Explore the user menu

Fluid Attacks' platform allows you to manage your personal settings through options accessible through the user menu. To open this menu, click on your username at the top-right corner of your screen. This page guides you through each of the available features.

See your name, email, phone number and role

The top of the user menu displays your username, email address, mobile phone number and role within the organization. Bear in mind that your role at the group level is not necessarily the one you have at the organization level. To learn about the available roles and their permissions, read Understand roles.

See user info and details on the Fluid Attacks platform

Generate or revoke the API Token

The API token option lets you generate or revoke a token for accessing and utilizing the platform's API as well as Fluid Attacks' integrations. To generate the token, go to API token > Add token, enter a name and expiration date up to six months from the current date, and click Confirm. To revoke the token, go to API token > Revoke. For more information about API token management, read Learn the basics of the Fluid Attacks API.

Find API token option on the Fluid Attacks platform

API token option in the user menu

Manage API token on the Fluid Attacks platform

API token management pop-up window

Manage notifications

The Notifications option directs you to a platform section that allows you to customize the alerts you want to receive at your email address. For a comprehensive understanding of each alert, read Enable and disable notifications.

Find Notifications option on the Fluid Attacks platform

Notifications option in the user menu

Notifications section

In this section, you can indicate the CVSS severity score lower threshold to get Vulnerability alert notifications. Just specify the value in the Minimum severity field.

Set minimum severity for notifications on the Fluid Attacks platform

Manage your trusted devices

Trusted devices are registered during the platform login process. This feature temporarily eliminates the need to provide a verification code when you access the platform with those devices. You can see a list of the latter in the section accessible by clicking the Trusted devices option.

Find Trusted devices option on the Fluid Attacks platform

Trusted devices option in the user menu

Manage trusted devices on the Fluid Attacks platform

Trusted Devices section

The trusted devices table provides you with the following information:

Device: Operating system
Location: Country of login
Browser: Browser name
First sign-in: Initial login date
Recent activity: Last login date from the trusted device.

To delete the device, simply click on the trash can icon ( Remove trusted device on the Fluid Attacks platform ).

Note: Please be aware that if you tick the checkbox "I trust this device. Don't ask code for 180 days" during login, your device then retains the following information:

The "jti", which is an ID of a JSON Web Token (JWT), stored in browser cookies
Your web browser details
Your operating system details

However, if you do not select this option, the platform then requires a one-time password (OTP) each time you log in.

Register or change your phone number

The Mobile option enables you to register or update your mobile phone number, a requirement for downloading reports from Fluid Attacks' platform reports.

Find Mobile option on the Fluid Attacks platform

Clicking Mobile opens a pop-up window. If you have not registered your number yet, add it and enter the verification code sent via SMS or WhatsApp message.

If your number is already registered, you can change it by clicking Edit, providing the new number and following the verification steps.

Edit phone number on the Fluid Attacks platform

Mobile pop-up window

Manage your phone number on the Fluid Attacks platform

Option to edit phone number

Ethics Hotline

The Ethics Hotline option takes you to a third-party platform where you can submit anonymous feedback. You can report cases such as complaints on your behalf or other's. However, cases regarding positive experiences are also allowed for submission.

Find anonymous reporting option on Fluid Attacks platform

Delete account

Choose Delete account to trigger the steps to permanently remove your account and access privileges if you no longer need the platform.

Find account deletion option on the Fluid Attacks platform

A warning message appears before deletion, emphasizing that account restoration is impossible.

Confirm delivery of account deletion email on the Fluid Attacks platform

Note: Regardless of their role, all members are automatically removed after 90 days of inactivity.

Log out

Use Log out to end your current session on Fluid Attacks' platform.

Platform version

The user menu displays the commit hash ID and deployment date and time of the latest Fluid Attacks platform update. Clicking the commit hash takes you to GitLab, where you can view detailed change information like the specific file changed, modified code lines, and the developer responsible for the commit.

View as client

A Fluid Attacks staff role is required

When enabled, the View as client feature allows you to use the platform sections and functions currently available to Fluid Attacks clients. While disabled, you can use features only available to Fluid Attacks staff.

View the Fluid Attacks platform as client

Feature preview