December - 2

What's new:

  • Group tagging auto-suggestions feature has been developed. The system will auto-suggest the tags when admin types something in Target Group > Add Tag menu.

  • The admin will be now able to send the same phishing or training campaign to the same target group multiple times in minutes if the Mark As Test option has been used.

  • If the admin enables Reminder and chooses the present day and time, the Reminder count has been starting from the present day, and now the Reminder will be started from the next week for the related day and time.

  • There is a new feature called ‘Managed, Not Managed’ options to categorize the companies. This will help Resellers to categorize their customers as Managed or Not Managed and the companies which have ‘Not Managed’ option will not be listed in the multi-tenant menu.

  • The admin will be now able to delete users from all training reports that exist on the company profile and restore the user from all training reports as well if needed.

  • The admins will now be able to fetch users who are NOT COMPLETED the training via one API Endpoint.

  • The companies will be listed as alphabetical order in Switch Company function.


  • A performance improvement has been done for the Target User list.

  • A performance improvement has been done for downloading gamification dashboard reports.

  • A performance improvement has been done for the Scheduled Reports menu.

  • A performance improvement and bug has been done for the ‘Stop’ training button.

  • The admin could click the Save button multiple times on the Training Report > Reminder Edit page. The Save button will be passive automatically after the first time clicking.

  • The data state will be resetted if admin clicks X or Close buttons to close the page on the multi-tenant menu.

  • The admin will be warned if admin enables the Reminder but does not configure it.

  • The certificate email queue will be now listed in the Advanced Settings > Email Queue menu. The Resellers will be able to see the certificate email queue real-time of their customers.

  • The ‘Surname’ field name has been changed to ‘lastname’ in excel sheet for target users.

  • The ‘DATE_FORMAT’ attribute date format will be be fetched from the customer’s profile settings.

  • A performance improvement has been done for the LDAP fetch users.

  • The original Reminder count number will not be used for the training send, the original count which was written for Reminder will be used for Reminder itself.

  • The public admins will be warned if a user has been added via public domains as a red banner on the public domain.

  • The admin will be warned if the admin doesn’t choose a language while launching the multi-language training.

  • The pop-up messages when using the Resend feature are now more clear for the admin to understand on phishing campaigns.

  • The admin can use ‘Space’ while specifying a password. It can be used while creating an admin account or updating the password.

  • If the admin marks the phishing campaigns as Mark As Test, the data related to phishing campaigns will disappear from the dashboard.

  • The category of Reminder Notification template has been updated as ‘Awareness Educator’

Bug Fixes:

  • The admin could send a training or phishing campaign to the users who are authorized before and but unauthorised. The Reseller now won’t be able to send the users whose email domain is not listed in the Restrict Email Address menu.

  • A bug that caused Reseller not to see the first 8 graphics on the phishing campaign was fixed.

  • A bug for a one phishing campaign was fixed.

  • A bug that caused a scheduled training not to start at the correct time was fixed. The scheduled training campaigns will be sent according to the customer time zone at the correct date and time.

  • A bug that caused the Incident Responder Notification Template not works has been fixed.

  • A bug that was causing a user who finished the training but listed in the Not Completed tab in a training excel report.

  • A bug that was fetching Department information from users incorrectly has been fixed.

  • A bug that was showing deleted public domains on the Restrict Email Address menu has been fixed.

  • A bug that caused the admin to Bypass blacklist words while creating a phishing subdomain has been resolved.

  • A bug that has caused the last 5 campaigns not to show accordingly in the ‘Last 5 Campaigns' menu in the dashboard .

  • A bug that caused the Randomize feature to work as alphabetical has been resolved.

December - 1

What's new:

  • The feature of reporting mails with the 'Send to analysis' button has been added to the Google Workspace plugin.

  • A list of users reporting phishing emails has been added to the phishing simulator module.

  • The feature of scheduling phishing campaigns has been added.

  • The 'Campaign Reports' page, where reports of phishing campaigns can be viewed, has been added.

  • PDF reports produced in the Fortinet analysis engine can now be downloaded with the 'See Details' button.


  • A performance improvement was made while adding users to target groups.

  • A performance improvement was made in the home page and the opening of the dashboard on the home page.

  • In the scan results performed on IBM X-Force, a more clear result is displayed instead of the numerical result.

  • The performance of Opened, Clicked and Submitted lists has been improved in the phishing simulator module.

  • Time information has been removed from the data in the 'Renewal Date' and 'Date Created' fields in the Companies list.

  • The name of the description merge tag in the template editor has been changed to a message in the editor.

  • A performance improvement has been made in the opening of the Email Template and Landing Page pages.

Bug Fixes:

  • Fixed the issue where the investigation time in Outlook investigations changes depending on the user's machine.

  • Fixed the issue where the 'Sender IP' field was blank in some mails.

  • The problem that some users cannot log in to the platform has been fixed.

  • The timeout issue on the Campaign page has been fixed.

  • The error that some users get after clicking the 'Enable MFA' button has been fixed.

  • Selection error where if the record edited in Template and Landing Page selections is a record after the 10th record, has been fixed.

  • Fixed 'Not Delivered' value on the Campaign Summary page.

  • Fixed 'Target Users' to display correctly in the campaign manager list.

  • When the schema is set to only http on the domain page, https option is removed on the landing page.

  • The problem that the file selection screen does not appear when some parts of the file uploaded component are clicked has been fixed.

November - 3

What's new:

  • Group Tagging + Multi Tenant Search feature is designed to help Reseller’s multi-tenant launch much easier. Reseller’s can tag Target Groups and launch training by using Tag based searching instead of Group name base.

  • Certificates will be sent now via Multi-Thread. The new implementation will help sending certificates much faster.

  • Certificate template {CompleteDate} merge tag is integrated with the customer’s preferred date format.


  • The pop-up messages when using the Resend feature are now more clear for the admin to understand.

  • A performance improvement has been done for Target User adding.

  • A performance improvement has been done for creating the Company.

  • A performance improvement has been done for the Roles menu.

  • A sentence for the Reminder feature on the Multi-Tenant launch menu has been changed to one more clear for the admin.

  • Target Group Excel Sheet, the field name called ‘Surname’ changed to ‘Last Name’.

