Release Notes



Here are some freshly added features and improvements:

  • ETS

    1. Implemented a Quick Scan API

    2. GSuite, Profiles, and Advanced Scan fixes & improvements are made.

  • Investigations

    1. When a deleted email is tried to send analysis, a warning message is displayed to the user as a deleted email shall not be sent to the analysis.

  • Training Reports

    1. In multi-company selection, the remove icon is renewed to the trash can instead of displaying a large X.

    2. An error fixed that causes the warning messages displayed twice after clicking the send button.

    3. Updated warning messages for each type of training resend operations to define the operation in a much more clear/obvious way.

  • Training List

    1. Added a chip display in the search bar when clicked System Training category.

    2. Fixed an error of duplicate listing of the Custom category.

    3. Added training items are listed latest to oldest for company admin (language selection are also applied here, English first)

    4. Fixed an error on the search bar.

    5. Fixed some UI bugs.

  • General

    1. Migrated jQuery to v2 to v3.5 for fixing vulnerabilities of jQuery.

    2. Fixed some IDOR vulnerabilities.

    3. Data research completed. Company Info encryption in database PoC completed.

    4. Offboarding application for production PoC completed.

    5. For LDAP integrations, name and surname fields are separated.

  • User KPI’s

    1. The training score is displayed 50 for newly added users. Implemented a feature to display as 0.

  • Playbook

    1. Fixed an error that causes saved investigation scan types not to display when editing.

    2. Fixed an error on notifying user action.

  • Phishing Scenarios

    1. Fixed the error when on attachments that prevent saving the template for *.xlsm files.

    2. URL Clone feature is improved. No need to refresh the page now.

    3. Editor file upload support.

    4. Fixed some UI bugs.


  • SCIM settings page implemented.

  • Training marked as test excluded from dashboard statistics.

  • Implemented sending Campaign finished emails only to campaign creator.

  • Forgot password page white labeling

  • Implemented shortcode usage in training enrollment email's subject in notification templates.

  • New dashboard search problems fixed by adding a search button.

  • Page state kept when there is a validation error on the phishing scenario create / edit page.

  • When company admin creates a new phishing scenario, redirection changed to edit instead of the list page submitting initial info.

  • Removed set default checkbox on the company settings page for time zone. It automatically picks up the selected time zone for the company on the pages like the campaign start page.

  • When training sent to multi groups, if an email address exists on multiple groups, it had enrolled various times—fixed for single enrollment.

  • Improved performance of the training list page.

  • Training & Target User API s implemented.

  • Implemented role cloning for system users.

  • Fixed various bugs.

October -2

  • Advanced Reporting Change Enrolled Date to Actual Mail Send Date

  • Last 6 Months Performance Graph Total Points Change

  • Phishing Simulator, Data Capturing Settings

  • Azure AD Sync to only one group (Set by Default Group) feature.

  • Exam score bug fix

  • Dashboard type bug fix

  • Reseller role clone bug fix


  • Select All Target Groups on Send Training Multi-Tenant Email Groups

  • Scorm Training Title Character Error Fix

  • The new feature, Certification email, and Training email will show up on Sending Report as two rows. We can see if Certificate went successfully or training easily.

  • On the training report, we can see if the certificate has been chosen for the training and which certificate it is. Certificate preview button.

  • Training sending report type column (certificate and training can be filtered easily)

  • Campaign Reports Sort & Filter fix and feature.

  • Training Reports Sort & Filter fix and feature.

  • Company User Limit Label change (new name: Active Users) - (Company List)

  • Company User Limit and Renewal Date sorting bug fix. (Company List)

  • Notification clone template. You can clone the notification templates to another company easily.

  • Company White Labeling Favicon feature has been added.

  • Company White Labeling Support email feature has been added.

  • Training reminder feature has been added. It is possible to customize the training reminder notification template.

  • Pie Chart has been developed and fixed.

  • Bug fixes

  • Internet Explorer bug improvements.



  • O365 Phishing reporter extension can be used for reporting emails on Office 365 mailboxes.

  • Column names and column orders are made the same as the UI’s default column order and names when exporting to PDF, Excel, and CSV.

    • Target Groups

    • Company Groups

    • Company Group Details

  • On threat sharing, reported emails, target users, company groups, and investigation details pages after an operation that requires users to land another page users can stay exactly where they are after coming back to the corresponding page. For instance; when email details are clicked after navigating through pages, when the back button of the browser is pressed, the reported email table displays the results where you left off.

  • Server-side pagination, filter, and search are implemented in the following pages for better performance.

    • Threat Sharing Communities

    • Threat Sharing Incidents

    • Company List

    • Reported Emails

    • Target Users

  • For a better user experience, a loading indicator is added on the company switch popup for listing the companies.

  • On analysis results for reported emails, the Clean verdict is changed to Undetected since there is no 100% clean.

