Enable and disable notifications | Fluid Attacks Help

Enable and disable notifications

Notifications are an excellent way to stay informed about your system's vulnerabilities, group activity, scope changes, and updates on Fluid Attacks' platform.

You have the flexibility to customize the notifications sent to your email in the Notifications section of the platform:
  1. Click on the user menu located at the top-right corner of your screen.
  2. Find user menu on the Fluid Attacks platform

  3. Select Notifications from the menu.
  4. Find Notifications section on the Fluid Attacks platform

  5. In Notification configuration, toggle the on/off button next to a notification type to enable or disable its delivery to your email.
  6. Manage notifications on the Fluid Attacks platform
    Advice on notification type
    Hover over a notification type to see a short description.

The following are the descriptions of the types of notifications offered by Fluid Attacks.

Notifications for clients

DevSecOps agent token alert

Role requirement info
Role required: User Manager

DevSecOps agent token

When the DevSecOps agent token alert notification is enabled, you receive an email when a new token is generated or reset to use Fluid Attacks' CI Agent. The message indicates the email address of the group member who generated or reset the token and on what date.

Enable the Agent token on the Fluid Attacks platform

DevSecOps expiration

If the DevSecOps agent alert is enabled, you receive an email seven days before a group's CI Agent token expires, reminding you that the token must soon be updated. The message informs you of the group's name, the token's expiration date and the path on the platform to update the token.

Enable DevSecOps expiration notification on the Fluid Attacks platform

Event digest

If enabled, you receive an email listing all the events generated the previous day in all the groups you have access to. Events are situations from your side that prevent security testing of part of the scope or its entirety. This notification also shows any new comments added in the events' Consulting sections.

Enable Event digest notification on the Fluid Attacks platform

Event alert

When enabled, you are notified via email about new events reported and solved within a group. The notification of unsolved events includes details such as event type, creation date and days it has remained unsolved. Additional emails are sent at specific intervals (seven days and 30 days) if the event remains open, and a final email is sent when the event is solved. The latter includes your team's description of the solution given. Each notification provides a direct link to the event report on the platform.

Enable Event alert notification on the Fluid Attacks platform

Files updates

Role requirement infoRole required: User Manager

When enabled, you receive an email whenever a file is added or deleted in the Scope section. The message informs of the email address of the member who added or deleted the file, as well as what the file's description and name are.

Enable file updates notification on the Fluid Attacks platform

Group information

Role requirement info
Role required: User Manager

Group alert

If Group information notifications are enabled, you receive an email when your group is removed from the platform. The message shows relevant information such as the email of the member who deleted the group, the subscription plan and the reason for deletion.

Get notified if a group is removed on the Fluid Attacks platform

When the group deletion is confirmed, you get an email announcing it. The details provided are the same as those in the previous email.

Get the group deletion confirmation email from the Fluid Attacks platform

Updated group information

If the Group information notification is enabled, you receive an email when there is any modification to the group information. The message says who modified the information and what the previous and current values are.

Enable group updates notification on the Fluid Attacks platform

Policies update

When the Group information notification is enabled, you receive emails about any updates to your policies. The message specifies the organization, the policy name, and the new selected values. It also provides the direct link to your policies.

Enable policies update notification on the Fluid Attacks platform

Newsletter

If enabled, you get weekly emails about implemented and upcoming features or enhancements in Fluid Attacks' products.

Get the Fluid Attacks platform newsletter

Consulting

Role requirement info
Plan required: Advanced
When enabled, you receive an email reporting new comments posted in the Consulting sections of your groups the day before. The message indicates the group's name, the event's ID or type of vulnerability's name, the comments and the date and time these were posted.

Enable Consulting digest notification on the Fluid Attacks platform

Portfolio updates

Role requirement info
Role required: User Manager

When enabled, you receive an email whenever a portfolio tag is added or removed from a group. These tags are useful to compare Analytics information between selected groups and are managed in the Scope section. The message informs you of the group in question, tag name, and date it was added or removed.

Enable the portfolio updates notification on the Fluid Attacks platform

Inactivity alert

If enabled, you receive an email if you have not logged into the platform for three weeks.

Enable Inactivity alert on the Fluid Attacks platform
Note on Inactivity alertNote: Regardless of their role, a member is automatically removed after 90 days of inactivity.

Root updates

Environment report

Role requirement infoRole required: User Manager

If Root updates is enabled, you get emails whenever an environment has been added, edited or deleted. The message reports who was responsible, the date, the associated Git root and the environment URL.

