Media content

Key Benefits

Integration with Gophish

Connect one or more Gophish servers via API: base URL and API key (encrypted), linked to a company. Synchronize data from Gophish into SecBoard: campaigns, target groups, email templates, landing pages, sending profiles, and campaign results. Synchronization log with type, status, and processing statistics.

Campaigns & Results

View training phishing campaigns: name, status, template, landing page, sending profile, target groups, dates. Results: how many emails were sent, opened, how many link clicks, how many times credentials or data were submitted. Campaign details and export to Excel.

Events & Gophish Entities

Campaign events: email sent, email opened, link clicked, credentials/data submitted, error. For each event: recipient email, time, IP, details. View target groups, email templates (subject, HTML/text), landing pages (with data capture options and redirect), sending profiles (SMTP). Export events to Excel. Webhook for receiving events from Gophish.

Access & Guide

Access by user groups and company list. Separate permissions: view campaigns, templates, landing pages, sending profiles, target groups; manage servers; permission to perform synchronization. Users only see data from servers linked to the companies they have access to. Module guide with country-specific translations.

Features & Capabilities

Gophish Servers & Synchronization

  • Add servers: name, base API URL, API key (encrypted), company
  • Connection test and server diagnostics
  • Synchronization: full or by type (campaigns, groups, templates, landing pages, sending profiles, results)
  • Synchronization log: type, status (started, completed, error, partial), time, number of processed/created/updated/errored records, error message
  • Edit and delete server

Campaigns & Events

  • Campaign list: name, server, status
  • Campaign card: email template, landing page, sending profile, target groups, start and end dates, URL
  • Results: emails sent, opened, link clicks, credentials and data submitted
  • Campaign events: type (email sent, opened, link clicked, credentials/data submitted, error), email, time, IP, details
  • Export campaigns and events to Excel

Groups, Templates, Pages & Profiles

  • Target groups: name, recipient data (synchronized from Gophish)
  • Email templates: name, subject, HTML and text content
  • Landing pages: name, HTML content; capture credentials and passwords; redirect URL
  • Sending profiles: name, sender address and name, SMTP host, port, credentials (password encrypted), ignore certificate errors
  • View details; preview landing page

Webhook & Access

  • Webhook for receiving events from Gophish (sending events from Gophish to SecBoard)
  • Gophish module guide with country-specific translations
  • Access by groups and companies; separate permissions for viewing campaigns, templates, landing pages, profiles, groups
  • Permissions for managing servers and performing synchronization

Use Cases

Connect Gophish and Synchronize

Add a Gophish server: specify the base API URL (e.g., https://gophish.example.com) and the API key from the Gophish admin panel. Link the server to a company. Test the connection. Run synchronization — campaigns, target groups, email templates, landing pages, and sending profiles from Gophish will appear in SecBoard. Campaign results and events are also synchronized. View the synchronization log to monitor errors and the number of updated records.

Analyze Training Campaign Results

In the campaign list, view the status of each (draft, running, completed, paused, error). Open a campaign for details: how many emails were sent, how many recipients opened the email, clicked the link, entered credentials or data. View events by type, recipient email, time, and IP. Export campaigns or events to Excel for reporting and further analysis.

Review Templates and Landing Pages

After synchronization, SecBoard provides access to email templates (subject and content), landing pages (HTML, credential/password capture settings, redirect), target groups, and SMTP sending profiles. Use them to control campaign content without switching to Gophish. A preview is available for landing pages.

Access Segregation by Company

Access to the Gophish module is configured by user groups. Each group is assigned a list of companies — users only see servers and data (campaigns, groups, templates, etc.) from those companies. Separate permissions: view campaigns, templates, landing pages, sending profiles, groups; manage servers; perform synchronization. This allows training campaigns to be separated between departments or companies.

Webhook for Events

The module supports a webhook for receiving events from Gophish. Configure Gophish to send events (e.g., email opened, link clicked) to the SecBoard webhook URL — events will be stored and displayed in the module for real-time monitoring without waiting for the next synchronization.

Technical Details

Architecture

Gophish module: connects to an external Gophish API via a base URL and API key (key stored encrypted). Data synchronization: campaigns, target groups, email templates, landing pages, sending profiles, and campaign results are stored locally, linked to the server and the Gophish identifier. Campaign events (type, recipient, time, IP, details) are stored for analysis. The synchronization log records the type, status, and statistics. A webhook accepts incoming events from Gophish. SMTP passwords in sending profiles are stored encrypted. Guide with country-specific translations. Data in the project database.

Security

Gophish API keys and SMTP passwords are stored encrypted. Access is managed by groups and a company list; permission checks when viewing campaigns, templates, pages, profiles, groups, managing servers, and performing synchronization. CSRF protection and input validation. The webhook may require source request verification according to the project's implementation.

Scalability

Lists of servers, campaigns, events, and other entities with pagination and filtering; queries linked to server and company. Synchronization is performed on demand or on a schedule (depending on project implementation); data volume depends on the Gophish API. Excel export is handled within a typical request.

Customization

Gophish servers: name, URL, API key, company. Synchronization: select type (full or by category). Separate group-based access permissions: view campaigns, templates, landing pages, profiles, groups; manage servers; synchronization. Company list for data visibility restriction. Guide with basic content and country-specific translations.

Frequently Asked Questions

What is Gophish and why integrate it?

Gophish is a platform for conducting training phishing campaigns: sending emails to target recipients, landing pages to capture clicks or submitted data, and collecting results. Integration into SecBoard allows you to connect one or more Gophish servers via API, synchronize campaigns, groups, templates, pages, and profiles in one place, view results and events, and export data to Excel without needing to log into each Gophish instance separately.

How do I connect a Gophish server?

In Gophish, obtain an API key (from the admin panel). In SecBoard, add a server: specify a name, the base API URL (e.g., https://gophish.example.com), and the API key. Select a company. The API key is stored encrypted. After saving, you can test the connection and run data synchronization.

What is synchronized from Gophish?

Synchronized data includes: campaigns (name, status, associated template, page, profile, groups, dates, results), target groups, email templates (subject, content), landing pages (HTML, data capture options, redirect), and sending profiles (SMTP). You can perform a full synchronization or only by selected types (e.g., only campaigns and results). The synchronization log shows the status and the number of processed records.

What campaign events are stored?

Events: email sent, email opened, link clicked, credentials submitted, data submitted, error. For each event, the recipient's email, name (if available), time, IP address, details, and optionally the user agent string are stored. Events are synchronized from Gophish or received via the webhook. They can be viewed in the events section and exported to Excel.

Can I export data?

Yes. Export of the campaign list to Excel and export of campaign events to Excel are available. Event export is also possible for a selected campaign from its card. Data is exported respecting the user's access rights (only companies the user has access to).

How is access restricted by company?

Access is configured by user groups. Each group is assigned a list of companies — users only see Gophish servers and the associated campaigns, groups, templates, pages, and profiles for those companies. If the company list is not specified, the group has access to all companies. Separate permissions: view campaigns, templates, landing pages, profiles, groups; manage servers; perform synchronization.

What is the webhook?

The webhook is a URL to which Gophish can send events (e.g., when a recipient opens an email or clicks a link). If Gophish is configured to send events to the SecBoard webhook, events will appear in the module without waiting for the next synchronization. This allows for near real-time monitoring of campaign results.

Related Modules

Security Awareness Training

User Cabinet & Authentication

Incident Management

Ready to Get Started?

Explore this module and enhance your organization's security posture