What is Security Pulse?
Security Pulse is a powerful security telemetry and behavioural analytics feature within the Phriendly Phishing platform. It enables your organisation to ingest real-time events and telemetry data from your existing security vendors such as Microsoft 365 and Microsoft Defender directly into the Phriendly Phishing platform.
Security Pulse analyses this data to map and score your users' real-world security behaviours, giving you a clear picture of how your people interact with threats in their day-to-day work.
Unlike simulated phishing which tests learner responses to test emails, Security Pulse captures and analyses actual security events from your production environment — providing ground-truth insights into your organisation's security posture.
Benefits of Security Pulse
Real-World Behavioural Insights — Move beyond simulated testing. Security Pulse analyses actual security events from your environment, showing you how your people truly behave when faced with real threats.
Centralised Security Visibility — Aggregate telemetry data from multiple security vendors into a single, unified dashboard within Phriendly Phishing — no need to switch between tools.
Holistic Risk Scoring — Each learner and your organisation as a whole receive a Security Pulse Score based on real security event data, giving you a measurable and trackable resilience metric.
Targeted Training Decisions — Identify which users or groups are triggering the most security events, and use this data to assign targeted awareness training where it is needed most.
Proactive Threat Detection — Monitor detected events across email, endpoints, web browsing, and data loss prevention, enabling faster response to at-risk learners.
Getting Started : Integration & Configuration
Requirement
Connect your security vendor(s) and map your users in order for the Security Pulse Dashboard to populate with data.
1.) App Integration
Security Pulse supports integration with security vendors such as Microsoft 365 and Microsoft Defender.
To set up an integration:
- Navigate to Admin → App Integration.
- Browse the list of supported applications available for integration.
- Select your vendor (e.g., Microsoft 365) and follow the guided configuration to connect via API or Webhook.
- The integration will require credentials from your vendor environment (e.g., Azure App Registration with appropriate permissions for Microsoft 365).
- Once connected, Security Pulse will begin ingesting security event data from your vendor into the Phriendly Phishing platform.
2.) User Mapping
After connecting a vendor, you need to map your learners to their corresponding vendor accounts so that Security Pulse can associate security events with the correct individuals.
- Navigate to Admin → App Integration → User Mapping tab.
- Map each learner's Phriendly Phishing email address to their corresponding vendor email or unique ID.
- A single learner can be mapped to multiple vendors if your organisation uses more than one integrated application.
- Use the Configure Mappings page to edit or manage existing mappings.
The Security Pulse Dashboard
The Security Pulse Dashboard is divided into four tabs, each focused on a different category of security telemetry. All tabs support filtering by date range and other criteria, allowing you to drill into specific time periods or segments.
The Overall Score tab provides a high-level summary of your organisation's security posture based on all ingested security events.
| Name | Description |
|---|---|
| Security Pulse Score | A single, calculated score representing your organisation's overall Security Pulse score. This score is derived from the combined analysis of security events across all categories (endpoint, email, web, and data loss prevention). Each learner also receives an individual Security Pulse Score. |
| Security Pulse Score Trend | A trend chart showing how your organisation's Security Pulse Score has changed over time. Use this to track whether your security posture is improving, stable, or declining — and to correlate changes with training initiatives or security incidents. |
| Role Count by Security Pulse | A chart showing the distribution of Security Pulse scores grouped by role within your organisation. This helps you identify whether certain roles or job functions carry higher security risk than others. |
| Security Pulse Report | A detailed, learner-level report listing each individual's Security Pulse Score. This report supports lazy loading for large organisations and can be used to identify specific individuals who may benefit from additional training. |
The Endpoint tab focuses on security events related to devices and endpoints in your environment — such as desktops, laptops, and mobile devices — captured from endpoint protection solutions like Microsoft Defender for Endpoint.
| Name | Description |
|---|---|
| Endpoint Score | A summary score reflecting the overall endpoint security health of your organisation. |
| Endpoint Score Trend | A trend chart showing how your endpoint security score has evolved over time. |
| Endpoint Analysis Chart | A breakdown chart analysing endpoint events by type, category, or other dimensions — helping you understand what kinds of endpoint threats are most prevalent. |
| Total Endpoint Events by Severity | A chart categorising all detected endpoint events by their severity level (e.g., informational, low, medium, high, critical). This allows you to quickly assess the volume and seriousness of endpoint security events. |
| Detected Endpoint Events Log | A detailed log listing individual endpoint security events that have been detected. Each entry provides event-level detail, enabling administrators to review specific incidents and take action if required. |
The Web & Browser tab focuses on security events related to web browsing activity — such as visits to potentially malicious websites, blocked URLs, and browser-based threats.
| Name | Description |
|---|---|
| Web and Browser Score | A summary score reflecting the overall Web and Browser security health of your organisation. |
| Web and Browser Score Trend | A trend chart showing how your Web and Browser score has evolved over time. |
| Web and Browser Analysis Chart | A breakdown chart analysing Web and Browser events by type, category, or other dimensions — helping you understand what kinds of Web and Browser threats are most prevalent. |
| Total Web and Browser Events by Severity | A chart categorising all detected Web and Browser events by their severity level (e.g., informational, low, medium, high, critical). This allows you to quickly assess the volume and seriousness of Web and Browser security events. |
| Detected Web and Browser Events Log | A detailed log listing individual Web and Browser security events that have been detected. Each entry provides event-level detail, enabling administrators to review specific incidents and take action if required. |
The Email Behaviour tab captures and analyses security events related to email activity — providing insight into how your users interact with potentially malicious emails in their real inbox.
This provides charts and trend analysis to help you understand email-related risk across your organisation, and to identify users who may need additional phishing awareness training.
| Name | Description |
|---|---|
| Email Behaviour Score | A summary score reflecting the overall Email Behaviour security health of your organisation. |
| Email Behaviour Score Trend | A trend chart showing how your Email Behaviour security score has evolved over time. |
| Email BehaviourAnalysis Chart | A breakdown chart analysing Email Behaviour events by type, category, or other dimensions — helping you understand what kinds of Email Behaviour threats are most prevalent. |
| Total Email Behaviour Events by Severity | A chart categorising all detected Email Behaviour events by their severity level (e.g., informational, low, medium, high, critical). This allows you to quickly assess the volume and seriousness of Email Behaviour security events. |
| Detected Email Behaviour Events Log | A detailed log listing individual Email Behaviour security events that have been detected. Each entry provides event-level detail, enabling administrators to review specific incidents and take action if required. |
Comments
Please sign in to leave a comment.