Navigating Fluid Attacks' platform offers straightforward access to multiple functionalities. Like identifying your user profile, registering your mobile number, getting the API token, managing your trusted devices, customizing email notifications, setting CVSS score thresholds, managing account deletion, and logging out, all accessible through a convenient drop-down menu.
Below, we will explain in detail the information inside this menu and how it can be helpful to you as a user. It is important to remember that this menu is accessible through the upper right corner, hovering over the username and the icon next to it.
When you open this menu, the first information you will find will be your username on the platform, the e-mail address you use to log in, and your role within the organization.
It is important to note that your role within a specific group may change. If you would like more detailed information about roles, please click here for more details.
By clicking on this option, you can generate the token to access and use the API of our platform.
You will be able to set an expiration date before generating the token. Please visit the following link for detailed information about the token generation process. Also, you can access this other link to learn how to integrate this tool into your scripts or use the API in GraphQL.
Next, you will find the Notifications option, which lets you choose which notifications you want to activate and receive at your email address.
If you want to obtain detailed information about each type of notification, we invite you to follow this link.
In this section, you can also find the Minimum Severity control, which helps you to configure the CVSS (Common Vulnerability Scoring System) severity range that you want to receive in the Vulnerability Alert notification. According to the number you leave in this section, vulnerabilities with a severity higher than the limit you set will be reported.
Trusted devices are added during the platform login process. You can access the list by clicking on the option Trusted devices in the user menu.
Please be aware that if you tick the checkbox "I trust this device. Don't ask code for 180 days" during login, your device will retain the following information:
The "jti", which is an ID of a JSON Web Token (JWT), stored in browser cookies
Your web browser details
Your operating system details
However, if you do not select this option, the platform will require a one-time password (OTP) each time you log in.
The trusted devices table provides you with the following information:
To delete the device, simply click on the trash can icon.
Next is Mobile, which allows you to register your mobile phone number. This registration is required to access Fluid Attacks' platform reports.
When you click on the Mobile option, a pop-up window will appear. If you have yet to register your mobile phone, you will be asked to add your number and then enter the verification code sent via SMS to complete the registration. If your number is registered and successfully confirmed, you will have the option to change it. To do this, click the Edit button and follow the verification procedure.
Next on the menu is the Delete account option. This will allow you to delete your account if you are no longer using the platform. Your access privileges will be deleted along with the account. Before proceeding, a warning message will appear, reminding you that you will not be able to restore your account afterward.