Managed Security Awareness Dashboard User Guide

User Guide

Overview of Managed Security Awareness

Arctic Wolf Managed Security Awareness® (MA) delivers security awareness and compliance training through:

The MA Dashboard lets you manage program features, monitor user participation and performance, assess the level of security awareness that your organization has, and identify opportunities for raising the level of security awareness within your organization.

Note: This guide is intended for administrators of the MA program in their organization.

Signing in to the MA Dashboard

To sign in to the MA Dashboard:

  1. Go to https://sat.arcticwolf.com/.
  2. Sign in using your Arctic Wolf credentials.
  3. (MSPs only) Search for the desired customer account. Then, select View.

After signing in, the MA Dashboard loads, and your sign-in details are shown in the top-right corner in this format: Your Name - Organization Name.

Tips:

Initial setup

These tasks are completed as part of the initial setup of your MA program:

Activating the program

The MA program is comprised of:

Users receive approximately 43 emails over the course of a year. On a given week where an activity is scheduled, users only receive one activity for the week: a microlearning session, a quiz, or a phishing simulation email.

Note: These instructions assume that you have already signed in to the MA Dashboard. See Signing in to the MA Dashboard.

To activate the MA program:

  1. Select Administration Dashboard from the menu bar.
  2. On the Session Information tab, toggle Program Active on.

After program activation:

Changing private label settings

Enabling private labeling lets you customize the email sender name and display name. The sender of MA emails by default has the following:

Note: This task is optional.

To turn on or edit private labeling:

  1. Select Administration Dashboard from the menu bar.
  2. On the Private Labeling tab, toggle Use Private Labeling on.
  3. Edit the Display Name and Email Sender Name, as desired.
  4. Click Save to save your changes.

To turn off private labeling:

  1. Select Administration Dashboard from the menu bar.
  2. On the Private Labeling tab, toggle Use Private Labeling off. The email sender name and display name revert to their default settings.

Managing users and user groups

When integrated with Active Directory (AD), the MA Dashboard performs live queries of AD to retrieve users and user groups. To manage user enrolment in the MA program, edit users and user groups in AD. See the See also section for documentation about managing Microsoft users.

If your organization does not use Microsoft 365 or Azure, follow these steps to manage users in the MA program:

  1. Create a CSV file with these column headers in this exact order from left to right:

    1. First name
    2. Last name
    3. Email address
  2. In the following rows, add the first name, last name, and email address of the users that you want to add or remove from the program.

    Tip: You can also create a comprehensive list of users if you want to overwrite the existing user list.

  3. Sign in to the Arctic Wolf Portal.

  4. (MSPs only) Search for the desired customer account. Then, select Switch Customer.

  5. Submit a ticket with the CSV attachment and instructions for how to update the existing user list:

    1. Select Contact Your CST from the menu bar.
    2. Enter a subject and message in the contact form with instructions for whether the users listed in the CSV file should be added to, be removed from, or overwrite the existing user list.
    3. Upload the CSV file.
    4. Click Send to submit the ticket.

Note: QuickStart sessions are automatically sent on the next session delivery day to new users who are added to the program after activation.

Managing security awareness sessions

You can manage security awareness microlearning sessions in the following ways:

Tip: See also Monitoring security awareness and Engaging users.

Selecting a security awareness track

Note: The Managed Security Awareness Plus (MA+) license is required to access this option.

The MA+ program is set to the standard track by default. However, you can choose from other security awareness tracks that are tailored to specific industries, for example, healthcare.

To change the awareness track:

  1. Select Administration Dashboard from the menu bar.
  2. On the Session Information tab, select the desired track from the Current Awareness Track list. The list of upcoming sessions updates to reflect the awareness track that you select.

Changing the session delivery day

A microlearning session is sent through email between 14:00 and 15:00 UTC on the configured session delivery day.