  • The Training list menu while launching the Phishing campaign was showing a specific number of training on the list, now it will show all the training content the customer has.

  • The message is now more clear for the admin which was displayed if admin enters the blacklisted subdomain name in the Phishing URL field while on the edit menu of the phishing campaign.

  • A new message will be displayed if the admin writes dot (.) into the subdomain for SSL domains. The new improvement will reduce misuse of SSL domains. The training Type has been changed from ‘GROUP’ to ‘CAMPAIGN’ if admin launches the training via Phishing campaign.

  • The training type will be displayed as ‘CAMPAIGN’ and this will help admin to see the training launched via phishing campaign in the first look.

  • The gamification dashboard excel report has a ‘User Performance’ column. The Enrolled and Completed column date format will be separated as Slash and the date format will be fetched from the Date Format of customer’s profile settings.

  • The admin will be able to create System User if there is whitespace in any field. The system will ignore the whitespace if there will be one in any field while creating the system user.

  • The new brand name has been added to Blacklist for phishing simulator. Brand names such as Apple, Microsoft, Amazon and many more global brands are not allowed to be used as words in Phishing URL.

  • The multi-language feature is now more improved and some bugs fixed.

Bug Fixes:

  • A mandatory field which is ‘Description’ could be bypassed while creating a Playbook rule.

  • A mandatory field called ‘License’ was showing two times ‘This field is required’ while creating a company if this field was empty. The message will be displayed one time.

  • A bug that caused not to show the Source file of the training has been fixed.

  • The ‘User Performance’ column was displaying none data after being downloaded.

  • The ‘Waiting’ field which was displayed in the Sending Report menu of a training report is now improved. The deleted users from the training report will not be seen as ‘Waiting’ on the Sending Report menu.

  • The duplicate SMTP creation is fixed.

  • The sorting is fixed for Company > Company List > Status column.

  • If the admin marks as Test or Delete the phishing campaign, the phishing campaign data will disappear from the dashboard.

November - 2

What's new:

  • Phishing campaign report page has been added to the Phishing Simulator module.


  • Some additions and performance improvements have been made to the Campaign Manager screen in the Phishing Simulator module.

  • Messages which are displayed when investigation delete & warning actions are created have been made clearer.

  • Resource utilization optimization has been made for some API requests sent by the Outlook add-in.

  • The links in the Email Template editor will no longer be clickable.

  • Performance improvement has been made in the mailing list of Investigation results.

Bug Fixes:

  • Permission differences of a company admin logging in from the interface with an API client in the company admin role have been fixed.

  • An error encountered in some cases with the SAML method has been fixed.

  • Fixed some tags in the phishing simulator email template editor.

  • Corrected opening and closing behaviour of the left menu at low resolutions.

  • The 'finished time' field in the Investigation details will now show the correct value.

  • The error received when the queried hash could not be found in Virus Total on Virus Total has been fixed.

  • Fixed an issue where some users appeared as 'Enabled' instead of 'Offline' in the phishing reporter list.

  • Fixed an issue where multiple google workspace investigations were started, some of them started after quite some time.

November - 1

What's new:

  • Campaign manager page has been added to the Phishing Simulator module.


  • Improved performance in the section that updates the status of users who have turned off the Outlook add-in to 'Offline'.

  • Improved performance while reflecting the emails in the Investigation results to the interface.

  • Some error messages returned by the API in some scans with IBM X-Force integration have been made clearer.

  • Performance improvement was made by searching by one hash instead of two different hashes in the auto-investigation criteria.

  • Renamed VmRay integration to VMRay.

  • 'GSuite' text in Source in Investigation details has been changed to 'Google Workspace'.

  • Batch and faster processing of actions such as warning and deletion on Investigation has been provided.

  • Performance improvement was made in Google workspace investigations.

Bug Fixes:

  • An issue where the detail cannot be displayed when the detail button is clicked has been fixed for some VirusTotal scans.

  • The error while searching with non-numeric characters in the User Limit column in the Company List has been fixed.

  • The error received for integrations whose SSL certificate has expired has been fixed.

  • The Progress field is now displayed correctly for users who do not have any mails matching the criteria in investigations.

  • Fixed the issue where the names appear as 'No Name' in some privileges in custom roles.

  • The default values of some analysis engine integrations are correctly selected.

  • The 'Restore Default Settings' setting in the filtering options in the lists will now work as expected.

  • The 'Incident Responder' menu will not be displayed for a custom role of the Incident Responder module that is not authorized.

October - 2

What's new:

  • The Company ID is listed in the Company List to find Company ID much easily for APIs or other purposes.

  • Reminder notification template {CREATE_DATE} merge tag is integrated with the customer’s preferred timezone.

  • Admin is now able to create Department based scheduled reports and receive specific reports based on Departments.

  • The ‘Incident Responder On/Off’ feature has been integrated with Outlook MSI add-in.

  • A business logic for Report Scheduling about ‘Last 1 Week’ option has been changed. The report will be generated from the last 1 week data from now.

  • The warning page has been integrated with the By Email Group feature in the Training Module. If the admin sends a training, the warning page will be displayed with information about the training, groups, users and then the admin can send the training if wished.

  • The Company timezone list is integrated with the Campaign Manager timezone list, now Company timezone and Campaign Manager timezone list are the same.

  • The Duration column has been hidden by default in the Exam and Scores menu for SCOM training type.

  • The Invoice Report feature has been developed, the Resellers are able to see training, phishing usage and other data of their customers for invoice purposes.


  • The Notification template list is now loaded from the backend for better listing performance.

  • The user experience about ‘Sending Limit’ is improved. The Sending Limit field can now be empty without getting a pop-up information message. The default value will be used if the admin doesn’t enter a number.

  • The license user count will not be empty after the license expires.

  • The phishing scenario has an HTML page and the admin can review the HTML page without entering a phishing URL. This has been improved for the EMEA Keepnet Labs cloud.

  • The notification template list in the Playbook > Action > Notify menu has been improved to show the list much better for UI/UX experience.

  • A performance improvement has been done for the Multi-Tenant training launch menu.

  • The Reseller will not see default system roles if the ‘Custom Reseller Role’ option is chosen.

