Notifications are an excellent way for you to have an up-to-date understanding of the activity concerning your system’s vulnerabilities and your groups on our platform. These notifications are sent directly to your email address or mobile phone (via SMS). You are free to customize the notifications you wish to receive in the Notifications section on the platform.

To access this section, you need to click on the user information drop-down menu and choose then Notifications. By toggling the on/off button, you can enable or disable the delivery of each notification to your registered email or mobile phone.

The following are the kinds of notifications we send from the platform.

Notifications for clients

Vulnerability assignment

If you enable these notifications, you will receive an email when a vulnerability is assigned to you, informing you of its location and the group where it was reported. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, you will be directed to that type of vulnerability on the platform.

Treatment updates

If you enable these notifications, you will receive an email whenever new treatments for vulnerabilities are defined or changes to them occur within your organization. This notification will inform you of the type of vulnerability, the group where it was reported, who defined the treatment and what treatment it is. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, you will be directed to that type of vulnerability on the platform.

Inactivity alert

If you are a user manager and enable these notifications, you will receive an email when three weeks have elapsed since you last logged in to the platform.

Note: Regardless of their role, all members are automatically removed after 90 days of inactivity.

Access granted

To join a specific organization or group on our platform, an invitation from a user manager is required, which you must confirm. Upon receiving an invitation, you'll be notified via email: "Access granted to [group's name] on the platform by Fluid Attacks." This email includes details about the inviter, the group's name, description, and a link to our Privacy Policy, which you must agree to upon confirming the invitation. This confirmation grants you access to the platform. At the bottom of the email, two buttons are provided: one to Confirm access and the other to Reject access. Please note that you have seven calendar days to confirm the invitation before it expires.

Note: This notification will also be sent to authors who have not joined the platform.

Root updates

Role required: User Manager

Root added

This notification is generated when a new root is to be created in the Scope section. The information displayed in this notification refers to the fields validated to make a root. The role that will receive this notification is User Manager.

Root moved

Our platform makes it possible to correct errors such as having created a root in the wrong group. If you enable Root updates notifications, you will receive a Root Moved email whenever a root is moved to another group. The message includes which root was moved, where from and where to.

Root deactivated

Our platform allows you to deactivate a root when it does not exist anymore, was changed, or added by mistake. You can also deactivate roots for which you no longer want an assessment. If you enable Root updates notifications, you will receive a Root Deactivated email along with the reason for deactivation, how long the root was registered on our platform and the closed vulnerabilities that were found with SAST and DAST.

Updated root

This notification is created when updating an existing root in the Scope section. Any field that is updated or information is changed will be notified. The role that receives this email is the User Manager.

Group vulnerabilities report

Role required: Vulnerability Manager or User Manager

Vulnerability alert

If you enable these notifications, you will get emails informing you when Fluid Attacks identifies (or your team remediates) a vulnerability in your systems with a critical or high severity score. The message will contain the type of vulnerability and its severity. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, it will send you to the reported type of vulnerability on the platform.

Event alert

If you enable these notifications, you will receive emails telling you when a new event is reported and solved in a group. The message will include the type of event, the date when it was created and the elapsed days without a solution. Additional emails are sent when:

• Seven days have passed and the event is still open and unsolved;
• Thirty days have passed and the event is still open and unsolved;
• The event is solved.

At the end of the message, you will see a button that says Go to event. When you click on it, it will send you to the report of the event on the platform.

Policies update

Role required: User Manager

Treatment report

Role required: Vulnerability Manager or User Manager

User unsubscription

Role required: User Manager

DevSecOps agent token

Role required: User Manager

Updated group information

Role required: User Manager

Updated services

Role required: User Manager

File report

Role required: User Manager

Environment report

Role required: User Manager

Portfolio report

Role required: User Manager

Root status

Role required: User Manager

Confirm deletion

This notification will arrive when a user decides to delete their account from our platform.

API deprecation notice

This notification will be sent to all users with an API token, reminding them which fields of the API token will be deleted in the following month.

Missing registered environments

Role required: Vulnerability Manager or User Manager

Consulting digest

Plan required: Advanced

Temporary treatment alert

This notification will be sent daily to the users with vulnerabilities assigned under the Temporarily Accepted treatment, having just seven or fewer days until the end of this treatment. This notification will report all vulnerabilities classified according to the group.