Enable the Environment report notification on the Fluid Attacks platform

Missing environment

Role requirement info
Role required: Vulnerability Manager or User Manager

If you have Root updates enabled, you receive an email if, after seven days of a group's creation, no environments have been registered to be tested. This email is repeated every 30 days from the group's creation date if no environments are added. The message indicates the group's name and age. Moreover, it provides a link to the Fluid Attacks documentation on adding environments.

Get Missing environment email from the Fluid Attacks platform

Root added

Role requirement info
Role required: User Manager

When Root updates is enabled, s notification is sent to your email whenever a new root is added in your group's Scope section. It displays the email address of the member who added it and some relevant information about this target of evaluation, such as the evaluated branch and whether Health Check (i.e., manual testing of the preexisting source code) was requested.

Enable Root added notifications from the Fluid Attacks platform

Root cloning status

Role requirement info
Role required: User Manager

If the Root updates notification is enabled, you are sent emails when any situation affects a registered root, and the Fluid Attacks team cannot clone or access it. The message details the date when cloning failed, as well as the root's ID and last modifier, among other information.

Enable Root cloning status notification on the Fluid Attacks platform

Root deactivated

Role requirement info
Role required: User Manager

If Root updates is enabled, you receive this notification when a root is deactivated. It includes details such as the reason for deactivation, how long the root was registered on the platform, and any vulnerabilities found in it with SAST and DAST scans that are closed as a result (i.e., marked with the 'Safe' Status).

Enable root deactivation notification on the Fluid Attacks platform

Root moved

Role requirement info
Role required: User Manager

If Root updates is enabled, you receive this notification if a root is moved to a different group. The email specifies which root was moved, its original location and its new location.

Enable Root moved notification on the Fluid Attacks platform

Updated root

Role requirement info
Role required: User Manager

This notification is triggered when Root updates is enabled, and an existing root in the Scope section is edited. The email informs of the nickname of the root that was modified, the email of the member who modified it, and the modifications, specifying the previous and current values.

Enable Root updated notification on the Fluid Attacks platform

Services updates

Role requirement infoRole required: User Manager

If enabled, you receive an notification via email when any of the Services fields in the Scope section, which configure the characteristics of the subscription of a group are modified. The message details who modified the information and what the previous and current values are.

Enable Services updates notification on the Fluid Attacks platform

Unsubscription alert

Role requirement info
Role required: User Manager

If enabled, this notification is sent when a person leaves any of your groups. The message informs you of the person's email, the group from which they left and the date it happened.

Enable Unsubscription alert notification on the Fluid Attacks platform

Treatment updates

Role requirement info
Role required: Vulnerability Manager or User Manager

Treatment report

When Treatment updates is enabled, you are notified via email when a Temporarily accepted or Permanently accepted treatment has been requested or approved for a vulnerability. The message indicates the vulnerability in question, who approved the treatment, and what comments they have, among other information.

Enable the treatment report notification on the Fluid Attacks platform

Updated treatment

When enabled, you are notified via email whenever new treatments for vulnerabilities are defined or existing ones are modified within your organization. The notification indicates the type of vulnerability, the group where it was reported, who was assigned, and the specific treatment applied. It also provides a direct link to the vulnerability type on the platform.

Enable treatment updates notification on the Fluid Attacks platform

Vulnerabilities expiring

When you have Treatment updates enabled, you receive daily emails from seven days until a Temporarily accepted treatment expires for vulnerabilities in your groups. The message indicates the name of the group, the type of vulnerability, the vulnerability's location, and the days remaining for expiration.

Enable the Temporary treatment alert on the Fluid Attacks platform

Vulnerability assignment

If enabled, you receive an email when vulnerabilities are assigned to you. This notification includes the name of the type of vulnerability, the vulnerability's location(s), the group where it was reported, and a direct link to the type of vulnerability on the platform.

Enable vulnerability assignment notification on the Fluid Attacks platform

Vulnerability alert

If enabled, you receive emails when Fluid Attacks identifies (or your team remediates) a vulnerability in your system with a CVSS score equal or higher than the one you specify in the Minimum severity field. The notification includes the name of the group, the type of vulnerability reported, its severity according to the CVSS v3.1 and v4.0, and a direct link to the type on the platform.