  • The SCIM user group which is assigned to the SCIM application will not be created on the target group menu as an empty group.

Bug fixes:

  • If a message pop-up about a field after filling up every field in a new company page, a few fields were missing and needed to be filled up again. The related few fields that include information will not disappear if there would be a pop-up message on the page.

  • Some columns weren't sorting correctly in the Gamification Dashboard, now fixed.

  • Some charts in the Training Report were showing full Browser User Agent instead of the name of the browser, which has been fixed now.

  • Incident Responder Update notification template being sent has been fixed.

  • Training Report > Sending Report > Waiting filtering option had a pagination issue which is fixed now.

  • The Exam data was coming duplicate rarely for a few SCORM files, now it’s been fixed.

  • The group name searching has been improved.

October - 1

Bug Fixes:

  • Fixed the character comparison problems for users with Turkish characters in the email.

  • Ensured that scanned users are not reprocessed when an incomplete O365 investigation job runs again.

  • Fixed an issue where some simulation mails did not match with a playbook.

  • The problem that sometimes 2 analysis report mails are received even though the user reports a single mail has been fixed.

  • Fixed some bugs in Google workspace investigations.

  • Ensured that the filter for 'Status' column in the Investigation details works correctly.

  • Fixed a bug in test connections for some proxy settings on the Proxy Settings page.

  • Filtering and sorting problem on 'Tenant Users' column in the role list on the system users page has been fixed.

  • The master record of an item that is excluded from analysis engine scans is now displayed as Excluded instead of Undetected.

  • Fixed an issue where the Investigation list would sometimes be empty.

  • Fixed the issue where sometimes fields are disabled when trying to edit a record of the IBM X-Force integration.

  • Fixed the association of Proxy Settings and SAML Settings custom roles with the visibility of the respective pages.

What's New:

  • When adding an analysis engine integration, if IP, URL or File scanning capacity is not selected, a validation error will be shown.

  • In case of an error, analysis jobs will be retryed 3 times and completed.

  • The custom role options of the Proxy Settings and SAML Settings pages are moved to Company section.

  • In Google workspace investigations, scanned users who are encountered an error while accessing their mailbox will now be seen in the investigation user list.

  • Creating and listing phishing scenarios pages have been added to the phishing simulator module.

  • Filtering feature has been added to the Role column of the System users list.

  • Only active integrations are displayed in the 'Analyze' option in Playbook actions.

  • Investigation results will now be automatically updated on the screen at 15-second intervals.


  • Performance improvement has been made while creating Investigation users and processing investigation results.

  • Status reporting frequency for auto-investigations increased from 10 seconds to 60 seconds.

  • The users to be scanned in O365, EWS and Google workspace investigations were distributed and processed over different investigations.

  • The name of the Roksit integration has been changed to Cyber X-Ray.

  • Bandwidth usage is optimized in Google workspace and O365 investigations.

  • Optimization was made in bulk deletion and warning actions on e-mails found in the investigation results.

  • The error message returned when the username or password is entered incorrectly in a Cloudflare type DNS Provider definition has been made clearer.

  • Prevented deletion of a record when this DNS, Domain, Landing Page, Phising Scenario record is being used in the system.

September - 3

Bug Fixes:

  • We fixed some bugs in some scans with IBM X-Force and Google Safe Browsing analysis engines.

  • We fixed the problem that the from information could not be retrieved from some emails.

  • We fixed the multiplexing problem in some email addresses containing Turkish characters in the phishing report list.

  • We have provided the page to be refreshed when a target user is deleted.

  • We fixed an issue where the Outlook add-in would sometimes show an error when showing a message box.

  • Validation was added to the email field on the DNS service definition page.

  • We added validation for IP addresses entered in the analysis engine IP exclusion list.

  • We ensured that tooltips that do not contain text are not displayed.

  • As a result of getting an error in SAML authentication, we have provided the URL to be redirected from whitelabelling.

  • We fixed the issue where the "Priority" feature in Playbook was not taken into account.

  • We fixed the issue where the save button would not work when Phishing Scenarios was creating new Email Templates.

  • In the O365 plugin, we fixed the problem that the plugin title could not be customized according to the selected language and Turkish characters.

What's New:

  • We ensured that target users can also be uploaded as csv.

  • We provided the default template content according to the template type selected on the Notification Template screen.

  • We added Roksi analysis engine integration.

  • We added Landing Page Template creation and listing pages to the Phishing Simulator module.

  • We added domain definition and listing pages to the Phishing Simulator module.

  • We added a test connection button to the Zen Spamhause type integration definition screen.

  • We added a sender name column to the mailing lists in the Investigation details.

  • We added a page that shows which groups the Target Users belong to.

  • We added the display of errors received during SAML authentication in the interface.


  • We provided faster processing of heartbeat requests sent by the Outlook Add-in.

  • We provided faster processing of investigation status report requests sent by the Outlook Add-in.

  • We made performance improvements in email analysis with Virus Total and Forti-Sandbox.

  • In the Proxy Settings screen, we made it possible to save the name and default proxy options without making a test connection.

  • We made performance improvements in Google Workspace investigations.

  • We made a performance improvement in the opening of the Integrations page.

  • We made a security improvement during the phishing template creation phase.

September - 2

Bug Fixes:

  • Incident Responder > Workflow duplicate records are fixed after editing the rule.

  • We fixed an issue that the {FIRSTNAME} tag which wasn’t working in the notification template.

  • We fixed other minor bugs.

What's New:

  • Timezone has been implemented for the mult-tenant company based training launch.

  • Multi-thread email sending is implemented to the system. The sending email speed has been increased via multi-thread.

  • Email sending queue is displayed on the Analytics menu now.

  • “Delete email” option included in the Phishing Reporter button for O365, Exchange Online.

  • We now have multi-language support for Scorm based training.

  • We now have advanced logging for Scorm based training that logs all data for future analysis requirements.

  • SCIM - "Set by Default Group" option will be automatically enabled and only Reseller roles will be able to Disable the "Set by Default Group" option.

  • Google Workspace Add-in will be downloaded on Phishing Reporter UI.

  • Reseller will not start a campaign (training and phishing) to any domain which is not whitelisted on the Restrict Email Address menu.

  • The timezone information in the Campaign Manager > New Campaign will come from your company timezone now.