  • A new design for the “Reported Emails” data table’s clustering feature is added with clustering by the reporter as well. When one of the cluster options is selected, the last item for that cluster is displayed in order to take quick action. For other emails with the selected cluster option, a detailed view is added.

  • For the Rest API clients, IP restriction is configurable for each client separately: the client is allowed by any IP address or, only from the selected IP addresses.

  • “Notification Template” template category label is changed to the template type.

  • Better search experience on data tables is provided by adding a one-second delay after writing a text into the search box.

  • Google Tag Manager is added to the UI for collecting anonymous usage data.

February -1

  • On the Create Company and Edit Company pages, select a Reseller is no longer optional for Reseller roles. A Reseller selection obligation has been created for users with the Reseller role. If the Reseller selection field is left blank, an error display is provided for users who create companies (custom company admin).

  • Performance improvements were made on Exchange EWS integration and investigation features.

  • User’s department name added on both “Leader Board” and “User Performance” column on the Gamification Report.

  • The User’s department name also added to the excel report on the Gamification Report.

  • {TO} and {TONAME} shortcodes added to Scheduled Report email template.

  • Bug fixing on Virustotal API key create/edit page. Trim has been made for errors that occur in VirusTotal API keys.

  • Favicon featured added to Phishing Campaign

  • When a user deletes a training report, all statistics related to deleted training are automatically removed:

    • Leader board

    • User performance

    • Training engagement

    • Company score

    • User KPI statistics

  • Report Manager > Training Report List > Sending Report page has a delete option now to remove user’s data from training report and as well as all related reports.

  • Report Manager > Training Report List > Sending Report page has a restore option now to restore user’s data from training report and as well as all related reports.

  • Mark as a test option added to Training report

February -2

  • On the Target User page, bulk upload field mapping on the data table custom field’s columns is changed to display in the latest order.

  • Fixed an error on bulk upload function on the target user page - when Firstname and Lastname fields are empty on the provided excel file.

  • Following improvements are implemented for Incident Responder Investigations:

    • Target Group / Target Users selections are implemented. You can start an investigation by selecting specific target users or multiple target groups.

    • For a clear and more focused investigation experience, items like Calendar meetings, Notes are discarded and provided an investigation for only mail items in scanned mailboxes.

    • When configuring O365, testing the mail configuration functionality is provided on the given mail address. In addition, for the actions like creating or updating a category in the test process, marked as a test for the indication.

    • Investigation for multi-language O365 accounts is implemented. Mails are displayed in the corresponding folder even if the mailbox of the user is in a different language.

    • Keyword regex and IP match condition filters are improved.

    • O365 investigation performance improvements are implemented.

  • Column names and column orders are made the same as the UI’s default column order and names when exporting to PDF, Excel, and CSV for the following tables.

    • Phishing reporter users

    • Investigation details

    • Target group details

    • Company list

    • SMTP settings

    • Notification templates

    • Rest API settings.

  • Exported files are now named the same as an exported data table.

  • The left menu is re-ordered for better navigation. While settings-related menus are moved down, menus that have critical system functions are moved upwards.

  • The company logo and user profile part of the left menu is fixed and a new scroll has been added to the left menu for easy navigation.

  • A fresh button is designed for adding new items to the data table for better visibility.

  • Minor changes have been made on the Playbook’s query builder for clarifying the rules you’ve created.

  • Investigation filters are now grouped by type and they are searchable now.

  • A little “Folder” indicator label has been added to the Investigation details page on the folder list.

  • SMTP settings have an easier configuration page by adding descriptions to the fields like Reply-To, Error To fields.

  • Threat sharing post attribute selection when sharing an incident has been revised for hiding/showing items on the shared incident.

March -1

  • Multi-factor authentication support is added, after a period of time multi-factor authentication will be required to login for all users. We recommend setting up multi-factor authentication until this date with Authenticator tools like Authy, Duo Mobile, LastPass Authenticator, Microsoft Authenticator, Google Authenticator.

  • An error on target user deletion is fixed.

  • The Menu icon will now be correctly positioned on higher resolutions.

  • Pages with excel export support will use a newer .xlsx file format rather than .xls format.

  • A number of UI improvements are made on the investigation details page.

  • Filtering experience on the investigation list page is improved.

  • Target user and phishing reporter list operations are switched to the server-side for improved experience and stability.

  • We enabled retrieving all records for the audit log page by placing a load all button.

  • Filter options are added on pages with a listing, such as setting up a default filter for a better experience.

  • Two new analysis engine integrations, FortiNet and VMRay are added.

  • Suspicious email reporting is enabled on Outlook inspector mode for imported files on Outlook Desktop.

  • Field customization is added for Office 365 integration.

  • Some IDOR vulnerabilities are fixed.

