Skip to main content
All CollectionsGeneral
Reference guide: Audience filters
Reference guide: Audience filters

A reference guide for using the audience filters in CybSafe

Benedict Donaldson avatar
Written by Benedict Donaldson
Updated over a week ago

Description

If you're building a workflow, or targeting your people with a learning, nudge or phishing campaign, you're likely to come across audience filters.

Functions of the audience filters

Audience filters are a dynamic advanced way to target specific people at your organisation. These help you to narrow down the pool of people and make sure that help is only given to those who need it.

The below tables set out the filters available and how they work!

Learning and engagement related filters

Option

Method

Description

Example

Course progress - across all currently assigned modules, % completion

Is equal to

Matches people who have 100% completion

equal to 100. Anyone who has completed all modules

Is greater than

Matches people who have completion more than the amount

greater than 0. Anyone who has completed at least one module

is less than

Matches people who have completion less than the amount

less than 100.

Anyone who hasn't completed all of their modules

is not equal to

Matches people who don't have completion equal to the amount

not equal to 100.

Anyone who hasn't completed their modules

Security hero score

Is equal to

Matches people who have the specific security hero score

equal to 1000. Anyone with a score of 1000 points.

Is greater than

Matches people who have a score greater than the amount specified

greater than 1000. Anyone with a score of more than 1000 points

is less than

Matches people who have a score less than the amount specified

less than 1000.

Anyone with a score of less than 1000 points

is not equal to

Matches people who don't have the score specified

not equal to 1000.

Anyone with a score that isn't 1000 points.

Security heroes rank

is

Identifies the person in the specific position in the leaderboard

is 1
Targets the person in 1st place

is not

targets anyone not in the selected position

is not 1
Targets everyone but the person in 1st place

is greater than

targets anyone above the selected position

is greater than 4
Targets 1st, 2nd and 3rd places

is less than

targets anyone below the selected position

is less than 3
Targets everyone who isn't in top 3

Learning completion date

is

Matches people who completed all of their learning on the specified date

is 25/12/2023

Anyone who completed on 25th December 2023

does not exist

Matches people who have yet to complete their learning

does not exist
Anyone who hasn't completed training

is greater than

completed after the specified date

> 25/12/2024. completed after 25th december 2024

is less than

completed before the specified date

< 25/12/2024. completed before 25th december 2024

is within past {days}

completed within the last X days (rolling, so each day the window shifts)

within 365 days

completed in the past year relative to the current date. each day shifts by 1 day

is not within past {days}

completed outside of the last X days (rolling, so each day the window shifts)

not within 30 days

completed before the past month relative to the current date. each day shifts by 1 day

Module completion

is in {list of modules}

people who have completed any of the selected modules

is in passphrases
Users who have completed the passphrases module (and not had it reset)

is not in {list of modules}

people who have not completed any of the selected modules

not in passphrases
Users who haven't completed the passphrases module

Refresher test

user has pending refresher tests

Anyone who has been sent a refresher test but is to complete it

user does not have pending refresher test

Anyone who has been sent a refresher test and has completed it, or has not been sent one at all.

User attribute related filters

Option

Method

Description

Example

User selection

Is in

targets the specific users

is in Luke Skywalker

Is not in

excludes the specific users

is not in Darth Vader

Groups

Is in

people who have are members of any of the selected groups

is in IT Team, HR Team
Users who are in the IT or HR teams

Is not in

people who have are not members of any of the selected groups

not in IT Team
Anyone who isn't in the IT team, including no groups at all

Email

Is

targets the user with the specified email address

Is not

excludes the user with the specified email address

contains

targets users with the given set of text in their email address

"test"
Would include:

[email protected] [email protected]
but not:

[email protected]

starts with

includes users whose emails start with the text

"test"

Would include:

[email protected].

ends with

includes users whose emails end with the text

"@companyA.io"

Last login

is

Matches people who logged in on the specified date

is 25/12/2023

Anyone who logged in on 25th December 2023

does not exist

Matches people who have yet to log in

is greater than

logged in after the specified date

> 25/12/2024. logged in after 25th december 2024

is less than

logged in before the specified date

< 25/12/2024. logged in before 25th december 2024

is within past {days}

logged in within the last X days (rolling, so each day the window shifts)

within 365 days

logged in the past year relative to the current date. each day shifts by 1 day

is not within past {days}

Has not logged in for the past X days (rolling, so each day the window shifts)

not within 30 days

logged in before the past month relative to the current date. each day shifts by 1 day

