Technical Documentation
WebsiteLinkedIn
  • Technical Documentation
  • Admin Guides
    • Epiphany Intelligence Platform Administrator Guide
      • Epiphany Intelligence Platform Overview
      • Using Epiphany: A Quickstart Guide
      • Epiphany Tools
        • Dashboards
        • Path Finder
          • Path Finder Search Strings
        • Impact Matrix
        • Vulnerabilities
        • Rogue Report
          • Coverage Area
          • Host List and the Query Builder
        • Inventory
          • Active Directory
        • Tickets
          • Creating Tickets
          • Adding comments to a ticket
          • Ticket Activity
          • Closing A Ticket
          • Reveald Ticket Synchronization
          • Supported Markdown
      • Administration
        • User Management
        • Source Management
          • Site Collectors Setup
          • Cloud-Based Data Sources
            • Data Source Examples
          • On-Prem Data Sources
            • Example
      • Search and Query Guidelines
        • Search Basics
        • Query Operators
        • Complex Epiphany Queries
        • Search Keywords
      • Other Resources
    • Epiphany Validation Engine User's Guide
      • Chapter 1: Architecture of EVE
        • Endpoint
        • Platform
      • Chapter 2 : EVE Endpoint
        • Hardware Requirements
        • Operating System Requirements
        • Custom Threat Module Requirements
        • EVE Agent Requirements
          • Endpoint (physical or VM) with Golden Image.
          • Exclusion of E.V.E. paths in third-party Endpoint solutions
          • Third-party communications configuration in the EVE Platform.
          • Privileges
          • Communication between Endpoint and Platform
          • Frameworks
        • Obtaining The EVE Agent
        • The E.V.E. Agent
          • Controls
          • Notifications
          • Isolation
        • Installing the EVE Agent
          • EVE Agent Installation on Windows EndPoints
          • Validating the Installation of EVE Agent on Windows
          • EVE Agent Installation on Linux Endpoints
          • Validating the Installation of EVE Agent on Linux
          • Backup of the Virtual Machine with Golden Image
        • Updating EVE Agent
        • Uninstalling the EVE Agent
        • Troubleshooting
          • Obtaining Logs of the Agent from the cloud instance
          • Obtaining Logs locally of the EVE Agent on Windows Systems
          • Obtaining Logs locally of the EVE Agent on Linux Systems
          • Obtaining Logs of the Isolation Process
      • Chapter 3: EVE Platform
        • Logging in to the Platform for the first time
        • Navigation Tabs
          • Dashboard
          • Emulation Control
            • Endpoints
              • Endpoints Table
              • Obtaining Endpoint Details
              • Rename an Endpoint: Alias
              • Restart an Agent
              • Emulation History of an Endpoint
              • Remove a Host
              • EVE Agent
              • Download the EVE Agent
              • Download Endpoints Report
              • Windows Installer Update
              • Linux Installer Update
              • Delete an Installer Version
            • Threat Library
              • View the MITRE Matrix Related to a Sample
              • Artifacts Severity
              • Artifacts
            • Emulations
              • Scheduled Emulations
              • Emulation Results
              • Export a .xlsx Report of an Emulation
              • Export a .PDF Report of an Emulation
              • Continuous Validation
            • Custom Threats
            • Email Fraud and Infiltration
              • Accessing the EFI Module
              • EFI Campaigns Table
              • Attack Campaigns Distribution
              • Creating an Attack Campaign
              • Campaign Report
          • System Configuration
            • Users
              • Account Types
              • 2FA
              • SSO
        • License
        • Help
        • Support
        • Users Management
        • API
    • Data Usage Guide
      • Primer: How Epiphany Works
      • Data Sources: A Deeper Dive
      • Getting Results: Data Source Outputs
      • Data Privacy and Security
    • Epiphany Security and Trust
      • Introduction
      • Program Details
      • Primary Risks
      • Our Responsibility to You
      • Your Responsibility to Yourself