After changing the session delivery day, users receive the next microlearning session in the queue on the earliest possible day that corresponds with the configuration. For example, if today is Tuesday, August 10, 2021 and you change the session delivery day before 14:00 UTC from Friday to Tuesday, users receive the next microlearning session today, and future sessions are scheduled to be delivered in the following weeks on Tuesday.

Note: Changing the selected session delivery day does not affect the timing of phishing simulation emails. Phishing simulations occur on a random weekday between 16:00 UTC and 22:00 UTC.

To change the weekday when sessions are delivered:

  1. Select Administration Dashboard from the menu bar.
  2. On the Session Information tab, select the desired session delivery day.

Disabling or enabling phishing simulations

The MA program includes phishing simulations to test user responses to suspicious emails.

To disable or enable phishing simulations:

  1. Select Administration Dashboard from the menu bar.
  2. On the Session Information tab, toggle Send Phishing Simulation Emails off or on as desired.

Previewing an upcoming session

To preview an upcoming session or phishing simulation:

  1. Select Administration Dashboard from the menu bar.
  2. On the Session Information tab, under Upcoming Sessions, find the session you wish to preview.
  3. Select the list under the Options column. Then, select Preview Session or Preview Phishing Email.

Tip: See also Muting an upcoming session.

Muting an upcoming session

If desired, you can mute an upcoming session or phishing simulation. If muted, the session or phishing simulation is not delivered to users.

Notes:

To mute or unmute a session or phishing simulation:

  1. Select Administration Dashboard from the menu bar.
  2. On the Session Information tab, under Upcoming Sessions, find the session you wish to mute or unmute.
  3. Select the list under the Options column. Then, select Mute This Week or Unmute This Week. Muted sessions are highlighted orange. Sessions that are not highlighted are queued to be delivered as scheduled.

Monitoring security awareness

The MA Dashboard provides the following options for monitoring the level of security awareness in your organization:

Secure Culture Dashboard

The Secure Culture Dashboard tracks user participation and measures performance in security awareness sessions, quizzes, phishing simulations, and compliance training.

The Secure Culture Dashboard has these sections:

Section Description
Secure Culture Statistics A display of the following metrics that indicate the extent to which security awareness and regulatory compliance are a part of your organizational culture:
  • Secure Culture Score — An aggregated metric, of user engagement and knowledge assessment statistics, that describes the level of security awareness that your organization has achieved. A high score represents a high level of security awareness in your organization. For example, a Secure Culture Score of 75 is good, but there is room for improvement.
  • Active Users — The number of active users to date.
  • Sessions Sent — The number of security awareness microlearning sessions delivered within the selected timeframe, for example, within the last 30 days.
  • Phishing Simulations Sent — The number of phishing simulation emails delivered within the selected timeframe, for example, within the last 30 days.
  • Completion — The percentage of delivered sessions that active users have completed.
  • Average Quiz Score — The average score of all users who have completed security awareness quizzes.
  • Phishing Simulation Failures — The percentage of of active users who failed phishing simulations. That is, the percentage of active users who clicked on one or more links in a phishing simulation email.
    Note: Users who fail a phishing simulation automatically receive a remediation session about phishing.
  • Remediation Completion — The percentage of delivered phishing remediation sessions that users have completed.
QuickStart Status A summary of user engagement for QuickStart sessions.
Session Statistics A summary of user engagement for past security awareness sessions.
Quiz Statistics A summary of user engagement and scores for past security awareness quizzes.
Simulation Statistics A summary of user behavior in response to delivered phishing simulation emails.

Tip: See also Reports for more information about statistics and reports.

Downloading Secure Culture statistics

You can download CSV files from the Secure Culture Dashboard that detail the following information, which identifies users who require additional training support:

Note: The data included in CSV file reflects the selected timeframe, for example, within the last 30 days.

To download Secure Culture statistics:

  1. Select Secure Culture Dashboard from the menu bar.
  2. Click Download to download the desired CSV file.

Tip: See also Engaging users for remediation options.