  • Once the Reseller configured a setting, the Reseller will not be the owner of the settings. The improvement is for "Role page, Certificate page , SMTP page".

  • On the Multi-Tenant, By Email Group menu, when you click on the X button and Close button, the old state will be reset.

  • MP4 type of training will be stopped automatically when the user changes the training tab or when the browser is in the background.

  • OneLogin SCIM integration has been developed and implemented to the platform.

  • In order to reduce duplicate phishing assignments or accidentally launch a phishing campaign twice, there is a new pop-up message warning for administrators.


  • "Auto-reset for License" field on Company Edit menu is be improved to reduce admin error.

  • The user will be warned if the user leaves an empty field while setting up Report Scheduling.

  • Three SMTP IP addresses have been added to the default dashboard.

  • We made performance improvement on adding target users on the target group page.

  • We made performance improvement on the Phishing Campaign Manager page.

  • A logging mechanism is developed to log create, edit, update and delete operations for Target User menu.

September - 1

Bug Fixes:

  • We fixed a bug on the no proxy section on the Integrations page and added the default proxy option.

  • We fixed a bug related to the Clear button on the Investigation list, it works correctly now.

  • We fixed a bug about unsupported scan types not appearing in the Playbook section where integrations are selected.

  • We fixed a bug in the filter section of the Mail Configurations Status and Platform column.

  • We fixed a bug in filtering by the User Status column in the target user list on the Investigations page.

  • We fixed a bug in the search by integration type on the Integrations page.

  • We fixed a bug related to the number of scanned emails in the Investigation details.

  • In the Investigations details, we fixed a bug related to the problem that the icon appears but the label does not appear for Outlook type investigations.

What's New:

  • We have enabled URL, Attachment, IP exclusion lists to be defined on the Integrations page.

  • We added support for the investigation on Google Workspace.

  • We enabled the notes field to be seen in the reported email details.

  • We enabled a template to be selected while notifying users in Reported email details.

  • We provided default URLs on an API basis on the Integrations page.

  • In the O365 mail configurations page, we added the domain selection so that only certain domains can be investigated.

  • In case of an error in the target user list on the Investigations page, we ensured that the cause of the error can be seen as a tooltip when hovering over Scan Status.

  • We enabled the Scan Status column to be filtered in the target user list on the Investigations page.

  • We removed the Company module license type from the company definition screen and enabled it to be given by the system.


  • We made a performance improvement for the target user list on the Investigations page.

  • We made a performance improvement on O365 investigations.

  • We improved the performance of the test, enabling the email body to be retrieved in the test connection section of the O365 mail configuration screen.

August - 4

Bug-fixes :

  • We fixed some bugs related to IBM X-Force scan results.

  • We fixed a bug that caused the user's email address not to be identified by the Platform while using Phishing Reporter.

  • We fixed a bug that caused the scan status column to show an empty value on the target user list of the investigation details page.

  • We fixed a bug on image upload for the notification template page.

  • We fixed a bug that new items are not shown on the audit log page.

  • We fixed a bug that caused the custom roles cannot be deleted by a root user.

  • We fixed the bug that caused a user to grant some licenses to sub-companies, even these do not have this license.

  • We fixed a bug that brought incorrect information on the white-labelling settings page.

  • We fixed a bug that caused the date and email relay information empty on email details.

  • We fixed a bug that some items cannot be clicked on the switch company list.

  • The total target user count will now show correctly on top of the investigation detail page.

  • On the Investigation details page, the target user list was correctly sorted according to the scan status column.

What's New :

  • We added Google Safe Browsing and IP Spamhause Zen analysis engine integrations.

  • We have developed a log collection tool for our Outlook add-in and diagnostic tool for faster status checking and error detection.

  • We have enabled our Background service to run as a Windows service as well.

  • We added proxy selection support for integrations.

  • During the deletion phase of the proxy, we added a check that if this proxy is used by an analysis engine, it should not be deleted.

  • We introduced the captcha requirement when many incorrect passwords and multi-factor authentication codes are submitted.

  • While reporting email via Phishing Reporter, we have provided a text showing the status of the process.

  • We added the ability to stop the investigation for EWS type investigations.

  • We developed an add-in for Google Workspace.

  • We developed a feature that allowed users to generate the Google Workspace add-in on the Phishing Reporter page.

Improvements :

  • We improved a feature that the investigation details now include details about the type of investigation selected.

  • We improved the validation error feature when no criteria are added on the Investigation screen.

  • We have improved the validation error feature when at least one target user group is not selected on the Investigation screen.

  • We added detailed log export support to the outlook add-in for better due diligence.

August - 3

Bug Fixes:

  • We fixed an issue that caused limited search on Incident Responder > Investigation > Scanned Email page.

  • We fixed an issue that created the blank excel reports on Report Scheduling.

  • We fixed an issue that reverted the users back to the Edit page when they deleted training content.

  • We fixed an encoding issue that caused some characters not to display correctly when searching an email in the Manual Investigation on Incident Responder > Investigation page.

  • We fixed the “role cloning” bug. Resellers can clone a role to other tenants now.

  • We fixed a bug that was resetting all settings when admins edited any input on Report Scheduling.

  • We fixed a bug in the search function under the Users column in the Target Group. The search now includes text along with numeric values.

  • When the target users were uploaded via an excel sheet, you had to refresh the page to see target users on the system. We fixed this bug, as soon as you upload it, you will see the target group list immediately.

What's New:

  • “Multi-tasking” feature is developed to send training emails 5x times faster.

  • Current gamification dashboard logic now supports any type of training content (HTML5, MP4, and scorm 1.2)

  • “Stop and start button” is created for the training assignment on the Report Manager > Training Report page. Now, an admin can stop any training that is currently being sent and continue any time.

  • An admin, reseller or any custom role which has granted permission can delete a system user from the Company > System User menu.


  • We created a new business logic that does not allow a Reseller to be a Reseller for itself.

  • We now started to host 3rd party components such as fonts, .CSS, Javascript into the platform - there will not be any internet dependency for on-premise customers.

  • We improved our “auto-update feature” which now includes Phishing URLs.

  • We improved the performance of search functionality on the Incident Investigation > Scanned Emails page.

