Recipient Groups
Last updated
Last updated
Every LUCY campaign requires a recipient group, which consists of users who will receive the attack simulation or awareness content. Multiple groups can be created for a single campaign, allowing for targeted phishing or training campaigns. Organizations often group users by department, location, or domain. Recipients can belong to any number of groups, and there is no limit on the number of groups you can set up.
Navigate to Users -> Recipient Groups
You can add recipients manually or import them via CSV, LDAP, or Azure (Entra ID). Groups are defined globally and can be reused across different campaigns.
Importing recipients from company directories is recommended as it allows you to include additional information about each user, which enhances automatic analysis and statistics.
Select "New Group"
The Group base settings are defined in the form:
This is a required field where you'll enter the name of the new group you are creating. It's important to emphasize clear identification for efficient management within the system.
There are four methods to import recipients into Lucy.
Directly input recipient details one by one. This method is feasible for small numbers of recipients but becomes time-consuming for larger sets.
Select "New Recipient"
First name and Email are the only two mandatory fields.
Provide all necessary details of the recipient. The more fields that are filled, the more granular the statistics can be.
Once completed, click "Save" to commit your recipient to the group.
The "Import Settings" tab enables you to configure automated import processes for recipients from your organization's directory.
Select -> Import Settings
Select the Type of Import:
If this option is selected, the automatic import will list all recipients in the Control List for both LDAP and Azure Entra ID integrations.
Your Lucy server will make a query every 10 minutes to your company directory to obtain the most updated list of your recipient directory.
You can manually add each recipient:
Or you can select All recipients and Apply them to your Group:
If this option is selected, the automatic deletion will list all recipients in the Control List for both LDAP and Azure Entra ID integrations.
Your Lucy server will make a query every 10 minutes to your company directory to obtain the most updated list of your recipient directory.
You can manually Discard each recipient:
Or you can select All recipients and Discard them to your Group:
Both Azure Entra ID and LDAP use standard Microsoft syntax filters.
You can employ standard Active Directory search filters, such as:
This filter retrieves objects that are either of type inetOrgPerson
or user
. For further details and guidance, refer to the Microsoft Documentation.
in the "Import Settings", you will need to define both the Base DN and Search Filter separately.
Goal: Import all users in the distribution group name "IntuneLucy-DevOps"
Directory Structure:
Base DN -> Beck.ai OU -> Admin Users OU -> Distribution Groups Group -> IntuneLucy-DevOps
A well-formulated Active Directory search filter to obtain all users in the Group = IntuneLucy-DevOps:
&
: This is the logical operator "AND". It indicates that all the conditions enclosed within the parentheses must be true for the query to return a result. This operator combines multiple search filters.
(objectClass=user)
: This filter specifies that the object being searched should be of the type "user". The objectClass
attribute in LDAP is used to define the schema or type of an object in the directory.
(memberOf=cn=IntuneLucy-DevOps,ou=Distrubution Groups,ou=Admin Users,dc=beck,dc=ai)
: This filter is used to find users who are members of a specific group. Here's a breakdown of the group's distinguished name (DN):
cn=IntuneLucy-DevOps
: "cn" stands for Common Name. In this case, it refers to the name of the group.
ou=Distrubution Groups
: "ou" stands for Organizational Unit.
ou=Admin Users
: Another Organizational Unit, indicating a higher-level grouping within the directory.
dc=beck,dc=ai
: "dc" stands for Domain Component. These components are part of the LDAP naming context and represent different levels of the domain.
This query is structured to ensure that only objects that are users (objectClass=user
) and are members of the specified group (memberOf=...
) are returned.