Navigating Fluid Attacks' platform offers straightforward access to multiple functionalities. Like identifying your user profile, registering your mobile number, getting the API token, managing your trusted devices, customizing email notifications, setting CVSS score thresholds, managing account deletion, and logging out, all accessible through a convenient drop-down menu.

Below, we will explain in detail the information inside this menu and how it can be helpful to you as a user. It is important to remember that this menu is accessible through the upper right corner, hovering over the username and the icon next to it.

See your name, email, phone number and role

When you open this menu, the first information you will find will be your username on the platform, the e-mail address you use to log in, and your role within the organization.

It is important to note that your role within a specific group may change. If you would like more detailed information about roles, please click here for more details.

Generate or revoke the API Token

By clicking on this option, you can generate the token to access and use the API of our platform.

You will be able to set an expiration date before generating the token. Please visit the following link for detailed information about the token generation process. Also, you can access this other link to learn how to integrate this tool into your scripts or use the API in GraphQL.

Manage notifications

Next, you will find the Notifications option, which lets you choose which notifications you want to activate and receive at your email address.

If you want to obtain detailed information about each type of notification, we invite you to follow this link.

In this section, you can also find the Minimum Severity control, which helps you to configure the CVSS (Common Vulnerability Scoring System) severity range that you want to receive in the Vulnerability Alert notification. According to the number you leave in this section, vulnerabilities with a severity higher than the limit you set will be reported.

Manage your trusted devices

Trusted devices are added during the platform login process. You can access the list by clicking on the option Trusted devices in the user menu.

Please be aware that if you tick the checkbox "I trust this device. Don't ask code for 180 days" during login, your device will retain the following information:

• The "jti", which is an ID of a JSON Web Token (JWT), stored in browser cookies

• Your web browser details

• Your operating system details

However, if you do not select this option, the platform will require a one-time password (OTP) each time you log in.

The trusted devices table provides you with the following information:

• Device: Name of the operating system.
• Location: Country and city where the login occurred.
• Browser: Name of the browser.
• First sign-in: The date of the initial login.
• Recent activity: Date of last login from the trusted device.

To delete the device, simply click on the trash can icon.

Register or change your phone number

Next is Mobile, which allows you to register your mobile phone number. This registration is required to access Fluid Attacks' platform reports.

When you click on the Mobile option, a pop-up window will appear. If you have yet to register your mobile phone, you will be asked to add your number and then enter the verification code sent via SMS to complete the registration. If your number is registered and successfully confirmed, you will have the option to change it. To do this, click the Edit button and follow the verification procedure.

Delete account

Next on the menu is the Delete account option. This will allow you to delete your account if you are no longer using the platform. Your access privileges will be deleted along with the account. Before proceeding, a warning message will appear, reminding you that you will not be able to restore your account afterward.

Log out