Customers who purchase both FortiPhish Service and the Fortinet Security Awareness and Training Service can integrate the two services.
For more information about FortiPhish, visit this site: https://www.fortinet.com/products/phishing-simulation
Customers can create training campaigns that can be assigned to users through a remediation rule. For example, they may wish to assign one or more training modules when someone clicks a link in a phishing email, or submits their username and password to a site after clicking a link in a phishing email. Customers can assign different, additional training for each event the user performs.
To do this, there are a few steps:
- Create the desired training campaign template for each phishing event (onRead, onClick, onSubmit) you wish to assign training to.
- Create and schedule a FortiPhish campaign.
- Create and schedule a Security Awareness and Training Campaign
- Create a remediation rule to send a notification email and assign training based on each event.
Before completing the following steps, customers must first complete the configuration of the FortiPhish service:
- Verify each email domain the customer wishes to send phishing emails to by creating a DNS TXT record for each. This is a separate configuration than the DNS TXT records created in the Security Awareness and Training Service. See the following FortiPhish article: https://docs.fortinet.com/document/fortiphish/23.4.0/administration-guide/921094/adding-domains
- Import the users that customers wish to send phishing emails to. This is a separate user import than the DNS user import performed in the Security Awareness and Training Service. You can import users into FortiPhish using the example.csv provided in the FortiPhish service (you cannot use the .csv file used to import users in Fortinet Security Awareness and Training Service (although the data may be cut and paste between the two .csv files). You may also import and synch users via LDAP/LDAPS or Azure Active Directory for the FortiPhish service (Security Awareness and Training Service currently does not support Azure Active Directory user imports/syncs). See the following FortiPhish article: https://docs.fortinet.com/document/fortiphish/23.4.0/administration-guide/629171/recipients
For help configuring FortiPhish and creating phishing campaigns, please refer to the FortiPhish online help: https://docs.fortinet.com/document/fortiphish/latest/administration-guide
If you need more technical assistance configuring FortiPhish or creating campaigns, open a ticket with the FortiPhish service team by following these instructions: How to open a helpdesk ticket for the FortiPhish service.
You can also request assistance configuring the service and setting up campaigns by opening a support ticket from within the Security Awareness and Training Service Get Support link under the avatar menu or by sending an email to infosec_awareness@fortinet.com
How to create a Security Awareness and Training Campaign template for the FortiPhish event(s):
See the following article for creating a training campaign template: https://helpdesk.ftnt.info/en/support/solutions/articles/73000627520-how-to-create-a-new-custom-template-
Before creating FortiPhish event (e.g. onClick, onSubmit), you should decide what modules you would like to assign to each event.
You can assign different training campaigns (containing different modules) for each event. It is important to understand that if any Security Awareness and Training Service campaigns contain the same module and any of those campaigns overlap, learners will only have to complete the overlapping modules in the first campaign they complete. When they attempt to complete any other campaign with that overlapping module, it will be marked as complete:
In this example, we will create a campaign template that we could assign to the onClick event of a FortiPhish campaign. You can repeat these steps if you wish to create a template for the onSubmit or onOpen events. You can also create multiple event campaigns (if you wish to assign different content to different events in different phishing campaigns). Just ensure you give them each meaningful campaign template names.
1) Select Campaigns from the navigation menu, then select the New Training Campaign button:
2) Select the Create a new template link:
3) Select the tab for the type of module you would like to preview (Base Training Modules / Micro Training Modules / Training for Education Industry):
4) Select the modules that you would like to include in the FortiPhish onClick event training template by clicking on them:
You can deselect modules by clicking on them a second time.
5) Give your template a name that is meaningful to your administrators by entering it in the Template Name field, for example “FortiPhish onClick Training Assignment” :
The template name will only be seen / used by administrators. The name should be meaningful to them. It may encompass a description of the content, when it should be assigned, the order, etc.
