Enable and disable notifications | Fluid Attacks Help

Enable and disable notifications

Notifications are an excellent way for you to have an up-to-date understanding of the activity concerning your system’s vulnerabilities and your groups on our platform. These notifications are sent directly to your email address or mobile phone (via SMS). You are free to customize the notifications you wish to receive in the Notifications section on the platform.

To access this section, you need to click on the user information drop-down menu and choose then Notifications. By toggling the on/off button, you can enable or disable the delivery of each notification to your registered email or mobile phone.

Matrix

The following are the kinds of notifications we send from the platform.

Notifications for clients

Vulnerability assignment

If you enable these notifications, you will receive an email when a vulnerability is assigned to you, informing you of its location and the group where it was reported. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, you will be directed to that type of vulnerability on the platform.

Vulnerability Assignment

Treatment updates

If you enable these notifications, you will receive an email whenever new treatments for vulnerabilities are defined or changes to them occur within your organization. This notification will inform you of the type of vulnerability, the group where it was reported, who defined the treatment and what treatment it is. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, you will be directed to that type of vulnerability on the platform.

Treatment Updated

Inactivity alert

If you are a user manager and enable these notifications, you will receive an email when three weeks have elapsed since you last logged in to the platform.

Inactivity Alert
Note on Inactivity alertNote: Regardless of their role, all members are automatically removed after 90 days of inactivity.

Access granted

To join a specific organization or group on our platform, an invitation from a user manager is required, which you must confirm. Upon receiving an invitation, you'll be notified via email: "Access granted to [group's name] on the platform by Fluid Attacks." This email includes details about the inviter, the group's name, description, and a link to our Privacy Policy, which you must agree to upon confirming the invitation. This confirmation grants you access to the platform. At the bottom of the email, two buttons are provided: one to Confirm access and the other to Reject access. Please note that you have seven calendar days to confirm the invitation before it expires.

Access Granted

Note on Access grantedNote: This notification will also be sent to authors who have not joined the platform.

Root updates

Role requirement info
Role required: User Manager

Root added

This notification is generated when a new root is to be created in the Scope section. The information displayed in this notification refers to the fields validated to make a root. The role that will receive this notification is User Manager.

Root Added

Root moved

Our platform makes it possible to correct errors such as having created a root in the wrong group. If you enable Root updates notifications, you will receive a Root Moved email whenever a root is moved to another group. The message includes which root was moved, where from and where to.

Root Moved

Root deactivated

Our platform allows you to deactivate a root when it does not exist anymore, was changed, or added by mistake. You can also deactivate roots for which you no longer want an assessment. If you enable Root updates notifications, you will receive a Root Deactivated email along with the reason for deactivation, how long the root was registered on our platform and the closed vulnerabilities that were found with SAST and DAST.

Root Deactivated

Updated root

This notification is created when updating an existing root in the Scope section. Any field that is updated or information is changed will be notified. The role that receives this email is the User Manager.

Root Updated

Group vulnerabilities report

Role requirement info
Role required: Vulnerability Manager or User Manager

If you request a report of your group, you will receive an email that will allow you to download the report by clicking on the button Go to report. Your access will be granted for one hour only.

Report Available

Vulnerability alert

If you enable these notifications, you will get emails informing you when Fluid Attacks identifies (or your team remediates) a vulnerability in your systems with a critical or high severity score. The message will contain the type of vulnerability and its severity. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, it will send you to the reported type of vulnerability on the platform.

Vulnerability Alert

Event alert

If you enable these notifications, you will receive emails telling you when a new event is reported and solved in a group. The message will include the type of event, the date when it was created and the elapsed days without a solution. Additional emails are sent when:

  • Seven days have passed and the event is still open and unsolved;
  • Thirty days have passed and the event is still open and unsolved;
  • The event is solved.

At the end of the message, you will see a button that says Go to event. When you click on it, it will send you to the report of the event on the platform.

Event Alert

Policies update

Role requirement info
Role required: User Manager

If you are a user manager or customer manager on our platform, you will receive emails notifying any updates to your organization’s acceptance policies. The message will include the name of the organization whose policies were changed and the policies’ name and new selected values.

Policies Update

Treatment report

Role requirement info
Role required: Vulnerability Manager or User Manager

If you are a user manager or vulnerability manager, you will receive an email when a vulnerability has Temporarily Accepted treatment request and acceptance.

Treatment Report

User unsubscription

Role requirement info
Role required: User Manager

This notification will be triggered when any user unsubscribes from any group.

User Unsubscription

DevSecOps agent token

Role requirement info
Role required: User Manager

You will receive this notification when a new token is updated for your agent to implement in the pipeline.

Agent Token

Updated group information

Role requirement info
Role required: User Manager

This notification will be generated if any information of the group is edited or modified.

Updated Group

Updated services

Role requirement infoRole required: User Manager

You will receive this notification via email called Services Updated, which will be generated when any of the Services fields in the Scope section are modified.

Updated Services

File report

Role requirement infoRole required: User Manager

This notification will be generated when a file is added or deleted under Files in the Scope section.

File Report

Environment report

Role requirement infoRole required: User Manager

This notification will be generated when a new environment has been created, edited, or deleted.

Environment Report

Portfolio report

Role requirement info
Role required: User Manager

This notification will be generated when adding or deleting a tag under Portfolio in the Scope section.

Portfolio Report

Root status

Role requirement info
Role required: User Manager

This notification will be generated when any situation affects registered root and Fluid Attacks' team can't clone or access the root.