Enable vulnerability alert notification on the Fluid Attacks platform

Not configurable

Access granted

To join an organization or group on the platform, you need an invitation from a User Manager, which you must confirm. The invitation email contains the inviter's email address, the organization's or group's name and description, and a link to Fluid Attacks' Privacy Policy. By confirming the invitation, you agree to the Privacy Policy. You have seven calendar days to confirm before the invitation expires.

Get access to the Fluid Attacks platform

Note on Access grantedNote: This notification is also the one sent to authors when invited to join the platform.

API deprecation notice

If you use Fluid Attacks' API token, you are sent emails one month in advance when a field of the API token is going to be deleted. The message mentions the field(s) in question.

Get API deprecation notice from the Fluid Attacks platform

Confirm deletion

This notification is sent when you decide to delete your account from the platform. Clicking on the confirmation button effectively removes your account.

Get email to confirm account deletion from the Fluid Attacks platform

Group vulnerabilities report

Role requirement info
Role required: Vulnerability Manager or User Manager

If you request a vulnerability report for your group, you receive an email that allows you to download the file following the provided link. The latter is valid for one hour.

Get report email from the Fluid Attacks plaform

Missing member

Info on required role
Role required: User Manager

You get this email whenever a person is attempting to access the platform using an email with your company domain but they have not received an invitation to use the platform. The message informs you of the email address with which the attempt was made and provides you with the link to visit the platform and send the invitation if due.
Get the missing member email from the Fluid Attacks platform

New sign in report

You get this email every time you sign in using a one-time password (OTP). The message contains the location, IP address, browser, operating system and date associated with this activity. It also prompts you to report suspicious activity to your organization. Bear in mind that you do not receive this email if the device used for signing in is a valid trusted device.

Get the sign in email from the Fluid Attacks platform

SBOM file

You get this email after you request an export of your software bill of materials (SBOM). The message specifies how you configured the report and provides a link to download it.

Get the SBOM file email from the Fluid Attacks platform

ZTNA down

Role requirement info
Role required: User Manager

If you use the Connector connection, you receive notifications when the connector status is down, alerting you to any connectivity issues. The email informs you of relevant information, including the affected organization's name and the number of roots for which this connection is used.

Get the Connector down notification from the Fluid Attacks platform

Free-trial-exclusive notifications

Abandoned trial

This notification reminds users who started but have not completed the free trial registration that they are a few steps away from enjoying the Continuous Hacking Essential plan benefits for 21 days. The mentioned benefits focus on Fluid Attacks' multi-method vulnerability scans, single-pane-of-glass platform, and remediation support through artificial intelligence.

Get incomplete trial registration email from the Fluid Attacks platform

Abandoned trial 2

This notification is sent to users who have not completed the free trial registration 24 hours after they started it. Users are told that they just need to add their Git repository and can ask for guidance through the process at help@fluidattacks.com.

Get second incomplete trial registration email from the Fluid Attacks platform

Abandoned trial 3

This notification is sent to users who have not completed the free trial registration 48 hours after they started it. Users are encouraged to go to app.fluidattacks.com/SignUp and resume the registration steps. They are also told to contact help@fluidattacks.com if they need assistance.

Get third incomplete trial registration email from the Fluid Attacks platform

Free trial

This notification welcomes new free trial users who have completed the enrollment process. This email provides links to the Fluid Attacks platform's certifications and the Knowledge Base pages detailing the following: inviting members, installing the IDE extensions, and adding Git repositories to test.

Get free trial registration email from the Fluid Attacks platform

Free trial 2

This email is sent to free trial users three days after they have completed the enrollment process. It informs them about the possibility of using Fluid Attacks' integrations to learn the exact locations of vulnerabilities without needing to leave their IDE, as well as the features to get fix suggestions through generative artificial intelligence (gen AI).

Get Fluid Attacks extensions free trial email

Free trial 3

This email is sent to free trial users seven days after they have completed the enrollment process. It encourages them to take a look at the graphs and figures the platform offers in its Analytics sections, with a focus on tracking vulnerability remediation performance. The message also includes an invitation to complete the free online certifications for learning to use the platform.

Get Fluid Attacks Analytics free trial email

Free trial 4

This email is sent to free trial users 14 days after they have completed the enrollment process. It mainly encourages the use of Fluid Attacks' CI Agent, which can be run in CI/CD systems to break builds if they have vulnerabilities that are in noncompliance with the customized policies. The user is informed of the effectiveness of this measure in reducing the time until remediation, as evidenced in Fluid Attacks' latest annual report.

