
              • Obtaining Endpoint Details
              • Rename an Endpoint: Alias
              • Restart an Agent
              • Emulation History of an Endpoint
              • Remove a Host
              • EVE Agent
              • Download the EVE Agent
              • Download Endpoints Report
              • Windows Installer Update
              • Linux Installer Update
              • Delete an Installer Version
            • Threat Library
              • View the MITRE Matrix Related to a Sample
              • Artifacts Severity
              • Artifacts
            • Emulations
              • Scheduled Emulations
              • Emulation Results
              • Export a .xlsx Report of an Emulation
              • Export a .PDF Report of an Emulation
              • Continuous Validation
            • Custom Threats
            • Email Fraud and Infiltration
              • Accessing the EFI Module
              • EFI Campaigns Table
              • Attack Campaigns Distribution
              • Creating an Attack Campaign
              • Campaign Report
          • System Configuration
            • Users
              • Account Types
              • 2FA
              • SSO
        • License
        • Help
        • Support
        • Users Management
        • API
    • Data Usage Guide
      • Primer: How Epiphany Works
      • Data Sources: A Deeper Dive
      • Getting Results: Data Source Outputs
      • Data Privacy and Security
    • Epiphany Security and Trust
      • Introduction
      • Program Details
      • Primary Risks
      • Our Responsibility to You
      • Your Responsibility to Yourself
      • Supplemental Information
      • Secure by Design
      • Conclusion
  • Use Cases
    • Overview
    • 6 Essential Cybersecurity Questions
    • Validate and Manage Assets and Devices in Your Environment
    • Deep Inspection and Audit of Identity Services
    • Manage Exploitability
    • Manage Business Impact
    • Effectively Manage Attack Paths to Enable Better Risk Decisions
  • Epiphany Workflows
    • Technical Analysis
      • Create an Analysis-Focused Dashboard
        • Dashboard Widgets
        • Attack Path Widgets
        • Exposure Widgets
        • Occurrence Widgets
        • Environmental Widgets
        • Administrative Widgets
        • Ticketing Widgets
        • Example Analyst Dashboard
        • Report Features in Dashboard Widgets
      • Attack Path Management
        • Analyze the Attack Path
        • Select a Remediation Recommendation
        • Track Remediation Progress
        • View Potential Exposure to Material impact
        • Tag a Node
      • Vulnerability Management
        • Search for Vulnerabilities
        • Prioritize Vulnerabilities for Remediation
      • Identity Management
        • Identify Risky Conditions in Active Directory (Kerberoastable Users and AS-REP Roastable Users)
        • Identify Risky Conditions in Active Directory (Exposed Active Directory Domain Administrators)
        • Audit High Value Groups
      • Device Management
        • Explore Device Inventory
        • Identify a Rogue System
  • Site Collectors
    • Epiphany Collector Prerequisites
    • Site Collector Guide
      • Create a Site Collector in Epiphany
      • Download a Site Collector Image
      • Generate an Activation Key and Activate Your Epiphany Site Collector
      • Windows GPO Configuration for Epiphany Collector v2.0
      • (Deprecated) Windows GPO Configuration for Epiphany Collector
  • Data Sources
    • Azure Services
      • Obtain the Tenant ID in Azure
      • Register Epiphany as an Application in Azure
      • Add Permissions to the Application - Azure AD
      • Add Permissions to the Application - Defender for Endpoint
      • Add the Azure Credentials to Epiphany
      • How Epiphany Interacts With the Azure API
      • Supplemental Information
    • Carbon Black Cloud
      • Create a Role in Carbon Black Cloud
      • Create a New Carbon Black Cloud User
      • Generate a Carbon Black Cloud API Key
      • Add the Carbon Black Cloud Credentials to Epiphany
      • Supplemental Information
    • Cisco IOS
      • Create a New Cisco IOS User
      • Add the Cisco IOS Credentials to Epiphany
      • Supplemental Information
      • Cisco IOS Manual Collection
    • Claroty
      • Create a Claroty Read-Only User
      • Add the Claroty Credentials to Epiphany
      • How Epiphany Interacts With the Claroty API
    • CrowdStrike
      • Create a CrowdStrike API Key
      • Add the CrowdStrike Credentials to Epiphany
      • How Epiphany Interacts With the CrowdStrike API
      • Supplemental Information
    • Cylance
      • Create a New Cylance User
      • Add the User's Cylance Credentials to Epiphany
      • How Epiphany Interacts With the Cylance API
      • Supplemental Information
    • Manage Engine Patch Manager Plus
      • Create a New Patch Manager Plus User
      • Create a New Patch Manager Plus API Key
      • Add the Patch Manager Plus Credentials to Epiphany
      • How Epiphany Interacts With the Patch Manager Plus API
    • NCentral
      • Create an NCentral Read-Only User and an API Key
      • Add the NCentral Credentials to Epiphany
      • How Epiphany Interacts With the NCentral API
    • Nessus
    • Qualys
      • Create a New Qualys User
      • Add the Qualys Credentials to Epiphany