      • Supplemental Information
      • Secure by Design
      • Conclusion
  • Use Cases
    • Overview
    • 6 Essential Cybersecurity Questions
    • Validate and Manage Assets and Devices in Your Environment
    • Deep Inspection and Audit of Identity Services
    • Manage Exploitability
    • Manage Business Impact
    • Effectively Manage Attack Paths to Enable Better Risk Decisions
  • Epiphany Workflows
    • Technical Analysis
      • Create an Analysis-Focused Dashboard
        • Dashboard Widgets
        • Attack Path Widgets
        • Exposure Widgets
        • Occurrence Widgets
        • Environmental Widgets
        • Administrative Widgets
        • Ticketing Widgets
        • Example Analyst Dashboard
        • Report Features in Dashboard Widgets
      • Attack Path Management
        • Analyze the Attack Path
        • Select a Remediation Recommendation
        • Track Remediation Progress
        • View Potential Exposure to Material impact
        • Tag a Node
      • Vulnerability Management
        • Search for Vulnerabilities
        • Prioritize Vulnerabilities for Remediation
      • Identity Management
        • Identify Risky Conditions in Active Directory (Kerberoastable Users and AS-REP Roastable Users)
        • Identify Risky Conditions in Active Directory (Exposed Active Directory Domain Administrators)
        • Audit High Value Groups
      • Device Management
        • Explore Device Inventory
        • Identify a Rogue System
  • Site Collectors
    • Epiphany Collector Prerequisites
    • Site Collector Guide
      • Create a Site Collector in Epiphany
      • Download a Site Collector Image
      • Generate an Activation Key and Activate Your Epiphany Site Collector
      • Windows GPO Configuration for Epiphany Collector v2.0
      • (Deprecated) Windows GPO Configuration for Epiphany Collector
  • Data Sources
    • Azure Services
      • Obtain the Tenant ID in Azure
      • Register Epiphany as an Application in Azure
      • Add Permissions to the Application - Azure AD
      • Add Permissions to the Application - Defender for Endpoint
      • Add the Azure Credentials to Epiphany
      • How Epiphany Interacts With the Azure API
      • Supplemental Information
    • Carbon Black Cloud
      • Create a Role in Carbon Black Cloud
      • Create a New Carbon Black Cloud User
      • Generate a Carbon Black Cloud API Key
      • Add the Carbon Black Cloud Credentials to Epiphany
      • Supplemental Information
    • Cisco IOS
      • Create a New Cisco IOS User
      • Add the Cisco IOS Credentials to Epiphany
      • Supplemental Information
      • Cisco IOS Manual Collection
    • Claroty
      • Create a Claroty Read-Only User
      • Add the Claroty Credentials to Epiphany
      • How Epiphany Interacts With the Claroty API
    • CrowdStrike
      • Create a CrowdStrike API Key
      • Add the CrowdStrike Credentials to Epiphany
      • How Epiphany Interacts With the CrowdStrike API
      • Supplemental Information
    • Cylance
      • Create a New Cylance User
      • Add the User's Cylance Credentials to Epiphany
      • How Epiphany Interacts With the Cylance API
      • Supplemental Information
    • Manage Engine Patch Manager Plus
      • Create a New Patch Manager Plus User
      • Create a New Patch Manager Plus API Key
      • Add the Patch Manager Plus Credentials to Epiphany
      • How Epiphany Interacts With the Patch Manager Plus API
    • NCentral
      • Create an NCentral Read-Only User and an API Key
      • Add the NCentral Credentials to Epiphany
      • How Epiphany Interacts With the NCentral API
    • Nessus
    • Qualys
      • Create a New Qualys User
      • Add the Qualys Credentials to Epiphany
      • How Epiphany Interacts With the Qualys API
      • Supplemental Information
    • Rapid7 Nexpose
      • Create a New Rapid7 Nexpose User
      • Add the User's Credentials to Epiphany
      • Deploy an Epiphany Site Collector
      • Associate the Site Collector and the Data Source
      • How Epiphany Interacts With the Rapid7 Nexpose Data Source
      • Supplemental Information
    • SentinelOne
      • Create a New Sentinel One User and Generate an API Key
      • Add the User's Sentinel One Credentials and API Key to Epiphany
      • Supplemental Information
    • Tenable
      • Create a New Tenable User
      • Tenable IO Permissions
      • Generate an API Key