Get Fluid Attacks CI Agent free trial email

Free trial 5

This email is sent to free trial users 18 days after they have completed the enrollment process. It encourages users to upgrade to Fluid Attacks' paid plan that includes manual security testing performed by the hacking team, namely, Continuous Hacking Advanced. The user is informed of the advantages of this kind of tests for the identification of risk exposure and critical severity vulnerabilities, as evidenced in Fluid Attacks' latest annual report . Additionally, this email warns users that their information on the platform is deleted once they choose not to get a paid plan when the free trial expires.

Get Fluid Attacks free trial email about pentesting

Free trial 6

This email is sent to users the day their 21-day free trial expires. It instructs them on how to acquire a paid plan and asks them to provide their feedback or submit a review on Gartner Peer Insights.

Get Fluid Attacks free trial expiration email

Free trial 7

This email is sent to free trial users 24 days after they started the trial, that is, three days after its expiration, when they did not acquire a paid plan. Users are encouraged to shared their thoughts on Fluid Attacks' solution in an email to help@fluidattacks.com or a review on Gartner Peer Insights.

Get Fluid Attacks free trial expiration second email

Free trial 8

This email is sent to free trial users 27 days after they started the trial, that is, six days after its expiration, when they did not acquire a paid plan. Users are reminded of the importance of continuous cybersecurity. Further, they are asked to provide their questions or feedback at help@fluidattacks.com.

Get Fluid Attacks free trial expiration third email

Free trial over

This notification informs users that their free trial has ended and provides the option to continue using Continuous Hacking. It also says what happens to the information on the platform depending on the users' decision to get a subscription plan or not.

Get the Fluid Attacks free trial over email

Trial first scanning

This email informs free trial users about the first scan result or if a scanning failure occurred.

If the first scan found security vulnerabilities in their software, the message informs users of this result, encourages to begin fix work and provides a link to Fluid Attacks' platform.

Get free trial scan vulnerability results from the Fluid Attacks platform

If the scan did not find vulnerabilities, the message notifies users of this result instead and encourages them to add more repositories to test, providing a link to the platform.

Get free trial scan without results from the Fluid Attacks platform

If the first scan fails due to a cloning issue, users are notified in an email that prompts them to check the repository data or replace the repository if needed, and provides a link to the platform.

Get free trial scan failure from the Fluid Attacks platform


Notifications exclusive to Fluid Attacks staff

Credit card added

Authorized Fluid Attacks personnel get this email when a new credit card is added to an organization's payment methods. The message indicates the organization's name, the email of the user who added it, the card's last four digits, and the date it was added.

Get credit card notification from the Fluid Attacks platform

Draft updates

Vulnerability submission

As a security analyst, when you report vulnerabilities in a group, you do so as a draft for the approval or rejection of a reviewer. If you enable Draft updates notifications, you receive an email telling you when a draft is submitted. It includes relevant information such as the type of vulnerability, location(s), and CVSS severity score. At the end of the message, there is a button to direct you to the type of vulnerability.

Get the vulnerability submission email from the Fluid Attacks platform

Vulnerability rejection

As a security analyst, if you enable Draft updates notifications, you receive an email telling you when a draft is rejected (its status then changes to not-submitted). The message tells you relevant information such as who rejected it and for what reason, the name of the type of vulnerability, its CVSS severity score, and who had submitted it. At the end of the message, there is a button to direct you to the type of vulnerability.

Get the Vulnerability rejection email from the Fluid Attacks platform

New enrolled

Authorized Fluid Attacks personnel get this email when there is a new member in your organization on the platform. The message provides a link to the member's LinkedIn profile and other details, such as their email, phone number, and registered country.

Get the new enrolled email from the Fluid Attacks platform

Vulnerability updates for staff

Vulnerability remediated

Info on required role
A Fluid Attacks Reattacker role is required.

If you enable the Vulnerability updates notifications, you receive emails when clients asks to verify the effectiveness of the fix they have implemented for a vulnerability. The message contains for what type of vulnerability the reattack is requested, the client's description of their fix, and in which group the vulnerability is reported. By clicking the button at the end of the message, you are directed to the type of vulnerability on the platform.

Get the vulnerability remediated notification from the Fluid Attacks platform

Type of vulnerability deleted

If you enable Vulnerability updates notifications, you receive emails when a type of vulnerability or a draft are removed. The message contains the email address of the person who removed it and their justification, the group in question, the name of the type of vulnerability, and the type's ID.

Get type of vulnerability deleted email from the Fluid Attacks platform

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.