      • How Epiphany Interacts With the Qualys API
      • Supplemental Information
    • Rapid7 Nexpose
      • Create a New Rapid7 Nexpose User
      • Add the User's Credentials to Epiphany
      • Deploy an Epiphany Site Collector
      • Associate the Site Collector and the Data Source
      • How Epiphany Interacts With the Rapid7 Nexpose Data Source
      • Supplemental Information
    • SentinelOne
      • Create a New Sentinel One User and Generate an API Key
      • Add the User's Sentinel One Credentials and API Key to Epiphany
      • Supplemental Information
    • Tenable
      • Create a New Tenable User
      • Tenable IO Permissions
      • Generate an API Key
      • Add the User's Credentials to Epiphany
      • Deploy a Site Collector (Tenable.sc only)
      • Associate the Site Collector and the Data Source (Tenable.sc only)
      • How Epiphany Interacts With the Tenable Data Source
      • Supplemental Information
    • Trend Micro Apex One
      • Create a Trend Micro Apex One API Key
      • Add the Trend Micro Apex One Credentials to Epiphany
      • How Epiphany Interacts With the Apex Server
      • Supplemental Information
    • Trend Micro Cloud One Deep Security
      • Create a Trend Micro Cloud One Account and API Key
      • Add the Trend Micro Cloud One Credentials to Epiphany
      • How Epiphany Interacts With the Trend Micro Cloud One API
      • Supplemental Information
    • Vicarious vRx
      • Create an API key in Vicarious vRx
      • Add the Vicarious vRx API Key to Epiphany
    • Windows AD
      • Create an AD Service Account for Epiphany
      • Create the Windows AD GPO
      • Deploy the Epiphany Site Collector
      • Add the Windows AD Credentials to the Windows AD Data Source Configuration in Epiphany
      • Supplemental Information
  • Data Sources (Early Access)
    • Armis
      • Create a New Armis User
      • Generate an Armis API Key
      • Add the Armis User's Credentials to Epiphany
      • How Epiphany Interacts With the Armis API
      • Supplemental Information
    • ArubaOS
      • Use SSH to Collect ArubaOS Network Appliance Information
      • Add the ArubaOS Credentials to Epiphany
      • ArubaOS Manual Collection
      • Supplemental Information
    • Automox
      • Create a New Automox User and a New Automox API Key
      • Add the Automox Credentials to Epiphany
      • How Epiphany Interacts with the Automox API
      • Supplemental Information
    • AWS
      • Create a New AWS User and AWS API Credentials
      • Add the AWS Credentials to Epiphany
      • How Epiphany Interacts with the AWS API
      • Supplemental Information
    • BeyondTrust
      • Create an Explicit User Account in BeyondTrust
      • Deploy an Epiphany Site Collector
      • Add the BeyondTrust Credentials to Epiphany
      • Supplemental Information
    • Bloodhound
      • Bloodhound Set Up 1
      • Bloodhound Set Up 2
      • Add the Bloodhound Credentials to Epiphany
      • How Epiphany Interacts With the Bloodhound Data Source
      • Supplemental Information
    • Cisco Meraki
      • Generate a Read-Only Meraki Account
      • Generate a Meraki API Key
      • Collect the Meraki Network Maps
      • Add the Cisco Meraki Credentials to Epiphany
      • Supplemental Information
    • FortiOS
      • Generate a FortiOS API Token
      • Add the API Token to Epiphany
      • Supplemental Information
    • HPE Comware
      • Data Collection for Epiphany
      • Supplemental Information
    • Juniper OS
      • Configure and Verify the Rest API
      • Data Collection for Epiphany
      • Supplemental Information
    • Okta
      • Okta Set Up 1
      • Okta Set Up 2
      • Add the Okta Credentials to Epiphany
      • How Epiphany Interacts With the Okta Data Source
      • Supplemental Information
    • Palo Alto PAN-OS and Panorama
      • Create a New PAN-OS or Panorama User
      • Add the Panorama or PAN-OS Credentials to Epiphany
      • Add the SSH Credentials to Epiphany
      • PAN-OS and Panorama SSH/Manual Collection
      • How Epiphany Interacts With the Palo Alto API/Console
      • Supplemental Information
    • Windows AD (Legacy Version)
      • Create the Windows AD GPO
      • Supplemental Information
    • VMware vSphere
      • Create the vSphere User Account
      • Create a Role
      • Assign Read-Only permissions to vCenter
      • Assign a User Account the Role on a single Object
      • Add vSphere as a Data Source within the Console
  • Changelog
    • 2023-08-02: Phase 1 Customer Portal
    • 2023-08-25: Epiphany Administrator Guide v1.0
    • 2023-09-14: Product Update
    • 2023-09-27: Product Update
    • 2023-10-13: Product Update
    • 2023-12-01: Product Update
  • Legal Notice
    • Terms and Conditions
    • Privacy
Powered by GitBook
On this page
  • How to Access the Report
  • Campaign Report
  • Campaign Summary
  • Clicked Count
  • History Graph (Spider/Radar Chart)
  • Distribution Days
  • Categories
  • Details for Agents Registered
  • Campaign Success and Fail Gauge
  • Percent of Success (Donut Chart)
  • Metadata Insights
  • Endpoint Metadata Table
  • Network Distribution Map
  • Detailed Execution Timeline
  • Detailed Execution Timeline
  1. Admin Guides
  2. Epiphany Validation Engine User's Guide
  3. Chapter 3: EVE Platform
  4. Navigation Tabs
  5. Emulation Control
  6. Email Fraud and Infiltration

