Know your Groups section | Fluid Attacks Help

Know your Groups section

Groups correspond to single projects in the Fluid Attacks platform that clients create for each of their applications or software products to manage their vulnerabilities separately. Therefore, you may have several groups. When you create a group, Fluid Attacks' multi-method vulnerability scanner starts assessing the system associated with it in search for vulnerabilities. Moreover, if you are subscribed to the Advanced plan, Fluid Attacks' hacking team also assesses your system.

The platform has a Groups section which is described in detail below.

Scope overview

Scope overview in the Groups section gives you information on the total covered and missed contributing authors and repositories across the organization's groups.

Understand the Scope overview info on the Fluid Attacks platform

Particularly, this is the information provided in Scope overview:
  • Covered authors: Total number of authors who have made commits to the repository or repositories
  • Covered repositories: Total number of repositories at the organization level that have been added to groups for source code analysis
  • Missed authors: Total number of authors who have made commits to missed repositories
  • Missed repositories: Total number of repositories are not included in groups for source code analysis (learn more about these in See retrieved repositories not yet added to any group)

Clicking on any of these four boxes will redirect you to the platform's Outside section.

Group table

In the group table, you find the names of all the groups you have access to within your organization, along with details about the groups and your role in it. This table has seven columns, the contents of which may be organized alphabetically or numerically (either in ascending or descending order) by clicking on the arrows next to each column name. You can filter the table by group name or subscription plan, and you can use the search box to display only the rows that have the content you type in it.

View the group table on the Fluid Attacks platform

The groups table provides you with the following information:

  • Group name: The name your organization has given to the group
  • Group status: The group's payment status, which can be one of the following:
    • Subscribed: A valid payment method has been provided
    • Free-trial: The group is assessed under the free trial of the Essential plan, which does not require providing a payment method
    • Suspended: Either the validity of the provided payment method is being analyzed or a payment method has not been provided upon completion of the free trial
  • Plan: Either the plan to which the group is subscribed or the indication that the group is assessed under a free trial; accordingly, this column may display one of the following values:
    • Essential: Secures your application through completely automated security testing and help in vulnerability remediation
    • Advanced: Leverages the Essential plan features and the manual security testing and help in understanding vulnerabilities from an ethical hacking team
    • Free-trial: Secures your application through all the Essential plan features for 21 days
  • Vulnerabilities: Either the total number of vulnerabilities detected in the system(s) associated to the group or the status of the assets provided for the group; accordingly, this column may display one of the following values:
    • Add root: The group exists but a root to assess has not been added
    • Cloning: A repository is being cloned for security testing
    • Cloning error: There is an error in the cloning process of all the group's roots
    • Testing: A successfully cloned root is being tested
    • No vulnerabilities: No vulnerabilities have been found in the system(s) associated to the group
    • [#] types found: The total number of vulnerabilities detected in the group
  • Description: A short description of the group written during its creation
  • Role:
     Your role
     within the group, which can be one of the following:
    • User:  Role for those responsible for understanding and remediating vulnerabilities detected in your software projects
    • Vulnerability Manager: Role for those responsible for reviewing the requests of developers (generally with the User role) and tracking progress in remediation
    • User Manager:  Role for those responsible for granting access and roles, managing the target of evaluation and policies, and tracking progress in remediation
  • Events: The number of unsolved events in the group (i.e., situations that prevent the assessment of part, or the entire, target of evaluation

You can access sections dedicated to a group by clicking on its name. Your access to the group sections and usage of their available functionalities depend on your role on the platform. You can read a short description of each group-level section on the page Platform sections and header items.

Create a new group

Role requirement infoRole required: User Manager
Warning on creating groupsCreating a new group increases the cost of Fluid Attacks' Continuous Hacking so make sure it is a concerted action within your organization.
To start creating a new group, you need to click on the New group button in the Groups section. Read the page Create and delete groups for a detailed description of the steps.

Use the option to create a new group on the Fluid Attacks platform

Filter group table data

Role requirement infoRole required: User, Vulnerability Manager or User Manager
Filters allow you to limit the data you visualize, facilitating your search. The Group section has a Filters button which, upon click, allows you to filter the group table by either group name or plan (Essential or Advanced).
Filter the group table on the Fluid Attacks platform

Any filter applied will be shown next to the Filter button. You can easily clear a filter by clicking on the X next to it.

Clear filters in group table on the Fluid Attacks platform

Search the group table

Role requirement info
Role required: User, Vulnerability Manager or User Manager
By typing in the search bar in the Groups section, you filter the group table so that the only rows that are shown are those containing the content you type.

See events impeding tests in groups

Role requirement infoRole required: User, Vulnerability Manager or User Manager
As mentioned above, in the group table, you find a column called Events. These are situations that need your prompt attention to resume the expected course of security testing. In this column, you can discover how many unsolved events need your attention in each of your groups. If you click on this column's contents, you are directed to the Events section of the corresponding group.

Whenever you enter the Groups section and there are unsolved events in one or more groups, a banner appears for a short amount of time. The banner informs of the number of groups that have unsolved events, how many of the latter there are in total, and the number of days since the oldest of those events was reported. By hovering over it, a tooltip appears which tells you the name(s) of the group(s) in question.

View unsolved events banner on the Fluid Attacks platform

To learn about the types of events and managing them, read the page Resolve Events impeding tests.

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.