Reports

The Reports page displays Secure Culture statistics as downloadable PDF reports. Available reports are as follows:

Section Description
Security Awareness Program Status A progress report that shows the completion of microlearning sessions and quizzes, the results of phishing simulations, and the completion of phishing remediation sessions.
Security Awareness Program Trends A report that shows trends in user performance.
High Risk Users A report that identifies users with a low level of engagement with the MA program and users who have performed poorly in quizzes and phishing simulations.
Phishing Simulations A detailed report of phishing simulation results and the completion of phishing remediation sessions.

Tip: See also Secure Culture Dashboard for more information about available statistics.

Reviewing MA reports

To review PDF reports:

  1. Select Reports from the menu bar.
  2. Select a tab to view the PDF report.
  3. (Optional) Download the PDF file for offline access.

Downloading the MA program session history

Downloading the MA program session history is one way to review the level of engagement of your organization with the MA program. With this option, you can also review the history of a specific session or user.

To download a history of all past sessions and quizzes for all users:

  1. Select Administration Dashboard from the menu bar.
  2. Select the User Information tab on the dashboard.
  3. Select Download Full Session History to download the CSV file.

Tip: To review the history of all past sessions and quizzes for an individual user, see Assigning a past session to a user.

Engaging users

You can assign specific training content to users as needed to support security awareness learning objectives. See:

Assigning a past session to a user

Note: You cannot resend phishing simulation emails.

To assign a past microlearning session or quiz to an individual user:

  1. Select Administration Dashboard from the menu bar.

  2. Select the User Information tab on the dashboard.

  3. Search for the desired user. Then, select either of these options:

    • View History — To resend a session that the user has already received.
    • Assign Session — To assign a past session to the user.

    Tip: This option lets you assign past sessions that are not listed in the history for that user. For example, you can use this option to assign past sessions to a new user who was added to the MA program mid-cycle. When a new user is added, the user automatically receives the QuickStart session. However, the next security awareness session that the user receives is the session that is scheduled for delivery in the current or following week.

  4. Find the session that you want to assign to the user and select Assign.

Tip: See also Assigning supplemental training to a user group.

Assigning supplemental training to a user group

The Content Library feature lets you assign supplemental training content to one or more groups of users.

Note: A valid Compliance Content Pack or MA+ license is required to access this feature. In addition, your organization must use AD for identity and access management.

If your organization is an MA+ customer, you can assign any microlearning session or quiz from the security awareness track that your program is set to.

Tip: See Selecting a security awareness track for more information.

An MA+ license also provides access to role-based security awareness microlearning sessions. These sessions are designed for the following audiences:

Tip: If your organization uses AD, we recommend creating different AD user groups to better control which users you assign role-based training modules to. See the See also section for documentation about managing Microsoft users.

If your organization has a Compliance Content Pack license, you can assign compliance training modules. Compliance training modules are courses, ranging from 15 to 60 minutes long, that explain the laws, regulations, and policies that are relevant to the responsibilities of employers and employees, for example, anti-discrimination laws, sexual harassment awareness, safety regulations, and rules that govern the protection of personal information.

Note: User engagement and test outcomes for supplemental training assignments, including compliance training modules, are included in secure culture statistics and reports.

To assign a supplemental training module to a user group:

  1. Select Content Library from the menu bar.

  2. Browse or search for a training module that covers the desired topic.

  3. Select Assign To Group.

  4. In the dialog box, select the desired group.

  5. Review the list of group members to confirm your selection.

    Notes:

    • Verify that you have selected the correct group. Training assignments cannot be removed once they are assigned.
    • You cannot assign a module to a group without members. When integrated with AD, the MA Dashboard performs live queries of AD to retrieve users and user groups. To edit add or remove members, edit the group in AD.
  6. Click Assign <module> to <x> users. A confirmation message appears, and users within the selected group receive an email that grants them immediate access to the assigned module.

  7. Select x or Close to exit the dialog box.

See also

For documentation about managing Microsoft users, see Overview of Microsoft 365 Groups for administrators