Campaign Report

Once a campaign has been created and executed, EFI provides a detailed report that summarizes its results, including delivery success, user interaction, and endpoint behavior (if telemetry is enabled).

How to Access the Report

  1. In the EFI Campaign Table, locate the row of the campaign you want to analyze.

  2. Click the three-dot menu (⋮) located at the far right of the row.

  3. Select "Generate Report" from the dropdown menu.

  4. You will be automatically redirected to the campaign report view.

Note: This option becomes available only after the campaign has been published.

Campaign Report

Once a campaign is complete, EFI generates a comprehensive report with visualizations and telemetry data to assess how the emulation unfolded across the delivery chain. The report includes real-time statistics, endpoint activity, and delivery summaries.

Here’s what you’ll find in the report:

Campaign Summary

Displays essential metadata:

  • Campaign Name

  • Status (Expired, Active, Pending, Building)

  • Type of Operation (Controlled or Unattended)

  • Delivery Type (Inside or Outside)

  • Distribution Method (Email, QR Code, Link)

  • Platform (Windows/Linux)

  • Start & End Timestamps

This panel serves as the high-level summary of the campaign’s configuration and lifecycle.

Clicked Count

Shows how many users interacted with the campaign, this information is obtained based on the times the link is accessed.

History Graph (Spider/Radar Chart)

Visualizes the full progression of the emulated attack across multiple phases:

  • Emitted – Emails or links sent

  • Register – Payload registered on endpoint

  • Download – Payload successfully downloaded

  • Validated – Control validation triggered

  • Execution – File executed

  • Survived – No detection/interruption

  • Finished – Campaign completed

This gives a breakdown of how far each payload made it in the attack chain.

