The Incidents View provides a granular, real-time record of all severe and potentially dangerous actions taken by employees during phishing simulations. While the Overview Dashboard shows general trends, the Incidents view is where you identify specific high-risk behaviors and "Repeat Offenders" who may require targeted intervention.
🔍 1. Filter & Time Range
The controls at the top right allow you to isolate incidents by time or organizational structure:
Date Selection: Toggle between 1 Month, 3 Months, 6 Months, and 1 Year.
Note: Like the Overview, these filters operate on a full calendar month basis.Filter by Groups: Drill down into specific departments or regions to identify localized risk areas.
🛡️ 2. Incident Category Totals
The incident type cards at the top provide an instant count of the most severe simulation failures:
Category | Description |
All Incidents | The total combined number of severe failures within the selected timeframe. |
Attachment Clicked | Instances where an employee opened a simulated malicious attachment. |
Typed Credentials | High-risk events where an employee entered sensitive data into a fake login page. |
User Executions | Critical incidents where a user executed commands (e.g., via a terminal) as part of a "Clickfix" or similar attack. |
Information Breached | Simulations where the user submitted requested sensitive information. |
Repeat Offenders | The count of distinct individuals who have caused more than one incident in the selected period. |
📋 3. Latest Incidents List
This table lists every individual incident chronologically, providing context for the failure.
Employee: Shows the person responsible for the incident.
Incident Type: A color-coded tag (e.g., "Credentials typed" or "Attachment clicked") for quick identification.
Simulation: The specific template name that triggered the incident.
Date: The exact timestamp of the event.
Training: A green checkmark indicates if the employee completed the "in-the-moment" training following the incident.
💡 Understanding Data Masking & Anonymization Depending on your organization's privacy settings, employee names may be masked:
Without Anonymization: You will see the clear names of employees
With Anonymization: You see the department name maintained in the employee attribute (e.g., "Procurement") instead of a person's name. Privacy Protection: If a group contains fewer than 5 people, the name is further masked to the company level (e.g., "revel8") to prevent individual identification.
📉 4. Visual Analysis: Drill down
The bar charts on the right help you visualize where your risk is concentrated and to view which groups are causing the most incidents.
💡 Tip: Managing Dimensions Use the Smart Grouping function to add additional drill-down capabilities and change how these charts are segmented (e.g., by Country). Just like the Overview Dashboard, any group with a REPORTING scope in your Smart Grouping settings will appear here.