Resolve events impeding tests | Fluid Attacks Help

Resolve events impeding tests

In the course of a security assessment, situations may arise that prevent Fluid Attacks' tool or analysts from testing part of the group's scope or maybe all of it. These situations, referred to as events, require your team's attention and resolution to ensure the assessment can continue effectively. The place on the platform where you can see a cumulative record of those situations, including those solved and unsolved, in your groups is its Events section.

Whenever you have events to solve, you are told so in a red banner in the Groups section and in the Vulnerabilities section of affected groups. The banner is shown for a few seconds only and informs the number of affected groups, unsolved events and days passed since the oldest of them was reported.

View events banner on the Fluid Attacks platform

You can hover on the banner to reveal the names of the affected groups.
Know which groups have events on the Fluid Attacks platform

When you enter a group, a red dot on the Events tab indicates the presence of at least one unsolved event within that group, signaling the need for your immediate attention. Click the tab to access the Events section.

Understand red dot for events on the Fluid Attacks platform

Know your events table

Role requirement info
Role required: User, Vulnerability Manager or User Manager

The table in the Events section provides comprehensive information about each event.

View events in a group on the Fluid Attacks platform

The following are short descriptions of the information provided in the table:
  • ID: A unique identifier for the event
  • Root: The nickname of the affected root (the latter refers to a top-level entry point you have registered for security testing)
  • Date reported: The date the event was initially reported
  • Description: A detailed explanation of the issue impeding the security assessment
  • Type: The category the issue falls under (read below the descriptions of event types)
  • Status: The current state of the event, which can be "Solved," "Pending" or "Unsolved" (read below about these event status categories)
  • Date closed: The date and time the event was resolved (if applicable)

Types of events

Fluid Attacks categorizes events as follows:

  1. Authorization for a special attack: A specific test requires explicit customer permission due to potential impact on availability or integrity.
  2. Cloning issues: There are problems with cloning the repository.
  3. Credentials issues: Access to the assets to test is prevented due to missing or invalid credentials.
  4. Data update required: User credentials or data need to be reset or updated to consume a service.
  5. Environment issues: There are issues with the testing environment, such as unavailability or functional problems.
  6. Installer issues: Problems arise when installing or running the application on mobile or desktop.
  7. Missing supplies: Necessary resources other than credentials are lacking.
  8. Network access issues: Loss of internet connectivity on the network port.
  9. Other: The issue does not fall into the predefined categories.
  10. Remote access issues: Problems with connection methods, hindering access to the environment.
  11. The client cancels a project milestone: The client cancels a predefined phase or deliverable within the project.
  12. The client explicitly suspends the project: The client temporarily suspends the project or excludes specific parts of the Target of Evaluation (ToE).
  13. TOE different than agreed upon: The client provides a ToE that is not covered by the Continuous Hacking plan.
  14. VPN issues: There are failures in the VPN connection.

Event status

In the platform's Events section, you find out about the state of an event in the Status column.

Find out the event status on the Fluid Attacks platform

An event progresses through the following statuses:
  1. Unsolved: The initial state upon reporting, requiring your action
  2. Pending: After you solve the event, and upon your request, the event awaits verification by Fluid Attacks
  3. Solved: The issue is successfully resolved and verified

    View event details

    Role requirement info
    Role required: User, Vulnerability Manager or User Manager

    Click on an event's ID in the table to access detailed information and a comment space. If your group has an Advanced plan subscription, the latter allows you to post comments for the Fluid Attacks team to see and respond to. Otherwise, it is a read-only section.

    Description

    In an event's Description section, you find the following information:

    1. Description: What the problem is (or was) specifically
    2. Solving reason: Why the problem is considered solved (if applicable)
    3. Root (nickname): The nickname of the affected root
    4. Reattacks on hold: The number of reattacks that have not been possible due to the event
    5. Date closed: The date Fluid Attacks verified the problem as solved (if applicable)

    View event description on the Fluid Attacks platform

    Evidence

    In the event's Evidence section, you find screenshots or videos as proof of the issue that is impeding tests. You can click on a piece of evidence to enlarge it and access the option to download it. If there are several items, you can click on Download File to download them in a ZIP folder.

    Download event evidence on the Fluid Attacks platform

    Consulting

    Role requirement info
    Plan required: Advanced

    Note on Consulting for EssentialNote: Consulting is available in view mode for groups subscribed to the Essential plan. This allows members to see comments but not post.
    The event's Consulting section is a forum-like space to have discussions about the event between your team and Fluid Attacks.

    Comment on an event on the Fluid Attacks platform

    Request a verification that the event is solved

    Role requirement info
    Role required: User, Vulnerability Manager or User Manager

    Once you have solved the reported issue, you can ask Fluid Attacks' team to verify that the event no longer applies, and testing can resume. To do this, proceed as follows:
    1. Access the group's Events section.

    2. Select the checkbox next to the event you solved.
    3. Select an event on the Fluid Attacks platform

    4. Click on the Request verification button.

    5. Provide a description (at least 10 characters) of the implemented solution in the pop-up window.
    6. Request event verification on the Fluid Attacks platform

    7. Click Confirm.
    The event's status then changes to Pending while Fluid Attacks verifies the effectiveness of your solution.

    View pending events on the Fluid Attacks platform

    If Fluid Attacks decides that your provided solution was not effective, you receive a notification telling you so. The outcome is also made available as a comment in the Consulting section. The process of verification is to be repeated as described above until the event is solved.

    Filter the events table

    Role requirement info
    Role required: User, Vulnerability Manager or User Manager

    Click the Filters button to access the options to filter the events table.

    Filter the events table on the Fluid Attacks platform

    Show or hide columns of the events table

    Role requirement info
    Role required: User, Vulnerability Manager or User Manager

    You can show or hide columns in the table by clicking on the Columns button and toggling the on/off button in front of each column name.

    Show and hide events columns on the Fluid Attacks platform

    Export the events table

    Role requirement info
    Role required: User, Vulnerability Manager or User Manager
    Warning on filtering CSV file
    Be aware that any applied filters limit the data included in the exported CSV file. Ensure your filters are correct before exporting. To quickly remove them, click on the X next to them.

    You can download the contents of the table in the Events section in a CSV (comma-separated values) file. Just click the Export button.

    Export file

    Search the events table

    Type in the search box to show only the rows of the table where the content matches your search.

    Search the events table on the Fluid Attacks platform
    Free trial message
    Free trial
    Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.