Distribution Days

Bar chart showing the day-by-day distribution volume, helping teams identify which day had more engagement or delivery attempts.

Categories

  • Agents Registered: Number of endpoints that received and ran the payload with the EVE agent.

  • Malware Download Count: Number of successful payload downloads from attacker URLs.

Details for Agents Registered

A table listing endpoint details for registered agents:

Column
Description

Device Name

Hostname or asset ID

User

Username of the device owner

Details

Access to full endpoint execution logs (via icon button)

This allows for detailed analysis of each device's behavior and telemetry during the campaign.

Campaign Success and Fail Gauge

A bar graph that summarizes overall campaign execution results:

  • Success: Number of payloads that reached the final execution phase as designed.

  • Fail: Payloads that failed to complete execution, possibly due to user inaction or security control intervention.

  • Total Emulation Scripts: Number of payloads or scripts included in the campaign.

  • Endpoints: Number of unique devices that participated in the campaign.

Percent of Success (Donut Chart)

  • Displays the total campaign success rate as a percentage.

  • A 100% success rate indicates that all configured steps (e.g., click, download, execution) were completed on the participating endpoints.

Metadata Insights

These pie charts break down environmental data collected from the endpoints:

Chart

Description

Percent Browser

Shows the distribution of browsers used to access the payload. Useful to detect browser-based bypass techniques or user preferences.

Percent OS

Displays the operating system of target endpoints.

Percent Device

Identifies the type of device used (e.g., PC, mobile, tablet).

Endpoint Metadata Table

A comprehensive table displays device-level metadata for each endpoint that interacted with the campaign.

Colum

Description

Browser Family

The browser used to access the link or execute the payload (e.g., Chrome, Edge).

Browser Version

Specific version of the browser, useful for detecting unpatched software.

Device

Device type as recognized (e.g., PC, mobile, unknown).

Device Brand

Manufacturer (if known) of the endpoint device.

Device Model

Model identifier (if known).

Operating System

The OS that ran the payload (e.g., Windows).

OS Version

Specific version of the OS (e.g., Windows 10).

Type

Classification of the endpoint (e.g., PC, Other).

Network Distribution Map

A geographic heat map displays the approximate locations of the endpoints that interacted with the campaign. Each dot on the map represents an interaction:

  • Colored based on intensity or interaction type (e.g., click, download).

  • Helps visualize campaign reach, impact, or regional concentration.

Use this view to correlate emulation activity with specific offices, regions, or geofenced policy zones.

Detailed Execution Timeline

This section provides a step-by-step breakdown of what occurred on each endpoint for each payload sent as part of the campaign. It's one of the most powerful and granular parts of the report, allowing teams to analyze how the threat progressed across the entire attack chain.

Column

Description

Device

The name of the endpoint that received the payload.

Malware

The specific file or synthetic sample delivered to the device.

Register

Indicates whether the payload was successfully registered on the endpoint.

Download

Confirms the payload was downloaded from the attacker link or QR code.

Validation

Shows if the security validation process was triggered successfully.

Execution

Indicates that the payload was executed.

Survived

The payload ran without being blocked by security controls.

Finished

The payload completed its execution lifecycle.

Error

Displays any error messages encountered during execution (e.g., access denied).

Actions

Opens a detailed telemetry report (eye icon) for the specific payload instance.

Detailed Execution Timeline

Clicking on the eye icon in the "Details for Malware Sending" table opens a Malware Details Panel, which provides a visual and time-aligned breakdown of what occurred with a specific payload on a specific endpoint.

At the center of this view is a circular timeline showing the full execution lifecycle of the synthetic threat. Each segment corresponds to a specific stage of the attack chain:

Stage

Description

Issued

The payload was dispatched as part of the campaign.

Registered

The file was acknowledged on the endpoint, confirming contact.

Downloaded

The payload was successfully downloaded from the attacker infrastructure.

Validated

EFI began validating the threat and tracking controls on the endpoint.

Executed

The payload was run on the system.

Survived

The payload remained active without being interrupted or blocked.

Finalized

The payload completed its cycle; telemetry collection was closed.

PreviousCreating an Attack CampaignNextSystem Configuration

Last updated 1 month ago