The Threat Composer is your organization’s private repository for phishing simulation templates. This article explains how to navigate the library, manage simulation, and understand the technical templates that power them.
📑 1. Threat Composer Overview
The Threat Composer is where you manage your own simulation content. Simulations appearing here are locally available to your organization, meaning they can be used in your Campaigns or triggered automatically by the automatic playlist scheduling —provided their status is set to Active.
This area serves three primary purposes:
Customization: Adapt existing revel8 templates to match your internal branding or tone, ensuring the simulations feel authentic to your employees.
Build new Simulations: Rebuild actual phishing attacks seen in your organization from scratch or via AI, allowing you to train your staff against the exact threats currently targeting your company.
Management & Testing: A central space to organize your library, adjust, and test before sending them to your employees.
The library is organized into two primary views to separate high-level management from technical configuration:
Simulations Tab: This is your local library overview. It provides a clear overview of your available local simulations, displaying information such as their Type, Difficulty, and current Status.
Templates Tab: This is the technical "blueprint" layer. Use this tab to adjust the detailed logic, specific prompts, and underlying functional values that power each simulation.
⚠️ The Templates Tab is considered an expert feature at this point and it is not recommended to adjust these parameters without prior alignment with a revel8 expert.
➕ 2. Building Your Library: Adding & Importing
You can expand your local library using several methods found under the Add and Actions (🔧 icon) menus:
Add (E-Mail only): Create a new simulation via AI Discovery where you describe a threat in plain language (e.g., "A fake Microsoft 365 login alert") and let the AI generate the content and technical properties automatically. Or create from scratch with our template editor.
Import revel8 Simulation: Browse and download high-quality, pre-tested simulations directly from the global revel8 catalog to add them to your local collection. Just select the simulation and select Import to copy the template into your local threat library.
Upload (Create New Simulation): Restore or replicate a scenario by uploading a previously downloaded simulation file.
Download Selected: Select templates in your list to export them as local files for manual backup or cross-instance sharing.
🛠️ 3. Deep Dive: Simulation Attributes
Clicking Edit Simulation opens a detailed configuration view where you define the specific setup of the threat.
Attribute | Operational Logic & Impact |
Status | Controls availability. Active allows automated scheduling and ensures the simulation can be used in campaigns; In Development, In Review, or Disabled keep it hidden but allow you to manage the current status for easier use. |
Flow | Determines the used communication channel - technical workflow used to send the simulation (e.g., EMAIL, SMS, or CALL). |
Type | The specific attack sequence, such as Email And Fake Website or Email And Attachment. |
Difficulty | Ranges from Very Easy to Very Hard to match against employee Awareness Maturity. |
Psychological Trigger | The emotional "hook" used to prompt action (e.g., Trust, Urgency, Fear, or Authority). |
Tags | Metadata used to match simulations to specific tools (e.g., |
🧪 4. Testing & Manual Execution
Before testing a simulation, you should always verify the content and personalization.
Execute: Click the Execute button in the action menu for a manual run.
Select Employee: Pre-select yourself or another test record.
Run Test: This triggers a real simulation instance.
⚠️ Data Handling: Test executions create real events, but these are automatically deleted after 24 hours and do not impact long-term awareness reporting.