  • Sending mail to inactive users after mail analysis is prevented.

March - 2

  • White labeling options are added to the system. Now you can set up your Keepnet product with your own brand by customizing the product logo, brand name, favicon, footer links, and etc.

  • Search functionality and performance are enhanced on the Switch Company page, also we added a link to the Companies page where the user can see the full list of companies he/she authorized to switch.

  • The performance is greatly increased while uploading and importing a large file containing a large number of target users.

  • Sensitive data like system user first name, last name, the email address will now be kept encrypted in the application database. These encryption changes are applied to System User, Target User, Company Info, SMTP settings, and Integrations data.

  • IBM X-Force analysis engine integration is added.

  • Analysis engine results that are still pending will now show as Undetected instead of N/A. Custom fields can now be filtered in Target User, Target Users Import and Add User To Target Group pages.

  • The dashboard background on page load now shows correctly on Safari browsers. System users who are created after creating a company are now correctly added under this newly added company, instead of the active company for logged-in user.

  • All Audit log page operations like filtering and sorting now switched to server-side. Implemented various UI enhancements on e-mail template design editor.

  • We added support for editing HTML and CSS of an email template and fixed cases where CSS classes do not get applied to the elements.

  • We removed the option for disabling multi-factor authentication once the user successfully finished setting up multi-factor authentication, and we added the option for users to switch multi-factor authentication to the application on the security page.

  • We refreshed minor UI elements and labels for Multi-Factor Authentication login.

  • We removed 100 record limits from Community and Incident lists

  • We implemented a fix where the user will no longer see posts from communities he left in the Threat Sharing module.

  • The system pop-up dialogs are refreshed for a better user experience.

  • On the Integration add edit page, the description field is changed to the text are for providing a better view when entering a description for the analysis engine.

  • Exporting data to the excel file label is changed from XLS to XSLX on the data table export feature.

  • Investigations list table columns are updated with displaying the Investigation triggers as Automatic, Manual as Playbook, etc.

  • Test connection feature is added for VmRay integration.

  • Also, an issue is fixed for blocked uploads to VmRay when some characters exist in the filename.

  • Left menu collapse animations are synchronized with the left menu items' movements.

  • We fixed the errors below:

    • An error when hash scan and file upload analysis status displayed incorrectly in some situations.

    • An error when the logged-in user company displayed incorrectly in some situations.

    • An error while filtering the AnalysisSource column in the Reported Emails table.

    • An error while importing target users using an empty excel file which is downloaded from google sheets.

    • An error where a deleted user role is also shown in addition to the current user role for logged-in users.

    • An error when a logged-in user role is displayed as Phishing Reporter in some situations.

    • An error on VMRay integration

    • An error on investigations when causing to display all users scanned when scanned user count is 0.

    • An error while uploading an empty spreadsheet file.

April - 1

  • Numerical values in Line Graph and in Training Reports were fixed. We show the view duration between 0-100 percentage. It will be much easier to understand the data in the training report excel based on SCORM training.

  • Training Logging Mechanism was fixed. We log basically every action that users make in the training list or in the training report such as, delete, launch, edit a reminder, disable reminder, any action on the training report menu.

  • We fixed the bug that the system was submitting the same action after refreshing the page

  • Training Report Menu Not Loading Data Real-Time was fixed. We improved this page to make this page loads in real-time without needing to refresh the page in order to see new data on the training report

  • Small typos/ bugs are fixed on the company selection structure.

  • Virustotal Link Shows Up in Phishing Campaigns was fixed. The admin sends a phishing campaign to the employee, employee report this phishing campaign without clicking it. But when the user reports it, the user is seemed to click the link because of the Virustotal scanning in the phishing campaign.

  • Sub Reseller can't be Reseller of Master Reseller bug was fixed.

  • The admin is able to get unique training URLs of each user from specific training.

  • We fixed the {FirstName} variable not displaying in the preview error. When a user previews the phishing campaign, it doesn't show the user's first name but this feature normally works as expected. We fixed this case.

  • Page loading was improved on Advanced Reporting Dashboard and page loads under 1 second.

  • A Bug fixed on Company group. When Reseller adds a company to a company group, the company gets training but also some training doesn't show up in the customer profile. We fixed the business logic permanently.

  • Phishing Simulator Duplicate User Sending bug was fixed. When the admin sends a phishing campaign to multiple groups and if X user in these 3 multiple groups, for example, the user receives a phishing campaign three times. This business logic has been developed in this release.

  • XML Button - Suspucius Email "To" feature was added. When the user reports a suspicious email, the original email will be sent to the IT or SOC email group.

  • White labeling Menu Favicon bug was fixed. When Reseller simulates a company that is under the reseller and goes to the White labeling menu of the company, the Keepnet logo was showing up automatically instead of the Reseller. We fixed this and show the Reseller's logo instead of Keepnet.