  • We improved the performance on the Sending Report page on the training report.

  • A logging mechanism was added for iSpring based HTML5 training to save data in any error.

  • A logging mechanism is developed to log create, edit, update and delete operations for Notification Template, and Reminder on Training Report.

  • If the Training Notification template does not exist, the users will be notified when they customize the training.

  • We made an improvement to reduce duplicate training assignments. The admins are not allowed to assign training more than one at the same time or in the last 3 minutes on the Training Launch menu.

  • We improved the training launch button that reduces any admin mistake to send training twice to similar groups.

August - 2

Bug Fixes:

  • Advanced reporting option on “Report Scheduling” bug is fixed, now it sets correct details once you set up.

  • Same phishing URL allowed to use for different phishing scenarios - the system no longer warns admin for this conflict.

  • Using different characters (like -,!,+,&,etc.) in the training name and using these characters in search bugs is fixed.

  • The bug that the CKFinder file manager was not listed on the Training page was fixed

What's New:

  • The “Select All” button on datatable selects only visible records after a search result instead of all records in the datatable.

  • Time zone and data format feature added on company profile that each company allowed to use their own time zone and data format.

  • Time zone and date format used in excel reports.

  • Time zone and data format integrated into Training assignment, Phishing Campaign Report, Training Campaign Report and Report Scheduling.

  • In order to reduce duplicate training assignments or accidentally launch a training campaign, there is a new pop-up message warning administrators and asking for approval for this operation with a detailed description.

  • MP4 formatted training name is used as a Title on the end user’s browser.

  • A logging mechanism is developed to log create, edit, update and delete operations for Training modules.

  • 4 new languages (Estonian, Russian, Hebrew, and Dutch) were added to the training modules.


  • Performance improvement on Training Summary report.

  • Performance improvement on Score page on training report.

  • Performance improvement on Exam page on training report.

  • Performance improvement on Email group list on the target group.

  • Performance improvement on Phishing Campaign list.

  • Performance improvement on the Company list.

  • Performance improvement for Leaderboard calculation on Gamification Dashboard.

  • Performance improvement on the Training list.

  • Performance improvement on the Phishing Scenarios.

  • XLS Excel 1999 format upgraded to 2007 version XLXS format on Incident Responder report.

August - 1

Bug Fixes

  • We fixed an issue that was causing diagnostic tools to get the email addresses for some users.

  • We fixed some bugs during the analysis of a reported email indicator with Fortinet.

  • We fixed some bugs that were causing the sender IP to not be extracted from reported emails and not displayed geolocation.

  • We fixed a bug that was causing the analysis of the simulation emails.

  • We fixed a bug on O365 configurations that was causing test connection failures for some O365 accounts.

  • We fixed an issue that was causing an error message on the investigation details page.

What’s New:

  • Analysis results are directly reflected in the reported emails even if analysis continues for other indicators in the reported email. When a result of an indicator is a malicious or phishing item, it updates the reported emails analysis result immediately.

  • Outlook Add-In and Diagnostic tool installations are versioned so that when a new version is distributed, it automatically replaces the old version without an uninstallation.

  • Outlook Add-In now sends the operating system’s user account SID which will be used to identify, group and differentiate email accounts used by OS accounts.

  • Threat Sharing posts now can be liked from the preview directly without expanding the post.

  • Auto Investigations are now starting if there is no active investigation with the same criteria for optimization.


  • We improved performance when users attempt to stop an ongoing investigation on Outlook Add-In and O365 investigations.

  • We improved the usage of target user custom fields in date and date-time types. Date fields show only the date and date-time fields show full date and time information.

  • We improved performance on the drop-down lists and autocomplete lists by loading items on demand.

  • Clickable areas of the data table actions are enlarged so that click action occurs not only clicking the visible text, but also clicking the hovered area for thebetter user experience.

  • Investigation date range selection now includes the selected end date.

  • We improved the analysis performance on reported emails.

  • O365 investigations scan performance and result matchings on the given filters are improved.

  • We improved performance on the Company List page.

July - 2

Bug Fixes:

  • A bug causes marking items as malicious when posting a new incident on Threat Sharing was fixed.

  • A bug that causes the investigation to be interrupted for O365 inbox scans was fixed.

  • A bug on the Outlook AddIn that stops sending heartbeat was fixed.

  • A bug that users with unconfirmed emails fail to log in after a SAML configuration is applied was fixed.

What's New:

  • The Incident Sharing feature is implemented with Cross Company Integration which extends the analysis capabilities of an incident. Customers can open their analysis engines to our other products, which can be configured by their Integrations and Rest clients with many reporting features.

  • Investigations for Exchange Web Services are implemented. EWS can be configured from the Mail Configurations page and users' mailboxes are scanned when starting a new investigation.


  • We improved performance on the Company Group Details page.

  • We improved performance on the Target Group Details page.

  • Company Create quick links are opened on the new browser tab when clicked.

  • Users logging in with MFA now can select don’t ask again on this computer option so that they do not have to enter MFA code each time they log in.

  • We improved performance on reporter emails’ analysis.

  • Outlook AddIn now can report emails that are opened in a separate Outlook window.

July - 1

Bug Fixes:

  • The date and time was fixed for some users and system-wide in Gamification Dashboard.

  • The timezone has been fixed in Phishing Simulator > Campaign Manager menu. The date and time which are chosen while sending the phishing camping should be sent on the correct date and time related to the company's timezone.

  • A control mechanism was added to the users who have low-level roles. The low-level role user can't change the role of the high-level user.

  • The MP4 training contents can be watched in the browser as full-screen by default.

  • The User KPI menu was improved and a bug was fixed.

  • The training which was published via the Available For feature wasn't being saved the first time with a custom email template - this bug is fixed.

What's New:

  • A new report generator that provides information about the summary of the training deployed was developed for Resellers.

  • The user roles are now optional for Resellers. The Resellers are able to choose which roles the customer will have.

  • If the customer has a custom Relay SMTP rule, the SMTP Relay test is now optional to be active or inactive.


  • The system performance and stability increased.

  • The Restrict Email Addresses menu works server-side now, this will create performance for listing and adding.

  • The Reseller is able to add different types of domains to the Restrict Email Address menu now.

