We’ve introduced Comprehensive Phish Interaction Logging that captures every user interaction with phishing simulation emails in one place.

What It Is

Every interaction a user has with a phishing email is now logged chronologically, including:

• Email opens

• Link clicks

• QR code scans

• Credential submissions (data entry)

• User reports

This ensures a complete audit trail of phishing activity per user, with no data loss or overwriting.

Viewing Detailed Interaction Logs

1. Navigate to your Phish Overview Audits page.

2. Find the target user’s name in the report table.

3. Click the arrow beside their name to expand a nested row.

4. You’ll now see:

   • IP address of the interaction

   • Date and time of the event

   • Interaction type (e.g., Opened, Clicked, QR Code Scanned, Data Entry, Reported)

This gives you instant access to a timeline of every action the user took during the phishing simulation.

Downloading IP Logs for Deeper Analysis

If you need to conduct off-platform investigations or cross-reference IP addresses:

1. Click the 'Download IP Logs' button.

2. You’ll receive a comprehensive file containing all recorded IPs per user, timestamps, and interaction types.

Why It Matters

• Full visibility into user behaviour across multiple interactions.

• Better analysis of false positives and potential vulnerabilities.

• Stronger compliance with audit-ready logs.