Recipient Groups

Introduction

Every LUCY campaign requires a recipient group, which consists of users who will receive the attack simulation or awareness content. Multiple groups can be created for a single campaign, allowing for targeted phishing or training campaigns. Organizations often group users by department, location, or domain. Recipients can belong to any number of groups, and there is no limit on the number of groups you can set up.

Creating a New Group

Navigate to Users -> Recipient Groups

You can add recipients manually or import them via CSV, LDAP, or Azure (Entra ID). Groups are defined globally and can be reused across different campaigns.

Importing recipients from company directories is recommended as it allows you to include additional information about each user, which enhances automatic analysis and statistics.

Select "New Group"

The Group base settings are defined in the form:

This is a required field where you'll enter the name of the new group you are creating. It's important to emphasize clear identification for efficient management within the system.

Adding Recipients to Lucy

There are four methods to import recipients into Lucy.

Directly input recipient details one by one. This method is feasible for small numbers of recipients but becomes time-consuming for larger sets.

Select "New Recipient"

First name and Email are the only two mandatory fields.

Provide all necessary details of the recipient. The more fields that are filled, the more granular the statistics can be.

Once completed, click "Save" to commit your recipient to the group.

You can add your recipients by using an LDAP server. For setup instructions, refer to the LDAP Integration article.

Select "LDAP Server" to Import from.

Import Options

Update existing recipients

If this option is enabled, any existing recipients in this group will have their attributes updated during the LDAP import. This ensures that the latest information from the LDAP server is reflected in the recipient list.

Add recipients to bound campaigns

Enabling this option will add the imported recipients to any campaigns that are already bound to the group. This is useful if you want to expand the reach of your current campaigns to include new or updated recipients.

Send emails if bound campaigns are running

If this option is selected, emails will be sent to the newly imported recipients if they are part of running campaigns. This ensures that any active campaigns will immediately include the new recipients in their email distribution.

Add more groups

This option allows you to import additional groups already present in Lucy. This can be helpful if you want to organize recipients into specific categories or segment groups for targeted campaigns.

LDAP Server

Select the LDAP Server which needs to be associated with this group.

LDAP Search

You can use standard Active Directory search filters, such as:

(|(objectClass=inetOrgPerson)(objectClass=user))

For more information, refer to the Microsoft Documentation.

LDAP Search Examples

Goal: Import all users in the distribution group name "IntuneLucy-DevOps"

Directory Structure:

Base DN -> Beck.ai OU -> Admin Users OU -> Distribution Groups Group -> IntuneLucy-DevOps

A well-formulated Active Directory search filter to obtain all users in the Group = IntuneLucy-DevOps:

(&(objectClass=user)(memberOf=cn=IntuneLucy-DevOps,ou=Distrubution Groups,ou=Admin Users,dc=beck,dc=ai))

&: This is the logical operator "AND". It indicates that all the conditions enclosed within the parentheses must be true for the query to return a result. This operator combines multiple search filters.

(objectClass=user): This filter specifies that the object being searched should be of the type "user". The objectClass attribute in LDAP is used to define the schema or type of an object in the directory.

(memberOf=cn=IntuneLucy-DevOps,ou=Distrubution Groups,ou=Admin Users,dc=beck,dc=ai): This filter is used to find users who are members of a specific group. Here's a breakdown of the group's distinguished name (DN):

cn=IntuneLucy-DevOps: "cn" stands for Common Name. In this case, it refers to the name of the group.
ou=Distrubution Groups: "ou" stands for Organizational Unit.
ou=Admin Users: Another Organizational Unit, indicating a higher-level grouping within the directory.
dc=beck,dc=ai: "dc" stands for Domain Component. These components are part of the LDAP naming context and represent different levels of the domain.

This query is structured to ensure that only objects that are users (objectClass=user) and are members of the specified group (memberOf=...) are returned.

Import

After successfully retrieving the desired recipients from your company directory, select the checkbox to include All, and click "Import" to begin the import process.

You can add your recipients by using Azure Entra ID. For setup instructions, refer to the Azure Applications.

Select "Azure AD" to Import from.

Import Options

Update existing recipients

If this option is enabled, any existing recipients in this group will have their attributes updated during the Entra ID import. This ensures that the latest information from the Entra ID server is reflected in the recipient list.

Add recipients to bound campaigns

Enabling this option will add the imported recipients to any campaigns that are already bound to the group. This is useful if you want to expand the reach of your current campaigns to include new or updated recipients.

Send emails if bound campaigns are running

If this option is selected, emails will be sent to the newly imported recipients if they are part of running campaigns. This ensures that any active campaigns will immediately include the new recipients in their email distribution.

Add more groups

This option allows you to import additional groups already present in Lucy. This can be helpful if you want to organize recipients into specific categories or segment groups for targeted campaigns.

Azure Application

Select the Azure Application which needs to be associated with this group.

Azure Search

Filter by Groups -> Select the Group dropdown menu:

Filter by Search Parameters -> Enter Microsoft search filters

Scenario 1: Filter by Email Domain

To import only recipients whose email domain ends with "@lucysecurity.company", use the endswith function:

(mail, '@lucysecurity.com')

This filter ensures that only users with emails ending in "@lucysecurity.company" are included in the import.

