Awareness Templates

Define the base domain to which the user will be redirected to access their awareness training content. You can also specify a subdomain, which is the portion of the URL before the base domain, such as training.lucysecurity.com

Quiz

By default, if your campaign contains a Quiz or Exam, the "Quiz" selection box will be enabled. This means that once the user completes the first quiz, they will be marked as trained. Additionally, the system will provide the score and a list of answers submitted by the user which can be viewed in the statistics section of the campaign results.

Extended Tracking

This option tracks when users complete a pre-defined Quiz or Exam. For instance, in Awareness templates containing multiple quizzes, enabling only the Quiz option will log the result of the first quiz the user interacts with. With this option enabled, you can specify which quiz or exam determines the user's score.

To activate this feature, you need to add a call to the "lucyQuizEnd()" function without any parameters. Launch this function after the user answers the last question in your quiz. More information can be found here.

Success Score

A minimum score the user must receive in order to be marked as Trained and receive a diploma.

The preview link offers a public URL for sharing with colleagues who do not have access to the Lucy administration panel. This feature is ideal for validating campaigns across different departments without running a campaign or adding stakeholders as administrative users on your Lucy server.

Each edit is confined to the selected language. If the default template does not include your target language, you can add and manually translate all text into the desired language. Remember to click 'Save' to commit the changes for each language.

Choose this option if you have already generated an SSL certificate on your Lucy server. This option allows you to reuse the existing certificate.

This option is ideal if you already have an SSL certificate chain from a trusted certificate authority or if you would like to generate a self-signed certificate.

Option 1: Generate a self-signed Certificate

1. Domain: Enter the domain name for which you want to generate the SSL certificate (e.g., lucysecurity.help).

2. Email: Provide a valid email address. This is where Let's Encrypt will send notifications about your certificate, such as renewal reminders.

3. Details: Fill in the Country, State, City, Organization Name, and Organizational Unit. These details are often used in the certificate's subject field and can be important for organizational certificates.

4. Generate: Click on the "Generate Certificate" button to create your self-signed certificate.

Option 2: Upload an Existing Certificate

1. SSL Certificate: Click "Choose File" to browse and select your existing certificate file (usually a .crt or .pem file).

2. SSL Key: Click "Choose File" to upload the private key file associated with your SSL certificate (this is a .key file and must be kept secure).

3. SSL Key Password: If your private key is password-protected, enter the password here.

4. SSL Chain: Click "Choose File" to upload the chain file (also known as the CA bundle or intermediate certificate) if required. This is needed for browsers to trust your certificate by establishing a chain of trust to a root certificate.

5. Wildcard: If you are uploading a wildcard certificate, you would check the "Wildcard" box. Wildcard certificates secure a domain and all its subdomains (e.g., *.example.com).

Our default method, designed for maximum user-friendliness, enables your Lucy server to automatically generate a Certificate Signing Request (CSR) through the integrated Let's Encrypt API. It then submits this request to Let's Encrypt and automatically installs the full certificate chain on your Lucy server.

This process may take up to 5 minutes to complete. Please wait for the "certificate successfully generated" notification before proceeding further.

Add your own attachments. Keep in mind that most common email clients filter certain types of attachments, like executables, to prevent malware risks.

Set custom SMTP headers to meet specific needs. For example, you can add a custom email header to help your SPAM gateway distinguish between actual SPAM and emails sent from LUCY.

• Send emails as plain text.

• Random Email:

  LUCY will generate a random email account with a random sender. The email account will be deleted after the campaign ends.

If you want to catch email replies from your awareness email, LUCY provides two options:

1. Define a Reply-to Header:

   • The Reply-to address is where email replies are directed, rather than the 'From' address. This is useful if the 'From' address cannot receive replies, for example, if you do not control the domain or lack a mail server setup for it. For instance, if the email shows as being sent from "[email protected]" and the recipient clicks reply, the email will be directed to the Reply-to address set in the header, such as "[email protected]". Choose a Reply-to address you have access to.

2. Define a Forward Mail:

   • LUCY can forward incoming replies to a specified email address. This requires setting a DNS entry (MX record) for the sender’s domain that points to LUCY. For example, if you send emails from "[email protected]" and LUCY's IP is 201.35.77.12, you need an MX record like "phishing-test.com MX 10 201.35.77.12". Enter your own custom mail address in the forward mail field (e.g., "[email protected]"). When someone replies to "[email protected]", LUCY receives the email and forwards it to "[email protected]". Note that many registration services offer free mail/DNS packages, allowing you to set up an email forwarder directly at the domain level, eliminating the need for LUCY’s forwarding feature.

DKIM Overview:

DomainKeys Identified Mail (DKIM) enhances email security by attaching a domain name identifier to a message, utilizing cryptographic techniques to validate authorization. This identifier is separate from other message identifiers such as the author's "From" field. DKIM effectively 'signs' emails to verify their origin, helping to identify and prevent spoofed emails. The process involves the sending mail server signing the email with a private key, while the receiving server uses a public key listed in the domain's DNS to verify the signature. Each domain can list multiple DKIM keys in its DNS, but each private key is unique to one mail server.

Setting Up DKIM in LUCY:

1. Enable DKIM:

   • Navigate to "Advanced Email Settings" in the message template of your Attack Scenario. Enable DKIM support and save the changes. A DKIM information box will then appear.

2. DNS Configuration:

   • Copy the provided key and create the corresponding DNS entry. Here’s an example of how to set it up with namecheap.com:

Name: selector._domainkey
Type: TXT
Value: "v=DKIM1; k=rsa; p=[YOUR_PUBLIC_KEY]"

Validate DKIM Setup:

• To confirm your DKIM is working, add an email from a service like dkimvalidator.com to your DKIM test recipient group. Launch the campaign targeting this group, then check the results at dkimvalidator.com. If configured correctly, your setup should match the expected status.

DKIM Header Details: The DKIM signature is added to emails as an RFC2822 header field. Here's a breakdown of the common fields in a DKIM signature:

• b: Digital signature of the email's contents.

• bh: Hash of the email body.

• d: Signing domain.

• s: Selector used for the DKIM signature.

• a: Signing algorithm, typically rsa-sha1.

• c: Canonicalization algorithm for the header and body.

• q: Default query method, usually DNS.

• t: Timestamp of when the email was signed.

• x: Expiry time of the signature.

• h: List of header fields that were signed.

This setup ensures that emails sent through LUCY's mail server are authenticated, boosting trust and security for your email campaigns.

Here you can choose your default method for sending emails. This setting will apply to all campaigns.

Lucy incorporates a built-in internal mail server (Postfix) as its default method for email delivery. This approach is straightforward and often used due to its direct integration within Lucy. To enhance delivery success, it's advisable to align the server's name with Lucy's Fully Qualified Domain Name (FQDN), potentially using a subdomain designated for mail purposes.

Lucy allows the configuration of an external SMTP server via its general settings. This is particularly useful when aiming to circumvent spam filters that may block emails from new or untrusted IP addresses. Setting up involves adding your mail server details under "Settings -> Common System Settings -> SMTP Servers"; followed by a connection test to ensure proper setup.