      • Add the User's Credentials to Epiphany
      • Deploy a Site Collector (Tenable.sc only)
      • Associate the Site Collector and the Data Source (Tenable.sc only)
      • How Epiphany Interacts With the Tenable Data Source
      • Supplemental Information
    • Trend Micro Apex One
      • Create a Trend Micro Apex One API Key
      • Add the Trend Micro Apex One Credentials to Epiphany
      • How Epiphany Interacts With the Apex Server
      • Supplemental Information
    • Trend Micro Cloud One Deep Security
      • Create a Trend Micro Cloud One Account and API Key
      • Add the Trend Micro Cloud One Credentials to Epiphany
      • How Epiphany Interacts With the Trend Micro Cloud One API
      • Supplemental Information
    • Vicarious vRx
      • Create an API key in Vicarious vRx
      • Add the Vicarious vRx API Key to Epiphany
    • Windows AD
      • Create an AD Service Account for Epiphany
      • Create the Windows AD GPO
      • Deploy the Epiphany Site Collector
      • Add the Windows AD Credentials to the Windows AD Data Source Configuration in Epiphany
      • Supplemental Information
  • Data Sources (Early Access)
    • Armis
      • Create a New Armis User
      • Generate an Armis API Key
      • Add the Armis User's Credentials to Epiphany
      • How Epiphany Interacts With the Armis API
      • Supplemental Information
    • ArubaOS
      • Use SSH to Collect ArubaOS Network Appliance Information
      • Add the ArubaOS Credentials to Epiphany
      • ArubaOS Manual Collection
      • Supplemental Information
    • Automox
      • Create a New Automox User and a New Automox API Key
      • Add the Automox Credentials to Epiphany
      • How Epiphany Interacts with the Automox API
      • Supplemental Information
    • AWS
      • Create a New AWS User and AWS API Credentials
      • Add the AWS Credentials to Epiphany
      • How Epiphany Interacts with the AWS API
      • Supplemental Information
    • BeyondTrust
      • Create an Explicit User Account in BeyondTrust
      • Deploy an Epiphany Site Collector
      • Add the BeyondTrust Credentials to Epiphany
      • Supplemental Information
    • Bloodhound
      • Bloodhound Set Up 1
      • Bloodhound Set Up 2
      • Add the Bloodhound Credentials to Epiphany
      • How Epiphany Interacts With the Bloodhound Data Source
      • Supplemental Information
    • Cisco Meraki
      • Generate a Read-Only Meraki Account
      • Generate a Meraki API Key
      • Collect the Meraki Network Maps
      • Add the Cisco Meraki Credentials to Epiphany
      • Supplemental Information
    • FortiOS
      • Generate a FortiOS API Token
      • Add the API Token to Epiphany
      • Supplemental Information
    • HPE Comware
      • Data Collection for Epiphany
      • Supplemental Information
    • Juniper OS
      • Configure and Verify the Rest API
      • Data Collection for Epiphany
      • Supplemental Information
    • Okta
      • Okta Set Up 1
      • Okta Set Up 2
      • Add the Okta Credentials to Epiphany
      • How Epiphany Interacts With the Okta Data Source
      • Supplemental Information
    • Palo Alto PAN-OS and Panorama
      • Create a New PAN-OS or Panorama User
      • Add the Panorama or PAN-OS Credentials to Epiphany
      • Add the SSH Credentials to Epiphany
      • PAN-OS and Panorama SSH/Manual Collection
      • How Epiphany Interacts With the Palo Alto API/Console
      • Supplemental Information
    • Windows AD (Legacy Version)
      • Create the Windows AD GPO
      • Supplemental Information
    • VMware vSphere
      • Create the vSphere User Account
      • Create a Role
      • Assign Read-Only permissions to vCenter
      • Assign a User Account the Role on a single Object
      • Add vSphere as a Data Source within the Console
  • Changelog
    • 2023-08-02: Phase 1 Customer Portal
    • 2023-08-25: Epiphany Administrator Guide v1.0
    • 2023-09-14: Product Update
    • 2023-09-27: Product Update
    • 2023-10-13: Product Update
    • 2023-12-01: Product Update
  • Legal Notice
    • Terms and Conditions
    • Privacy
Powered by GitBook
On this page
  • Status Overview
  • Table Structure
  • Campaign Status
  • Configuration
  • Top Navigation Icons
  • Pagination and Navigation
  1. Admin Guides
  2. Epiphany Validation Engine User's Guide
  3. Chapter 3: EVE Platform
  4. Navigation Tabs
  5. Emulation Control
  6. Email Fraud and Infiltration

