Bot Detection
What is Bot Detection?
Section titled “What is Bot Detection?”Bot detection prevents false positives in phishing simulations by identifying automated clicks from security scanners, gateways, or antivirus systems that access links before real users do.
When is it Triggered?
Section titled “When is it Triggered?”Detection runs whenever a tracking event is logged.\nIt flags suspicious behavior such as:
- Immediate clicks after delivery
- Known bot or cloud provider IPs (
ip_info.cloud.type)
Tracker Score
Section titled “Tracker Score”Each hit is assigned a score for classification:
| Score | Meaning |
|---|---|
100 | Valid user interaction |
0 | Unprocessed hit |
-5 | Potential false positive (bot activity) |
Manual Review
Section titled “Manual Review”- Update False Positive Status button: re-runs classification for a campaign
- Mark & Delete: manually flag or remove false positive hits
\
Configure Bot Detection for Immediate Clicks after Delivery
Section titled “Configure Bot Detection for Immediate Clicks after Delivery”- Go to Organization Page
- Under the Section
Phishgrid Configurations,- Enable Bot Detection
- Define the Duration for Bot Detection\n
| Mode | Duration | Description |
|---|---|---|
| Conservative | 5 seconds | Strict filtering — only ignores very early clicks. |
| Balanced | 10 seconds | Recommended default — balanced between accuracy and sensitivity. |
| Inclusive | 30 seconds | Broader filtering — useful for environments with aggressive scanning. |
| Tolerant | 60 seconds | Most lenient — ignores all hits within a full minute of delivery. |