  • The O365 integration automatic status checker was improved to detect whether or not the O365 integration works correctly.

  • Incident Responder, Manuel investigation is now supported different characters while searching an email in the users' inboxes.

  • The customer is now able to upload different image files which include spaces or different characters in the image file name to the Whitelabeling menu.

  • The new training is now saved as the System Email Template option as default until the user decides to use the Custom Email Template option in the training.

June - 2

Bug Fixes:

  • A bug causes scrolling problems on the modal popups.

  • Bug fixes on security, performance and stability throughout the platform.

What's new:

  • Investigation regex filter on mail body feature is implemented. When a filter is selected, scanned emails that match to the given regex shall be displayed on the investigation results. (* This feature requires the update of the Outlook AddIn clients)

  • New Company onboarding wizard is implemented. When resellers create a new company, settings like SMTP and white-labelling of the new company can be configured quickly with a click of a button.

  • Notified email result field text can be customized by the selected company’s language.


  • When downloading the current page of the Phishing Reporter users, the users listed on the page and on the excel page do not match since the last seen information of the users is updated. Now, the displayed user list is reflected to excel.

  • List pages’ performance has been optimized throughout the system.

  • On the Investigation List page, user count and progress calculation performance is improved.

  • Authorization flow is reimplemented for performing better authentication/authorization checks.

June - 1

Bug Fixes:

  • This release contains majorly fixed bugs, improved security, performance and stability throughout the platform.

What's New:

  • SAML integration is implemented. Companies can create an integration for their SAML identity providers and users now can login using SAML integration. When using SAML, a user who doesn’t exist on the system is created with their assigned user information and role on the SAML identity provider.

  • Audit logs can now be displayed and exported on Windows Event Logs.


  • In Phishing Reporter Users table, Status column is renamed as Add In Status.

  • Phishing Reporter Outlook Add In performance is improved when Outlook is started.

  • Target user custom fields with the date and date-time types can now be filtered and displayed within the option of active user’s timezone and date-time format selection.

  • Datatable filter for the multi-select search box is improved. When an item count is less than 5, the search box is not displayed. Otherwise, users can search using multiple filter items.

  • Permission names are listed in a user-friendly way on Custom Role create/edit pages.

  • Investigation actions are improved for consistency and better user experience both on playbook and investigation start pages.

May - 2

Bug Fixes:

  • Fixed several bugs, improved security, performance, and stability throughout the platform.

What's new:

  • Investigations now scan emails from the enterprise vault for Outlook Addin; users, as well as emails in the enterprise vault, can be deleted from the Investigation details page. In addition, users can report emails for scanning in the enterprise vault with Outlook Addin.

  • Phishing Reporter User’s email addresses are now persisted as encrypted.

  • Audit logs are now can be found in the Event Logs.

  • Logging API requests/responses are now configurable.

  • The source column can be filtered on the Reported Emails table.

  • AddIn Status and Diagnostic Tool status columns are now filtered on the Phishing Reporter Users data table.

  • The login page is updated for Identity Provider (like SAML) implementations for the next releases.

  • The server-side pagination feature is expanded for the entire data tables on the system.


  • Timezone and date-time settings improved. Users can now alter their settings without logging out and in.

  • Consistency is provided on data displayed after deleting an item from the last page of the datable.

  • Target User Bulk Operation with Excel feature performance is significantly improved.

May - 1

Bug fixes:

  • The certificate now can be resent in the Sending menu on the training report.

  • After you edit the phishing campaign after sending the phishing campaign by using Campaign Manager, you now see the correct template settings that you sent.

  • The phishing reporter MSI add-in can be downloaded from the menu in EMEA Keepnet Labs Cloud.

What's new:

  • The video forward bar can be disabled or activated in Video training. The user cannot pass quickly from beginning to end while watching the video. The progress bar will be disabled if the option chosen in the video training edit menu.

  • Both EMEA and Global Keepnet Labs Cloud have Forti Sandbox integration for Incident Responder.

  • Phishing Report Mark As Test feature is developed. You can now mark the phishing campaign as Test. The related phishing campaign statistics will be removed from the User KPI.

  • New APIs have arrived. You can now be able to create, delete, list target groups or users. You can now be able to list phishing campaigns, and inside of the phishing campaigns, you can get information from Summary, Department, Phishing Report, Sending, Campaign Clicked, Campaign Opened, Campaign Submitted, No Response, Macro Attachment menu(s).

  • Show unique domains: You are now able to see unique domains in the target group with one click and be able to whitelist the domains in the customer profile.


  • The old flash-based serious games have been removed from the training list. The new HTML5-based serious games will be uploaded to the platform.

  • The target groups which belong to an Inactive company will not be seen in the multi-tenant launch menu.

April - 3

Bug fixes:

  • System Role name not matching in the System User menu bug is fixed.

  • Incident Responder Notification Template not being cloned as Custom bug is fixed.

  • Office365 Phishing Report Picture no loading bug is fixed.

  • The bug in the Get Email field is fixed.

  • The bug that was downloading Encrypted Attachments on the Analysis Detail page is fixed.

  • Office365 MD5 investigation bug is fixed.

  • The reminder bug is fixed.

What's New:

  • Captcha for custom Whitelabeled SSL domains is now available.

  • Copy button is added in the Analysis detail menu in Incident Responder reported email page to copy URLs with one click.

  • Updating user's email addresses in Azure/Okta without creating duplicate records in the system is available.

  • The Auto Investigation feature now supports Office365.

  • Reseller column developed and can be filtered in the Companies menu.

  • Training and Reminder notification templates have a 'first name' tag feature now.

  • System Training's URL will be automatically changed when the training synchronized in On-Premise servers.


Advanced Reporting Dashboard speed improvements are made.

April - 2
  • Reanalyze option is added for sending reported emails. You can send an email to the analysis using the integrations you’ve. The undetected items will be rescanned.

  • Scanned items in reported emails now check the verdict in the analysis engines once - instead of polling them for 24 hours if no verdict has found for the item.

  • API Keys for integrations are now masked for security purposes.

  • Custom roles are implemented. Custom roles with custom permissions can be created and selected as well as made available for the tenants.

  • When creating a system user, the default selected role is now set Company Admin instead of Root in order to make system user creation easier.