User created on CybSafe

is

Matches people who had an account created on CybSafe on the specified date

is 25/12/2023

Anyone who was added on 25th December 2023

is greater than

Matches people who have accounts provisioned after the set date

> today's date. Target new starters

is less than

had an account created before the specified date

< 25/12/2024. account created before 25th december 2024

is within past {days}

had an account created since X days ago (rolling, so each day the window shifts)

within 365 days

account created in the past year relative to the current date. each day shifts by 1 day

is not within past {days}

Had an account created before X days ago (rolling, so each day the window shifts)

not within 30 days

account created before the past month relative to the current date. each day shifts by 1 day

Phishing related filters

Option

Method

Description

Example

Phishing behaviour events %
User click rate for Phishing emails sent to them*

is equal to

calculates the proportion of phishing emails sent to a user that were clicked and matches to that number

equal to 100%. Anyone who clicks on every phishing email they have been sent.

is greater than

calculates the proportion of phishing emails sent to a user that were clicked and matches if higher than value

greater than 0%

Anyone who's clicked on a phishing email

is less than

calculates the proportion of phishing emails sent to a user that were clicked and matches if less than value

less than 10%

Anyone who's clicked on less than 10% of the phishing emails sent to them

is not equal to

calculates the proportion of phishing emails sent to a user that were clicked and matches if different than value

not equal to 0%
Anyone who's clicked on a phishing email.

Phishing report %
Report rate for the given user*

is equal to

calculates the proportion of phishing emails sent to a user that were reported and matches to that number

equal to 100%. Anyone who reports every phishing email they have been sent.

is greater than

calculates the proportion of phishing emails sent to a user that were reported and matches if more than value

greater than 0%

Anyone who's reported at least one phishing email

is less than

calculates the proportion of phishing emails sent to a user that were reported and matches if less than value

less than 10%

Anyone who's reported less than 10% of the phishing emails sent to them

is not equal to

calculates the proportion of phishing emails sent to a user that were reported and matches if different than value

not equal to 0%
Anyone who's reported a phishing email.

* Time boundary

These filters use optional time boundaries. Time boundaries limit the calculation to a rolling period. If you choose a boundary of 2 weeks, then only events within the last 2 weeks count.

For example on phishing, if you set a 2 week time boundary and a threshold of greater than 50%, a user will need to have clicked on more than 50% of the emails they received in the past two weeks to qualify, rather than all time.

Risk, behaviour and goal related filters

Option

Method

Description

Example

Security behaviour score - the users overall behaviour score on CybSafe across all security behaviours

Is equal to

Matches people who have the specific security behaviour score

equal to 100. Anyone with a score of 100 points.

Is greater than

Matches people who have a score greater than the amount specified

greater than 10. Anyone with a score of more than 100 points

is less than

Matches people who have a score less than the amount specified

less than 100.

Anyone with a score of less than 100 points

is not equal to

Matches people who don't have the score specified

not equal to 100.

Anyone with a score that isn't 100 points.

Risk score - the users overall risk score based on an assessment of their security behaviours and organisational data

Is equal to

Matches people who have the specific security behaviour score

equal to 100. Anyone with a score of 100 points.

Is greater than

Matches people who have a score greater than the amount specified

greater than 10. Anyone with a score of more than 100 points

is less than

Matches people who have a score less than the amount specified

less than 100.

Anyone with a score of less than 100 points

is not equal to

Matches people who don't have the score specified

not equal to 100.

Anyone with a score that isn't 100 points.

Confidence score (normally out of 5, converted to out of 100 here)

Is

Matches people who have the specific confidence score

equal to 100
Anyone who's got the maximum confidence score

Is not

Matches people who don't have the specific confidence score

not equal to 100
Anyone who doesn't have a perfect confidence score

Is greater than

Matches people who have a confidence score greater than X

greater than 60
Anyone who has confidence on average more than 3/5

Is less than

Matches people who have a confidence score less than X

less than 60
Anyone who has confidence on average less than 4/5

Goal progress

Is

Matches people who have completed the specific % of their goals

equal to 100
Anyone who's completed all of their goals

Is not

Matches people who haven't completed the specific % of their goals

not equal to 0
Anyone who has completed at least one of their goals

Is greater than

Matches people who have completed more than X% of their goals

greater than 50
Anyone who has completed more than half of their goals

Is less than

Matches people who have completed less than X% of their goals

less than 50
Anyone who has completed less than half of their goals

Goal completion

Is in

people who have completed any of the selected goals

is in using a VPN
Users who have completed the "using a VPN" goal

Is not in

people who not have completed any of the selected goals

not in using a VPN
Users who have not completed the "using a VPN" goal

Navigation

You will be asked to select your audience via filters when creating campaigns for learning and nudges as well as when creating workflows. It is a step in the setup process as you see below.

Additional resources

Related Articles
Explainer: Security heroes leaderboard
Reference guide: platform settings
Gamification in CybSafe
Phishing difficulty explained
Explainer: Audience filters
Did this answer your question?