  • Training Report Reminder Date improved and the bug was fixed.

  • Reseller Menu Added to Multitenant Training Page. The admin will be able to see the Reseller name in the Reseller menu on the Multitenant Training Send page.

  • The 'Hide EULA' option was removed from the company edit page to the Whitleabeling menu.

  • Awareness Educator module iSpring integration upgraded from 8.7 to 9.7 version.

  • The exchange XML button is now compatible with Outlook Desktop on Apple Mac OS X, Microsoft Outlook, and OWA applications.

April - 2

  • Reanalyze option is added for sending reported emails. You can send an email to the analysis using the integrations you’ve. The undetected items will be rescanned.

  • Scanned items in reported emails now check the verdict in the analysis engines once - instead of polling them for 24 hours if no verdict has found for the item.

  • API Keys for integrations are now masked for security purposes.

  • Custom roles are implemented. Custom roles with custom permissions can be created and selected as well as made available for the tenants.

  • When creating a system user, the default selected role is now set Company Admin, instead of Root in order to make system user creation easier.

  • Company switch performance and search are significantly improved.

  • Client secrets are masked now on the Rest API client’s edit page for security reasons.

  • Multi-Factor Authentication SMS codes countdown is added for improved user experience. A minute countdown can be seen on the MFA screen prior to sending an SMS again.

  • Sender email address and Sender name columns are added to the reported emails table.

  • The footer design is refreshed.

  • Notification templates can be seen and filtered as a separate column by module they belong to on the Notification Templates page.

  • GrapesJS Editor functionalities are improved.

  • URL Analysis Result tab for reported email tables is refreshed. It is possible to see more details about integration that the given URLs in the reported email are scanned with.

  • Performance is significantly improved for O365 investigations as well as target user bulk add operations.

  • Target users’ bulk update field selection dropdown now has the “None selected” option as an escape for correcting selections for mismatched properties.

  • The investigation option for Threat Sharing posts is now displaying all items that can be investigated with displaying harmful items option.

  • Performance improvements have been made when sending a new post on a crowded Threat-Sharing community.

  • Playbook action now has a status field. Reported emails’ status can be set automatically when matched a playbook with status action.

  • Office 365 settings are stored as encrypted on the DB.

  • Test button for SMTP settings is added.

  • Some labels and snack bars on the UI are fixed.

  • Some bugs on the several modules system for stability are fixed.

April - 3

Bug fixes:

  • System Role name not matching in the System User menu bug is fixed.

  • Incident Responder Notification Template not being cloned as Custom bug is fixed.

  • Office365 Phishing Report Picture no loading bug is fixed.

  • The bug in the Get Email field is fixed.

  • The bug that downloading Encrypted Attachments on the Analysis Detail page is fixed.

  • Office365 MD5 investigation bug is fixed.

  • The reminder bug is fixed

What's New:

  • Captcha for custom Whitelabeled SSL domains is now available.

  • Copy button is added in the Analysis detail menu in Incident Responder reported email page to copy URLs with one click.

  • Updating user's email addresses in Azure/Okta without creating duplicate records in the system is available.

  • Auto Investigation feature now supports Office365.

  • Reseller column developed and can be filtered in the Companies menu.

  • Training and Reminder notification templates have a 'first name' tag feature now.

  • System Training's URL will be automatically changed when the training synchronized in On-Premise servers.


Advanced Reporting Dashboard speed improvements are made.


Bug fixes:

  • The certificate now can be resent in the Sending menu on the training report.

  • If you edit the phishing campaign after sending the phishing campaign by using Campaign Manager. You now see the correct template settings that you sent.

  • The phishing reporter MSI add-in can be downloaded from the menu in EMEA Keepnet Labs Cloud.

What's new:

  • The video forward bar can be disabled or activated in Video training. The user cannot pass quickly from beginning to end while watching the video. The progress bar will be disabled if the option chosen in the video training edit menu.

  • Both EMEA and Global Keepnet Labs Cloud have Forti Sandbox integration for Incident Responder.

  • Phishing Report Mark As Test feauter is developed. You can now mark the phishing campaign as Test. The related phishing campaign statistics will be removed from the User KPI.

  • New APIs have arrived. You can now be able to create, delete, list target groups or users. You can now be able to list phishing campaigns and inside of the phishing campaigns, you can get information from Summary, Department, Phishing Report, Sending, Campaign Clicked, Campaign Opened, Campaign Submitted, No Response, Macro Attachment menu(s).

  • Show unique domains: You are now able to see unique domains in the target group with one click and be able to whitelist the domains in the customer profile.


  • The old flash-based serious games have been removed from the training list. The new HTML5-based serious games will be uploaded to the platform.

  • The target groups which belong to an Inactive company will not be seen in the multi-tenant launch menu.