Scenario 2: Filter by Name Prefix

To import recipients whose names begin with "User", utilize the startswith function:

startswith(displayName, 'User')

This filter will match and import users whose display names start with "User".

Scenario 3: Filter by Location

To find all users located in 'Ext1', you can directly match the officeLocation attribute:

officeLocation eq 'Ext1'

This query ensures that only users with 'Ext1' listed as their office location are selected.

Scenario 4: Filter by Phone Number Exclusion

To exclude recipients whose phone number is '911', apply the ne (not equal) operator:

mobilePhone ne '911'

This filter imports users whose mobile phone number is not '911'.

Import

After successfully retrieving the desired recipients from your company directory, select the checkbox to include All, and click "Import" to begin the import process.

Import Settings

The "Import Settings" tab enables you to configure automated import processes for recipients from your organization's directory.

Select -> Import Settings

Import Type:

Select the Type of Import:

Action for New Recipients:

If this option is selected, the automatic import will list all recipients in the Control List for both LDAP and Azure Entra ID integrations.

Your Lucy server will make a query every 10 minutes to your company directory to obtain the most updated list of your recipient directory.

You can manually add each recipient:

Or you can select All recipients and Apply them to your Group:

Action for Deleted Campaigns

If this option is selected, the automatic deletion will list all recipients in the Control List for both LDAP and Azure Entra ID integrations.

Your Lucy server will make a query every 10 minutes to your company directory to obtain the most updated list of your recipient directory.

You can manually Discard each recipient:

Or you can select All recipients and Discard them to your Group:

Import Filters

Both Azure Entra ID and LDAP use standard Microsoft syntax filters.

You can employ standard Active Directory search filters, such as:

(|(objectClass=inetOrgPerson)(objectClass=user))

This filter retrieves objects that are either of type inetOrgPerson or user. For further details and guidance, refer to the Microsoft Documentation.

LDAP Search Example:

in the "Import Settings", you will need to define both the Base DN and Search Filter separately.

Goal: Import all users in the distribution group name "IntuneLucy-DevOps"

Directory Structure:

Base DN -> Beck.ai OU -> Admin Users OU -> Distribution Groups Group -> IntuneLucy-DevOps

A well-formulated Active Directory search filter to obtain all users in the Group = IntuneLucy-DevOps:

Base DN:

dc=beck,dc=ai

Filter:

(&(objectClass=user)(memberOf=cn=IntuneLucy-DevOps,ou=Distrubution Groups,ou=Admin Users,dc=beck,dc=ai))

cn=IntuneLucy-DevOps: "cn" stands for Common Name. In this case, it refers to the name of the group.
ou=Distrubution Groups: "ou" stands for Organizational Unit.
ou=Admin Users: Another Organizational Unit, indicating a higher-level grouping within the directory.
dc=beck,dc=ai: "dc" stands for Domain Component. These components are part of the LDAP naming context and represent different levels of the domain.

This query is structured to ensure that only objects that are users (objectClass=user) and are members of the specified group (memberOf=...) are returned.

Filter by Groups -> Select the Group dropdown menu:

Filter by Search Parameters -> Enter Microsoft search filters

Scenario 1: Filter by Email Domain

To import only recipients whose email domain ends with "@lucysecurity.company", use the endswith function:

(mail, '@lucysecurity.com')

This filter ensures that only users with emails ending in "@lucysecurity.company" are included in the import.

Scenario 2: Filter by Name Prefix

To import recipients whose names begin with "User", utilize the startswith function:

startswith(displayName, 'User')

This filter will match and import users whose display names start with "User".

Scenario 3: Filter by Location

To find all users located in 'Ext1', you can directly match the officeLocation attribute:

officeLocation eq 'Ext1'

This query ensures that only users with 'Ext1' listed as their office location are selected.

Scenario 4: Filter by Phone Number Exclusion

To exclude recipients whose phone number is '911', apply the ne (not equal) operator:

mobilePhone ne '911'

This filter imports users whose mobile phone number is not '911'.

PreviousUsers NextEnd Users

Last updated 5 months ago

Recipient Groups

Introduction

Creating a New Group

Adding Recipients to Lucy

Ensure the CSV is correctly formatted

Import CSV

Import Options

LDAP Server

LDAP Search

LDAP Search Examples

Import

Import Options

Azure Application

Azure Search

Scenario 1: Filter by Email Domain

Scenario 2: Filter by Name Prefix

Scenario 3: Filter by Location

Scenario 4: Filter by Phone Number Exclusion

Import

Import Settings

Import Type:

Action for New Recipients:

Automatically Add to Bounded Campaigns

Automatically Add to Bounded Campaigns and Schedule Plans

Action for Deleted Campaigns

Import Filters

LDAP Search Example:

Base DN:

Filter:

Scenario 1: Filter by Email Domain

Scenario 2: Filter by Name Prefix

Scenario 3: Filter by Location

Scenario 4: Filter by Phone Number Exclusion