  • Company switch performance and search are significantly improved.

  • Client secrets are masked now on the Rest API client’s edit page for security reasons.

  • Multi-Factor Authentication SMS codes countdown is added for improved user experience. A minute countdown can be seen on the MFA screen prior to sending an SMS again.

  • Sender email address and Sender name columns are added to the reported emails table.

  • The footer design is refreshed.

  • Notification templates can be seen and filtered as a separate column by module they belong to on the Notification Templates page.

  • GrapesJS Editor functionalities are improved.

  • URL Analysis Result tab for reported email tables is refreshed. It is possible to see more details about integration that the given URLs in the reported email are scanned with.

  • Performance is significantly improved for O365 investigations as well as target user bulk add operations.

  • Target users’ bulk update field selection dropdown now has the “None selected” option as an escape for correcting selections for mismatched properties.

  • The investigation option for Threat Sharing posts is now displaying all items that can be investigated with displaying harmful items option.

  • Performance improvements have been made when sending a new post on a crowded Threat-Sharing community.

  • Playbook action now has a status field. Reported emails’ status can be set automatically when matched a playbook with status action.

  • Office 365 settings are stored as encrypted on the DB.

  • The test button for SMTP settings is added.

  • Some labels and snack bars on the UI are fixed.

  • Some bugs on the several modules system for stability are fixed.

April - 1
  • Numerical values in Line Graph and in Training Reports were fixed. We show the view duration between 0-100 percentage. It will be much easier to understand the data in the training report excel on SCORM training.

  • Training Logging Mechanism was fixed. We log basically every action that users make in the training list or in the training report such as, delete, launch, edit a reminder, disable reminder, any action on the training report menu.

  • We fixed the bug that the system was submitting the same action after refreshing the page.

  • Training Report Menu Not Loading Data Real-Time was fixed. We improved this page to make this page loads in real-time without needing to refresh the page in order to see new data on the training report.

  • Small typos/ bugs are fixed on the company selection structure.

  • Virustotal Link Shows Up in Phishing Campaigns was fixed. The admin sends a phishing campaign to the employee, employee report this phishing campaign without clicking it. But when the user reports it, the user is seemed to click the link because of the Virustotal scanning in the phishing campaign.

  • Sub Reseller can't be Reseller of Master Reseller bug was fixed.

  • The admin is able to get unique training URLs of each user from specific training.

  • We fixed the {FirstName} variable not displaying in the preview error. When a user previews the phishing campaign, it doesn't show the user's first name, but this feature normally works as expected. We fixed this case.

  • Page loading was improved on Advanced Reporting Dashboard, and page loads under 1 second.

  • A Bug fixed on the Company group. When Reseller adds a company to a company group, the company gets training, but also some training doesn't show up in the customer profile. We fixed the business logic permanently.

  • Phishing Simulator Duplicate User Sending bug was fixed. When the admin sends a phishing campaign to multiple groups and if X user in these 3 multiple groups, for example, the user receives a phishing campaign three times. This business logic has been developed in this release.

  • XML Button - Suspucius Email "To" feature was added. When the user reports a suspicious email, the original email will be sent to the IT or SOC email group.

  • White labelling Menu Favicon bug was fixed. When Reseller simulates a company that is under the reseller and goes to the White labelling menu of the company, the Keepnet logo was showing up automatically instead of the Reseller. We fixed this and showed the Reseller's logo instead of Keepnet.

  • Training Report Reminder Date improved, and the bug was fixed.

  • Reseller Menu Added to Multitenant Training Page. The admin will be able to see the Reseller name in the Reseller menu on the Multitenant Training Send page.

  • The 'Hide EULA' option was removed from the company edit page to the Whitleabeling menu.

  • Awareness Educator module iSpring integration upgraded from 8.7 to 9.7 version.

  • The exchange XML button is now compatible with Outlook Desktop on Apple Mac OS X, Microsoft Outlook, and OWA applications.

March - 2
  • White labelling options are added to the system. Now you can set up your Keepnet product with your own brand by customizing the product logo, brand name, favicon, footer links, and etc.

  • Search functionality and performance are enhanced on the Switch Company page. Also, we added a link to the Companies page where the user can see the full list of companies he/she authorized to switch.

  • The performance is greatly increased while uploading and importing a large file containing a large number of target users.

  • Sensitive data like system user first name, last name, the email address will now be kept encrypted in the application database. These encryption changes are applied to System User, Target User, Company Info, SMTP settings, and Integrations data.

  • IBM X-Force analysis engine integration is added.

  • Analysis engine results that are still pending will now show as Undetected instead of N/A. Custom fields can now be filtered in Target User, Target Users Import, and Add User To Target Group pages.

  • The dashboard background on page load now shows correctly on Safari browsers. System users who are created after creating a company are now correctly added under this newly added company, instead of the active company for logged-in user.

  • All Audit log page operations like filtering and sorting now switched to server-side. Implemented various UI enhancements on e-mail template design editor.

  • We added support for editing HTML and CSS of an email template and fixed cases where CSS classes do not get applied to the elements.

  • We removed the option for disabling multi-factor authentication once the user successfully finished setting up multi-factor authentication, and we added the option for users to switch multi-factor authentication to the application on the security page.

  • We refreshed minor UI elements and labels for Multi-Factor Authentication login.

  • We removed 100 record limits from Community and Incident lists

  • We implemented a fix where the user will no longer see posts from communities he left in the Threat Sharing module.

  • The system pop-up dialogues are refreshed for a better user experience.

  • On the Integration add edit page, the description field is changed to the text are for providing a better view when entering a description for the analysis engine.

  • Exporting data to the excel file label is changed from XLS to XSLX on the data table export feature.

  • Investigations list table columns are updated with displaying the Investigation triggers as Automatic, Manual as Playbook, etc.

  • Test connection feature is added for VmRay integration.

  • Also, an issue is fixed for blocked uploads to VmRay when some characters exist in the filename.

  • Left menu collapse animations are synchronized with the left menu items' movements.

  • We fixed the errors below:

    • An error when hash scan and file upload analysis status displayed incorrectly in some situations.

    • An error when the logged-in user company displayed incorrectly in some situations.

