Skip to main content

Matrix of notifications

Notifications are an excellent way for you to have an up-to-date understanding of the activity concerning your system’s vulnerabilities and your groups on the ASM. These notifications are sent directly to your email address. You are free to customize the notifications you wish to receive in the Notifications section on the ASM. To access this section, you need to click on the User information drop-down menu and choose Notifications. There, you will be presented with a matrix where you can turn on/off different kinds of email notifications.

Matrix

The following are the kinds of notifications we send from the ASM.

Types of notifications

Vulnerability assignment

If you enable these notifications, you will receive an email when a vulnerability is assigned to you, informing you of its location and the group where it was reported. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, you will be directed to that type of vulnerability on the ASM.

Vulnerability Assignment

Treatment updates

If you enable these notifications, you will receive an email whenever new treatments for vulnerabilities are defined or changes to them occur within your organization. This notification will inform you of the type of vulnerability, the group where it was reported, who defined the treatment and what treatment it is. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, you will be directed to that type of vulnerability on the ASM.

Treatment Updated

Inactivity alert

If you are a user manager and enable these notifications, you will receive an email when three weeks have elapsed since you last logged in to the ASM.

Inactivity Alert

Access granted

To be a part of a specific organization or group on the ASM, a user manager must send you an invitation and you must confirm it. When you are invited, you will get a notification email with the subject "Access granted to [group’s name] on ASM by Fluid Attacks." The message informs you who invited you, the group’s name and its description. It also provides you with a link to our Privacy Policy, to which you agree if you confirm the invitation and, by so doing, your access to the ASM. At the end of the message, you will find two buttons, one to Confirm access and the other to Reject access. You will have seven calendar days to confirm, after which the invitation will expire.

Access Granted

Consulting

If you enable these notifications, every time someone posts a comment concerning a group, a specific vulnerability or an event, you will get a New Comment email showing the comment, who made it and where. At the end of the message, you will be presented with a button that says Go to comment, which will lead you to the comment on the ASM upon clicking it.

Consulting

Root updates (root moved)

Our attack surface management platform makes it possible to correct errors such as having created a root in the wrong group. If you enable Root updates notifications, you will receive a Root Moved email whenever a root is moved to another group. The message includes which root was moved, where from and where to.

Root Moved

Root updates (root deactivated)

Our attack surface management platform allows you to deactivate a root when it does not exist anymore, was changed, or added by mistake. You can also deactivate roots for which you no longer want an assessment. If you enable Root updates notifications, you will receive a Root Deactivated email along with the reason for deactivation, how long the root was registered on the ASM and the closed vulnerabilities that were found with SAST and DAST.

Root Deactivated

Daily digest

If you enable these notifications, you will receive daily emails with updates on noteworthy activity and vulnerabilities in your subscribed groups.

Daily Digest

Analytics report

If you enable these notifications, you will receive an email daily, weekly or monthly containing the report of your organization, group or portfolio Analytics sections. You just need to subscribe by clicking on the button at the end of any of the Analytics sections on the ASM and selecting one of the periodicity options. The message will include charts and data on the status and characteristics of reported vulnerabilities and your remediation practices.

Analytics Report

Report available

If you order a report of your group, you will receive an email that will allow you to download the report by clicking on the button Go to report. Your access will be granted for one hour only.

Report Available

Vulnerability alert

If you enable these notifications, you will get emails that will inform you when Fluid Attacks identifies (or your team remediates) a vulnerability in your systems with a critical or high severity score. The message will contain the type of vulnerability and its severity. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, it will send you to the reported type of vulnerability on the ASM.

Vulnerability Alert

Event alert

If you enable these notifications, you will receive emails telling you when a new event is reported in a group. The message will include the type of event, the date when it was created and the elapsed days without a solution. Additional emails are sent when:

  • seven days have passed and the event is still open and unsolved;
  • thirty days have passed and the event is still open and unsolved;
  • the event is solved.

At the end of the message, you will see a button that says Go to event. When you click on it, it will send you to the report of the event on the ASM.

Event Alert

Policies update

If you are a user manager or customer manager on our attack surface management platform, you will receive emails notifying any updates to your organization’s acceptance policies. The message will include the name of the organization whose policies were changed and the policies’ name and new selected values.

Policies Update

Notifications exclusive to Fluid Attacks staff

Draft updates (new draft)

When reporting a vulnerability in a group, hackers may need to add a type of vulnerability in which to include it. In this scenario, they must submit a vulnerability draft. If you enable Draft updates notifications, you will receive an email telling you when a draft is submitted for revision.

New Draft

Draft updates (draft rejected)

If you enable Draft updates notifications, you will receive an email telling you when a draft is rejected (its status then changes to not-submitted). The message tells you who rejected it, the name of the type of vulnerability and who had submitted it. At the end of the message, you will see a button that says Go to draft. When you click on it, it will direct you to the draft.

Draft Rejected

Vulnerability updates (vulnerability remediated)

If you are part of Fluid Attack’s Reattack Team and enable Vulnerability updates notifications, you will receive email notifications when a client asks to verify the fix they have implemented for a vulnerability with a reattack. The message contains who requests the reattack, what vulnerability type is said to be remediated and in which group. At the end of the message, you will be presented with a button that says Go to type of vulnerability, which will lead you to the type of vulnerability in question.

Vulnerability Remediated

Vulnerability updates (pending to verify)

If you enable Vulnerability updates notifications, you will receive email notifications telling you which reattacks are pending. The email is automatically generated and sent by [email protected] on weekdays at 5:30 AM and 4:30 PM (GMT-5).

Pending To Verify

Vulnerability updates (type of vulnerability deleted)

If you enable Vulnerability updates notifications, you will receive email notifications when a type of vulnerability or a draft are removed by a hacker, reviewer or architect. The message will contain who removed it, in which group, the name of the type of vulnerability, the ID and the justification.

Vulnerability Deleted