Examples: FortiPhish onClick Training Assignment, FortiPhish onSubmit Training Assignment
6) Scroll down the page and select the Save Template button below the list of modules:
You will receive a confirmation that the template has been saved:
If you wish to change the order of the modules, you can click and hold the six dots to the right of the module information and drag and drop the module to a different location in the order of modules:
Your new custom template is now available from the Select a template drop down menu:
Creating a FortiPhish Campaign:
FortiPhish provides online help for creating phishing campaigns. If you wish to tie a Security Awareness and Training Service campaign to phishing user email events, ensure you mark down the following:
- The name you give to the phishing campaign.
- The start date and time (hour) and time zone.
- The end date and time (hour) and time zone. You can determine this from the number of weeks you configure the phishing campaign for. It will be 1-4 weeks after the start date/time and time zone offset.
See the following FortiPhish help article: https://docs.fortinet.com/document/fortiphish/23.4.0/administration-guide/759964/creating-campaigns
How to create a FortiPhish campaign:
1) Log in to the FortiPhish service from the FortiCloud header (if logged in as the Tenant Administrator), or, log in from support.fortinet.com (you must have a registered support account and it must be added to the master support account that owns the license):
2) From the navigation menu, select Campaigns, then select the Add Campaign + button in the upper left quadrant:
3) Use the headers (Country, Language, Topic, Feature and Orientation) to find the appropriate template, or, select Custom in the navigation menu to create your own:
4) Make any modifications to the template that you require (Subject, Clicking Behavior, Level of Difficulty Use Attachment, Track User Reply, Activate On Click Training) and select the Next button:
| Activate On Click Training MUST be set to ‘No’ to assign training in the Security Awareness and Training Service platform. If set to ‘Yes’, you can choose from pre-defined training videos available in the system. The ‘Yes’ setting is typically used by customers who do not use the Security Awareness and Training Service. For information on what each of the settings mean when creating a campaign, visit the FortiPhish documentation here: https://docs.fortinet.com/document/fortiphish/latest/administration-guide/759964/creating-campaigns |
5) Give your phishing campaign a meaningful name. You may also wish to date stamp or add other information about the campaign and make any desired changes to the Campaign Name, Sender Name, Sender Email and SMTP Gateway Server fields and select the Next button:
| Sending a test email is recommended before launching a campaign Email gateway safelist: add the FortiPhish’s mailserver address (smtp.fortiphish.com) to your gateway safe list to allow incoming email traffic. Add noreply@ftnt.info or ftnt.info to your safe sender list to allow incoming Security Awareness and Training Service email traffic (campaign related emails). Browser allowlist: add FortiPhish’s website URLs (smtp.fortiphish.com, fortiphish.com, api.fortiphish.com) to browser allowlist |
6) Select the desired Recipients by selecting one of the groups you created during user import, then select the Next button:
7) Select ‘Scheduled’ from the Campaign Schedule drop down and configure the Launch Date, Time Zone and Campaign Duration, then select the Next button:
| Take note of the start date and time as well as the timezone as you will need to enter these values later, when you configure the training campaign assignment. You will also need to mark down the duration so that you can match the Learner Due Date for the training campaign assignment. |
8) Choose whether to Send Emails All at Once or Randomly (and configure the necessary fields), then select the Start campaign button:
You have successfully scheduled your phishing campaign.
| It can take up to 30 minutes for the phishing campaign to be available on the Remediation page of the Fortinet Security Awareness and Training Service. All campaigns should be scheduled for future launching to allow for this delay (at least 2 hours before hand). This will give you time to complete configuration on the Fortinet Security Awareness and Training Service. |
How to schedule the event training campaign in Security Awareness and Training Service:
1) Select Campaigns from the navigation menu, then select the New Training Campaign button:
2) From the Select a template dropdown, expand the Your Templates section and choose the campaign template you created in step 1:
3) Give the campaign name a name that is meaningful. You may wish to include the name you assigned the phishing campaign so that you know what this training is tied to, as well as the event type. The campaign name should be unique so that it is easily identifiable should you need to create additional reports or remediation events. To set the campaign name, select the pencil icon next to the campaign name (default name is New Campaign):
E.g.