EFI Campaigns Table

PreviousAccessing the EFI ModuleNextAttack Campaigns Distribution

Last updated 1 month ago

The EFI Campaigns Table is the central interface where users can view and manage all configured Email Fraud and Infiltration (E.F.I.) emulation campaigns. This section explains each component and column of the table, as well as the status indicators and available actions.

Status Overview

At the top of the table, you'll find a real-time status summary of all EFI campaigns:

  • ⚪ Pending: Campaigns that have been scheduled and are currently being processed or prepared for distribution.

  • 🟢 Active: Campaigns that are actively running. This includes email simulations that are currently being sent, opened, or interacted with by users.

  • 🟠 Expired: Campaigns that have already concluded. The emulation time window has ended, and no further activity is expected.

These indicators help teams quickly assess the current state of all ongoing and historical campaigns.

Table Structure

Target

Displays the target operating system or platform for the campaign.

Name

The user-defined name of the campaign. It often includes tags or labels for identification.

Status

Shows the publication state of the campaign.

Distribution

Broadcast

Active

A green dot (🟢) indicates the campaign is currently active and collecting telemetry. Gray (⚫) means pending and an orange (🟠) dot indicates an expired campaign.

Creation

Timestamp of when the campaign was created, shown in relative time.

Configuration

Campaign Status

Each EFI campaign progresses through a predefined set of lifecycle stages. These statuses represent the technical and operational state of a campaign from creation to conclusion. The visual timeline indicator helps users track progress at a glance.

REGISTERED

The campaign has been created and its configuration has been saved. At this stage, the campaign is awaiting compilation and internal processing.

BUILDING

The platform is currently compiling the campaign, including generating payloads, configuring delivery methods, and preparing telemetry collection. This phase is automated and transitional.

BUILT

The campaign has been successfully compiled and is ready for publication. It contains all necessary artifacts and is staged for scheduling or execution.

PUBLISHED

The campaign is live or scheduled for execution. At this stage, distribution (email, URL, QR code) is enabled, and telemetry can begin if the operation mode is "Controlled."

FINISH / EXPIRED

The campaign has ended, either because the defined time window has passed or it was manually finalized. No further data is collected, and the results are available for analysis and reporting.

Note: Status appears grayed-out until the build completes.

Configuration

Campaign Metadata (Left Panel)

  • Name: Unique identifier of the campaign .

  • Description: Brief textual description of the campaign.

  • Campaign Start: The exact date and time when the campaign is scheduled to begin.

  • Campaign End: When the campaign is set to end and stop collecting telemetry.

  • Status: The current lifecycle stage.

Technical Configuration (Right Panel)

  • Target: Operating system or environment the campaign is designed for.

  • Operation Mode:

    • Controlled: Emulation includes endpoint telemetry via the embedded EVE agent.

    • Unattended: Emulation is sent without telemetry collection.

  • Distribution: The channel through which the simulated threat is distributed ( Email, URL, QR Code).

  • Delivery: Describes the routing strategy:

    • Bundled with Agent. The artifact is included in the agent

    • Network Download. The artifact will be downloaded separately once the payload with the embedded agent is opened.

Compiler Information (Bottom left Panel)

This section provides traceability regarding the origin of the campaign:

  • Compiler Name: Name provided for the compiler (payload).

  • Organization: Name of the organization provided for the compiler (payload).

  • Compiler Description: Description provided for the compiler (payload).

  • Compiler Icon: Visual identifier or logo tied to the campaign creator (if available).

Link / QR code (Bottom right Panel)

Provides the link or the QR generated for the campaign.

Clients

Provides a Geo-localization of the registered clients.

Campaign Options Menu (â‹®)

Each campaign row in the EFI Campaign Table includes a contextual options menu (three-dot icon â‹®) that allows users to perform actions on individual campaigns. When clicked, the following options appear:

Generate Report

Triggers the generation of a detailed report for the selected campaign. Selecting this option will redirect to Campaign Report.

Anticipated Finish

Allow manual termination of a running campaign before its scheduled expiration time. It let users finalize a campaign early and proceed to results analysis.

Delete Campaign

Removes the selected campaign from the EFI Campaign Table. This action is permanent and should be used with caution, as deleted campaigns cannot be recovered.

Top Navigation Icons

At the top-right corner of the EFI Campaign Table, users will find a set of interactive icons that provide quick access to essential actions and tools:

Icon

Function

Description

Table Filter/Search

Opens a search field to quickly locate specific campaigns by name or metadata within the EFI table. Useful for environments with large numbers of emulations.

Refresh Table

Reloads the table to display the most up-to-date information about campaign statuses and activity. Ensures the interface reflects recent changes or new campaigns.

Add New Campaign

Opens the campaign creation wizard, allowing users to configure a new email emulation. This includes selecting distribution type, payload, scheduling, and telemetry settings.

â‹® Options Menu

Icons Module

Opens a submenu that links to the Icons Module, where users can upload or manage custom payload icons. These icons are used to make the attachment or file appear like a PDF, Word document, ZIP file, or other formats to enhance realism and user deception.

Pagination and Navigation

At the bottom of the table, users can navigate between pages and adjust how many campaigns are displayed per page using the pagination controls. The interface supports bulk management of campaigns if necessary.

Indicates the campaign distribution method. Unattended Attack Campaign Realistic and Controlled Attack Campaign

Method used to share or broadcast the emulation: • Link • Email • QR Code

Provides access to the campaign’s configuration details. The eye icon () opens a view-only configuration panel. More options can be found via the kebab menu (⋮).

When clicking on the View () icon in the EFI Campaign Table, the user is presented with a detailed summary of the selected email campaign. This read-only panel displays all the configuration parameters and metadata associated with the emulation. The information is organized in clear sections

Search

Refresh

Create Campaign

Status Overview
EFI Campaign Table