    • An error while filtering the AnalysisSource column in the Reported Emails table.

    • An error while importing target users using an empty excel file which is downloaded from google sheets.

    • An error where a deleted user role is also shown in addition to the current user role for logged-in users.

    • An error when a logged-in user role is displayed as Phishing Reporter in some situations.

    • An error on VMRay integration

    • An error on investigations when causing to display all users scanned when scanned user count is 0.

    • An error while uploading an empty spreadsheet file.

March - 1
  • Multi-factor authentication support is added after a period of time multi-factor authentication will be required to log in for all users. We recommend setting up multi-factor authentication until this date with Authenticator tools like Authy, Duo Mobile, LastPass Authenticator, Microsoft Authenticator, Google Authenticator.

  • An error on target user deletion is fixed.

  • The Menu icon will now be correctly positioned on higher resolutions.

  • Pages with excel export support will use a newer .xlsx file format rather than .xls format.

  • A number of UI improvements are made on the investigation details page.

  • The filtering experience on the investigation list page is improved.

  • Target user and phishing reporter list operations are switched to the server-side for improved experience and stability.

  • We enabled retrieving all records for the audit log page by placing a load all button.

  • Filter options are added on pages with a listing, such as setting up a default filter for a better experience.

  • Two new analysis engine integrations, FortiNet and VMRay are added.

  • Suspicious email reporting is enabled on Outlook inspector mode for imported files on Outlook Desktop.

  • Field customization is added for Office 365 integration.

  • Some IDOR vulnerabilities are fixed.

  • Sending mail to inactive users after mail analysis is prevented.

February - 2
  • On the Target User page, bulk upload field mapping on the data table custom field’s columns is changed to display in the latest order.

  • Fixed an error on bulk upload function on the target user page - when Firstname and Lastname fields are empty on the provided excel file.

  • Following improvements are implemented for Incident Responder Investigations:

    • Target Group / Target Users selections are implemented. You can start an investigation by selecting specific target users or multiple target groups.

    • For a clear and more focused investigation experience, items like Calendar meetings, Notes are discarded and provided an investigation for only mail items in scanned mailboxes.

    • When configuring O365, testing the mail configuration functionality is provided on the given mail address. In addition, for the actions like creating or updating a category in the test process, marked as a test for the indication.

    • Investigation for multi-language O365 accounts is implemented. Mails are displayed in the corresponding folder even if the mailbox of the user is in a different language.

    • Keyword regex and IP match condition filters are improved.

    • O365 investigation performance improvements are implemented.

  • Column names and column orders are made the same as the UI’s default column order and names when exporting to PDF, Excel, and CSV for the following tables.

    • Phishing reporter users

    • Investigation details

    • Target group details

    • Company list

    • SMTP settings

    • Notification templates

    • Rest API settings.

  • Exported files are now named the same as an exported data table.

  • The left menu is re-ordered for better navigation. While settings-related menus are moved down, menus that have critical system functions are moved upwards.

  • The company logo and user profile part of the left menu is fixed, and a new scroll has been added to the left menu for easy navigation.

  • A fresh button is designed for adding new items to the data table for better visibility.

  • Minor changes have been made on the Playbook’s query builder for clarifying the rules you’ve created.

  • Investigation filters are now grouped by type, and they are searchable now.

  • A little “Folder” indicator label has been added to the Investigation details page on the folder list.

  • SMTP settings have an easier configuration page by adding descriptions to the fields like Reply-To, Error To fields.

  • Threat sharing post attribute selection when sharing an incident has been revised for hiding/showing items on the shared incident.

February - 1
  • On the Create Company and Edit Company pages, select a Reseller is no longer optional for Reseller roles. A Reseller selection obligation has been created for users with the Reseller role. If the Reseller selection field is left blank, an error display is provided for users who create companies (custom company admin).

  • Performance improvements were made on Exchange EWS integration and investigation features.

  • User’s department name added on both “Leader Board” and “User Performance” column on the Gamification Report.

  • The User’s department name also added to the excel report on the Gamification Report.

  • {TO} and {TONAME} shortcodes added to Scheduled Report email template.

  • Bug fixing on Virustotal API key create/edit page. Trim has been made for errors that occur in VirusTotal API keys.

  • Favicon featured added to Phishing Campaign.

  • When a user deletes a training report, all statistics related to deleted training are automatically removed:

    • Leader board

    • User performance

    • Training engagement

    • Company score

    • User KPI statistics

  • Report Manager > Training Report List > Sending Report page has a delete option now to remove user’s data from training report and as well as all related reports.

  • Report Manager > Training Report List > Sending Report page has a restore option now to restore user’s data from training report and as well as all related reports.

  • Mark as a test option added to Training report

  • O365 Phishing reporter extension can be used for reporting emails on Office 365 mailboxes.

  • Column names and column orders are made the same as the UI’s default column order and names when exporting to PDF, Excel, and CSV.

    • Target Groups

    • Company Groups

    • Company Group Details

  • On threat sharing, reported emails, target users, company groups, and investigation details pages after an operation that requires users to land another page, users can stay exactly where they are after coming back to the corresponding page. For instance; when email details are clicked after navigating through pages when the back button of the browser is pressed, the reported email table displays the results where you left off.

  • Server-side pagination, filter, and search are implemented in the following pages for better performance.

    • Threat Sharing Communities

    • Threat Sharing Incidents

    • Company List

    • Reported Emails

    • Target Users

  • For a better user experience, a loading indicator is added to the company switch popup for listing the companies.

  • On analysis results for reported emails, the Clean verdict is changed to Undetected since there is no 100% clean.

  • A new design for the “Reported Emails” data table’s clustering feature is added with clustering by the reporter as well. When one of the cluster options is selected, the last item for that cluster is displayed in order to take quick action. For other emails with the selected cluster option, a detailed view is added.

  • For the Rest API clients, IP restriction is configurable for each client separately: the client is allowed by any IP address or only from the selected IP addresses.

  • “Notification Template” template category label is changed to the template type.

  • Better search experience on data tables is provided by adding a one-second delay after writing a text into the search box.

  • Google Tag Manager is added to the UI for collecting anonymous usage data.

Last updated

Copyright © Keepnet Labs LTD. All rights reserved.