Root Cloning

Confirm deletion

This notification will arrive when a user decides to delete their account from our platform.

Confirm Deletion

API deprecation notice

This notification will be sent to all users with an API token, reminding them which fields of the API token will be deleted in the following month.

Deprecation Notice

Missing registered environments

Role requirement info
Role required: Vulnerability Manager or User Manager

This notification will be generated when no environments have been registered in a group.

Missing Environments

Consulting digest

Role requirement info
Plan required: Advanced
The consulting digest will notify you in a daily email with a report of the comments detected in Consulting sections according to the groups you are part of in the platform.

General consulting

Temporary treatment alert

This notification will be sent daily to the users with vulnerabilities assigned under the Temporarily Accepted treatment, having just seven or fewer days until the end of this treatment. This notification will report all vulnerabilities classified according to the group.

Temporary alert report

Group alert

This notification is generated when a group is removed from the platform, notifying all users of that group.

Group alert

Event digest

If you activate these notifications, you will receive a list of all the events generated the previous day in all the groups you can access on the platform. This notification is sent daily but will only be sent if events have been generated in that period.

Event digest notification

DevSecOps expiration

This notification will notify you seven days before the agent's token expires, giving you enough time to regenerate a new token. This notification will be sent to users who have the User role. You can activate this in the notification matrix in group information.

DevSecOps expiration notification

Connector down

If you use the "Connector" connection, you will receive weekly notifications when the connector status is down, alerting you if there is connectivity disruption.

Connector down notification

Free-trial-exclusive notifications

Free trial start

This notification will be sent to new users who have completed the enrollment, i.e., when the user completes the process of creating the repository, the organization and the group.

Trial Start

Abandoned trial

If you are a user who started the free trial registration you will receive this notification reminding you that you are just a few steps away from completing the self-enrollment where you can use and enjoy all the benefits of the platform free of charge for 21 days.

Abandoned trial

Add repositories

If you are a user who successfully completed the free trial registration you will receive this notification telling you that you can add more repositories to scan for vulnerabilities.

Add repositories

Add members

If you are a user who completed the free trial registration successfully, you will receive this notification informing you that you can add more team members or co-workers who can use the platform to review vulnerabilities and contribute to vulnerability fixes.

Add members

Define treatments

This notification will be sent to you if you are a user who has completed the free trial registration encouraging you to apply the different treatments to your vulnerabilities to orderly manage them.

Define treatments

DevSecOps agent

This notification will be sent to you if you are a user who completed the free trial registration We recommend that users install the agent on their CI to avoid passing to open production vulnerabilities.

Devsecops agent

Trial reports

If you are a user who completed the free trial registration and are enjoying the Continuous Hacking solution, you will receive this notification where we remind you that you can download the reports with information about your vulnerabilities.

Reports

Free trial over

Once you receive this notification, you will receive an email informing you that the free trial is over. You can continue to enjoy Continuous Hacking by contacting a salesperson or having a Customer Success section to give Fluid Attacks feedback on your experience using the platform.

Free trial over

CS Improve

When you receive this notification, you will receive an email invitation to a Customer Success section. In this section, we want to hear from our new users how they have experienced the platform, improvement areas, and features to highlight.

CS section

Support channels

This notification will be sent to you if you are a user who completed the free trial registration and is enjoying the Continuous Hacking service. We will remind you that we have several support channels you can use when you have questions, concerns, or need help on the platform.

Support

Trial ended

When you receive this notification, you will receive an email reminding you that the Free Trial has ended and you enjoyed the 21 free days of the Continuous Hacking plan. With this reminder, you can continue with the service by contacting a salesperson, or you can also download the information on the vulnerabilities reported in that time of usability of the platform.

Trial done

Trial ending

If you receive this notification, you will receive an email that your Free Trial plan will end in three days. Here you have two options: Contact a salesperson or download all the vulnerabilities reported in that time.

Trial ending soon

Upgrade to Advanced

You will receive an email notifying you of Advanced plan benefits for our platform, inviting our new users to include this plan in the vulnerability validation of their software.

Advanced

Notifications exclusive to Fluid Attacks staff

Draft updates

New draft

When reporting a vulnerability in a group, hackers may need to add a type of vulnerability in which to include it. In this scenario, they must submit a vulnerability draft. If you enable Draft updates notifications, you will receive an email telling you when a draft is submitted for revision.

New Draft

Draft rejected

If you enable Draft updates notifications, you will receive an email telling you when a draft is rejected (its status then changes to not-submitted). The message tells you who rejected it, the name of the type of vulnerability and who had submitted it. At the end of the message, you will see a button that says Go to draft. When you click on it, it will direct you to the draft.

Draft Rejected

Vulnerability updates

Vulnerability remediated

If you are part of Fluid Attacks' Reattack Team and enable Vulnerability updates notifications, you will receive email notifications when a client asks to verify the fix they have implemented for a vulnerability with a reattack. The message contains who requests the reattack, what vulnerability type is said to be remediated and in which group. At the end of the message, you will be presented with a button that says Go to type of vulnerability, which will lead you to the type of vulnerability in question.

Vulnerability Remediated

Type of vulnerability deleted

If you enable Vulnerability updates notifications, you will receive email notifications when a type of vulnerability or a draft are removed by a hacker, reviewer or architect. The message will contain who removed it, in which group, the name of the type of vulnerability, the ID and the justification.

Vulnerability Deleted

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.