<<phishing campaign name>> phishing campaign – event Training Assignment>>
4) Configure:
- The Campaign start date and time (this should match your FortiPhish start date and time and timezone),
- The Training due date for learners and time (this should match your FortiPhish end date and time (start time plus 1-4 weeks
- The Campaign End Date and time. You should enter enough time for any users that may have triggered the event on the last day (e.g. a week or two).
You must select the OK button for each to save the selected date and time:
You may also re-order the assigned modules in this step by dragging and dropping the modules.
5) Add or modify the Welcome/Introduction Message that will appear with the training assignment in the Learner App:
6) Since you MUST assign a user to every campaign, assign the training to a single user, for example, a test email account, or, your Tenant Administrator account:
7) Select the Notifications you wish to include on this campaign. You can turn off the Training enrollment confirmation since this is for generic training campaigns. You will be able to specify email content in the next step (Remediation rule creation). You may wish to leave the Due date alert active. You can disable the Campaign completion notification if you wish (if you do not wish to congratulate a learner for completing an assignment due to a phishing event):
You can view and modify the content these templates use by visiting Notifications in the Preference navigation menu item.
8) Select the Launch Campaign Now button to schedule the training:
Creating a Remediation rule to assign the training campaign to a phishing event:
To properly create and name a remediation rule to assign a training campaign to a phishing event, you will need:
- The name you assigned the phishing campaign in the FortiPhish service.
- The start date and time of the phishing campaign.
- The end date and time of the phishing campaign (The start date and time plus either 1, 2, 3 or 4 weeks after the start time).
- A campaign created for each event (open, click, submit) you wish to assign training for. You may assign a different campaign with different content for each of the events. Normally, training is not assigned on the ‘open’ event if users utilize the Outlook (or other) reading pane.
For this example, we will tie the training campaign to the FortiPhish onClick event.
1) Select Remediation from the navigation menu and then select the Create New Rule button in the upper right-hand corner:
The New Rule page will appear:
2) From the Condition drop down menu, select FortiPhish Campaigns and then the desired event. E.g. If you wish to assign training when someone clicks a link in a phishing email, select the User clicked + option:
3) Select the desired phishing campaign you wish to tie this remediation rule to:
4) Give the remediation rule a meaningful name that mentions the phishing campaign and training assignment this remediation rule is tied to:
5) From the Action dropdown, select Send notification from the General dropdown item:
6) Complete the Subject, Body and select the Send to recipients, then select Save:
Only select the Manager check box if you have populated your manager emails in the system, else, this setting does not send emails to managers.
You will be returned to the previous screen to select another action.
7) From the Action drop down, select Allocate users to a training campaign from the Training Campaigns drop down selection:
8) Select the Security Awareness and Training Campaign you created to assign to users who click a link in the associated phishing campaign, then select the Save button:
You will be returned to the Remediation page.
9) Toggle the new rule Status option button to the ON position:
Your remediation rule is complete. When someone clicks a link in the configured FortiPhish campaign, they will be assigned the configured Fortinet Security Awareness and Training Service campaign.
Scheduling a report for your phishing campaign:
FortiPhish provides detailed reporting for FortiPhish campaigns. However, for the purposes of tracking the users who have opened, clicked, submitted, or reported phishing emails, you can create a report in the Security Awareness and Training Service.
1) Select Reports from the navigation menu:
2) Select Create from the FortiPhish Report button in the list of reports:
3) Give your report a meaningful name (e.g. All FortiPhish Data Report) by clicking the pencil icon next to the report name at the top of the page:
4) If you wish to schedule the send of the report, select the Schedule option button:
5) Set the frequency by selecting the desired frequency (One-time, Weekly, Monthly, Annually)
5) Set the start date to match or be after the campaign start date and time.
7) Set the end date to match or be after the campaign end date.
8) Select the format of the report (CSV or XLSX).
9) Select the Save Report button to save the report.
If you set a schedule, you can access the report from the Scheduled Reports tab. If you only saved the report (without scheduling), you an access the report from the Saved Reports tab.
| The FortiPhish report contains data for all phishing campaigns. To view data for specific campaigns or other details, download the report and open it in Excel to use column filters / sorting to isolate specific data. |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article