Version: 1.0

Last Updated: July 19, 2025
Audience: Security Operations, IT Administrators, HR & Compliance Teams

1. Introduction

This document serves as the comprehensive reference for C9Phish, Pinak Infosec’s phishing simulation and risk-profiling solution. It covers architecture, setup, campaign management, analytics, integrations, administration, troubleshooting, best practices and FAQs. Use it to deploy, operate and manage C9Phish end-to-end.

1.1 Purpose

• Explain system components and data flows
• Detail each functional module, configuration and workflow
• Demonstrate integration options (email, HRMS, SIEM, ticketing)
• Provide troubleshooting, security guidance and best practices

1.2 Document Organization

1. Overview & Benefits
2. Architecture & Data Flow
3. Core Modules & Workflows
4. User Interface & Reporting
5. API Reference
6. Deployment & Integrations
7. Security & Compliance
8. Administration & RBAC
9. Best Practices
10. Troubleshooting & Support
11. FAQs & Glossary

2. C9Phish Overview & Benefits

C9Phish empowers organizations to simulate real-world phishing attacks, measure employee susceptibility, and automatically generate individualized risk profiles for targeted training and remediation.

2.1 Key Benefits

• Realistic Simulations: Customizable email templates, sender spoofing & landing-page variations
• Behavioral Analytics: Track opens, clicks, credential submissions & report-to-IT actions
• Risk Profiling: Dynamic risk scores per user based on multi-campaign performance
• Automated Remediation: Trigger tailored training modules and notifications
• Scalable & Secure: Cloud-native SaaS with optional on-prem relay for internal SMTP

3. Architecture & Data Flow

3.1 System Components

• Campaign Engine: Template library, scheduling, send-queue management
• Email Relay (SMTP): SaaS-hosted or on-prem agent for campaign delivery
• Click & Submission Tracker: Webhooks and pixel trackers for user interactions
• Analytics & Scoring Service: Aggregates events, computes risk scores
• Notification & Training Orchestrator: Integrates with LMS or in-platform modules
• Management UI & API: React portal, RESTful endpoints, RBAC

3.2 Data Flow Diagram

(Insert diagram: Email templates → SMTP relay → User mailbox → Tracker → Analytics → UI/API → Training)

4. Core Modules & Workflows

4.1 Campaign Management

• Create & Schedule: Select or upload email templates, define target groups
• Delivery Options: Use built-in SMTP or configure your own relay (Office 365, Gmail)
• Send Controls: Throttling, retry logic, time-zone scheduling
• Template Variants: A/B testing with multiple subject lines, payloads

4.2 Interaction Tracking

• Pixel-based open tracking & URL redirect click tracking
• Credential submission detection on branded landing pages
• “Report to IT” button integration for safe-report actions
• Real-time webhook notifications for critical events

4.3 Risk Profiling & Scoring

• Assign weighted scores for opens, clicks, submissions, no-report
• Aggregate across campaigns to compute a composite risk rating
• Tag users into risk tiers (Low, Medium, High, Critical)
• Auto-enroll high-risk users into remediation workflows

4.4 Training & Remediation

• Built-in micro-learning modules on phishing awareness
• Automated email triggers linking users to training content
• Certificate issuance on completion, with progress dashboards
• Integration with LMS (SCORM/LTI) or internal training portals

5. User Interface & Reporting

5.1 Dashboard

• Overview of active campaigns, open/click/submission rates
• User risk heatmap & top-risk individuals
• Training completion status and remediation backlogs

5.2 Detailed Reports

• Campaign-level metrics: deliverability, engagement, exposure time
• User-level activity logs with timestamps
• Trend analysis over time & cohort comparisons
• Export to PDF/CSV and scheduled email delivery

6. API Reference (Overview)

Base URL: https://api.c9phish.example.com/v1 – All calls require an OAuth2 Bearer token.

6.1 Authentication

POST /oauth2/token
Body: { "client_id":"…", "client_secret":"…", "grant_type":"client_credentials" }
Response: { "access_token":"…", "expires_in":3600 }

6.2 Sample Endpoints

• GET /campaigns – List all phishing campaigns
• POST /campaigns – Create & schedule a new campaign
• GET /users/risks – Retrieve current user risk scores
• POST /training/enroll – Enroll users into remediation modules

7. Deployment & Integrations

7.1 SaaS Portal

• Hosted in AWS with auto-scaling & geo-redundancy
• Data encrypted at rest (AES-256) & in transit (TLS 1.3)

7.2 On-Prem SMTP Relay

• Dockerized agent to relay campaigns through internal mail servers
• Secure tunnel to SaaS analytics engine

7.3 Third-Party Integrations

• Email Systems: Office 365, Gmail, Exchange
• HRMS / IAM: Workday, Okta, Azure AD, Zoho People
• Ticketing & SIEM: Jira, ServiceNow, Splunk, QRadar
• LMS: Moodle, Blackboard (SCORM/LTI)

8. Security & Compliance

• Data Privacy: GDPR, CCPA, India DPDP 2023 alignment
• Access Control: RBAC, SSO via SAML 2.0 / OAuth
• Audit Logging: Immutable logs of campaigns & user events
• Pentest & VAPT: Quarterly third-party assessments

9. Administration & RBAC

• Roles: Administrator, Campaign Manager, Analyst, Viewer
• Permissions: Campaign create/send, report view, training management
• User Provisioning: Manual or SCIM for directory sync

10. Best Practices

1. Run a baseline “control” campaign with innocuous content to gauge general behavior.
2. Segment users by department, seniority & prior risk score for targeted simulations.
3. Space campaigns at regular intervals (e.g., monthly) to track improvement.
4. Automate enrollment of high-risk users into concise micro-learning modules.
5. Review trend reports quarterly with leadership and update phishing playbooks.

11. Troubleshooting & Support

11.1 Common Issues

• Emails marked spam: Verify SPF/DKIM/DMARC on relay domain.
• Click tracker not firing: Check landing-page URL rewrite rules & firewall.
• SMTP agent offline: Inspect container logs & network connectivity.

11.2 Log Locations

• Campaign Engine: /var/log/c9phish/campaign.log
• Tracker Service: /var/log/c9phish/tracker.log
• API/UI: /var/log/c9phish/api.log

11.3 Contact Support

Email: support@c9phish.example.com
Phone: +1-800-C9PH-456
Portal: support.c9phish.example.com

12. FAQs & Glossary

12.1 FAQs

Q: How often can I run simulation campaigns?

A: Unlimited—recommended no more than one major campaign per month per user cohort.

Q: Can I use custom landing pages?

A: Yes—upload your own HTML or use our hosted branded templates.

Q: How is user risk score calculated?

A: Weighted by open (1), click (3), submission (5), no-report (2) across all campaigns.

12.2 Glossary

Phishing Simulation

Controlled trial emails sent to employees to test susceptibility.

Risk Profile

Aggregate measure of an individual’s likelihood to fall for phishing.

Micro-Learning

Short, focused training modules delivered based on user behavior.

Category: Product Documentation / C9Phish

Tags: C9Phish, Phishing Simulation, Risk Profiling, User Awareness, Training