Group alert

This notification is generated when a group is removed from the platform, notifying all users of that group.

Event digest

If you activate these notifications, you will receive a list of all the events generated the previous day in all the groups you can access on the platform. This notification is sent daily but will only be sent if events have been generated in that period.

DevSecOps expiration

This notification will notify you seven days before the agent's token expires, giving you enough time to regenerate a new token. This notification will be sent to users who have the User role. You can activate this in the notification matrix in group information.

Connector down

If you use the "Connector" connection, you will receive weekly notifications when the connector status is down, alerting you if there is connectivity disruption.

Free-trial-exclusive notifications

Free trial start

This notification will be sent to new users who have completed the enrollment, i.e., when the user completes the process of creating the repository, the organization and the group.

Abandoned trial

If you are a user who started the free trial registration you will receive this notification reminding you that you are just a few steps away from completing the self-enrollment where you can use and enjoy all the benefits of the platform free of charge for 21 days.

Add repositories

If you are a user who successfully completed the free trial registration you will receive this notification telling you that you can add more repositories to scan for vulnerabilities.

Add members

If you are a user who completed the free trial registration successfully, you will receive this notification informing you that you can add more team members or co-workers who can use the platform to review vulnerabilities and contribute to vulnerability fixes.

Define treatments

This notification will be sent to you if you are a user who has completed the free trial registration encouraging you to apply the different treatments to your vulnerabilities to orderly manage them.

DevSecOps agent

This notification will be sent to you if you are a user who completed the free trial registration We recommend that users install the agent on their CI to avoid passing to open production vulnerabilities.

Trial reports

If you are a user who completed the free trial registration and are enjoying the Continuous Hacking solution, you will receive this notification where we remind you that you can download the reports with information about your vulnerabilities.

Free trial over

Once you receive this notification, you will receive an email informing you that the free trial is over. You can continue to enjoy Continuous Hacking by contacting a salesperson or having a Customer Success section to give Fluid Attacks feedback on your experience using the platform.

CS Improve

When you receive this notification, you will receive an email invitation to a Customer Success section. In this section, we want to hear from our new users how they have experienced the platform, improvement areas, and features to highlight.

Support channels

This notification will be sent to you if you are a user who completed the free trial registration and is enjoying the Continuous Hacking service. We will remind you that we have several support channels you can use when you have questions, concerns, or need help on the platform.

Trial ended

When you receive this notification, you will receive an email reminding you that the Free Trial has ended and you enjoyed the 21 free days of the Continuous Hacking plan. With this reminder, you can continue with the service by contacting a salesperson, or you can also download the information on the vulnerabilities reported in that time of usability of the platform.

Trial ending

If you receive this notification, you will receive an email that your Free Trial plan will end in three days. Here you have two options: Contact a salesperson or download all the vulnerabilities reported in that time.

Upgrade to Advanced

You will receive an email notifying you of Advanced plan benefits for our platform, inviting our new users to include this plan in the vulnerability validation of their software.

Notifications exclusive to Fluid Attacks staff

Draft updates

New draft

When reporting a vulnerability in a group, hackers may need to add a type of vulnerability in which to include it. In this scenario, they must submit a vulnerability draft. If you enable Draft updates notifications, you will receive an email telling you when a draft is submitted for revision.

Draft rejected

If you enable Draft updates notifications, you will receive an email telling you when a draft is rejected (its status then changes to not-submitted). The message tells you who rejected it, the name of the type of vulnerability and who had submitted it. At the end of the message, you will see a button that says Go to draft. When you click on it, it will direct you to the draft.

Vulnerability updates

Vulnerability remediated

If you are part of Fluid Attacks' Reattack Team and enable Vulnerability updates notifications, you will receive email notifications when a client asks to verify the fix they have implemented for a vulnerability with a reattack. The message contains who requests the reattack, what vulnerability type is said to be remediated and in which group. At the end of the message, you will be presented with a button that says Go to type of vulnerability, which will lead you to the type of vulnerability in question.

Type of vulnerability deleted

If you enable Vulnerability updates notifications, you will receive email notifications when a type of vulnerability or a draft are removed by a hacker, reviewer or architect. The message will contain who removed it, in which group, the name of the type of vulnerability, the ID and the justification.