Skip to main content

Matrix of notifications

Notifications are an excellent way for you to have an up-to-date understanding of the activity concerning your system’s vulnerabilities and your groups on the ARM. These notifications are sent directly to your email address or mobile phone (via SMS). You are free to customize the notifications you wish to receive in the Notifications section on the ARM.

To access this section, you need to click on the User information drop-down menu and choose then Notifications. By toggling the on/off button, you can enable or disable the delivery of each notification to your registered email or mobile phone.

Matrix

The following are the kinds of notifications we send from the ARM.

Types of notifications

Vulnerability assignment

If you enable these notifications, you will receive an email when a vulnerability is assigned to you, informing you of its location and the group where it was reported. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, you will be directed to that type of vulnerability on the ARM.

Vulnerability Assignment

Treatment updates

If you enable these notifications, you will receive an email whenever new treatments for vulnerabilities are defined or changes to them occur within your organization. This notification will inform you of the type of vulnerability, the group where it was reported, who defined the treatment and what treatment it is. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, you will be directed to that type of vulnerability on the ARM.

Treatment Updated

Inactivity alert

If you are a user manager and enable these notifications, you will receive an email when three weeks have elapsed since you last logged in to the ARM.

Inactivity Alert

Access granted

To be a part of a specific organization or group on the ARM, a user manager must send you an invitation and you must confirm it. When you are invited, you will get a notification email with the subject "Access granted to [group’s name] on ARM by Fluid Attacks." The message informs you who invited you, the group’s name and its description. It also provides you with a link to our Privacy Policy, to which you agree if you confirm the invitation and, by so doing, your access to the ARM. At the end of the message, you will find two buttons, one to Confirm access and the other to Reject access. You will have seven calendar days to confirm, after which the invitation will expire.

Access Granted

Consulting

If you enable these notifications, every time someone posts a comment concerning a group, a specific vulnerability or an event, you will get a New Comment email showing the comment, who made it and where. At the end of the message, you will be presented with a button that says Go to comment, which will lead you to the comment on the ARM upon clicking it.

Consulting

Root updates (root added)

This notification is generated when a new root is to be created in the Scope section. The information displayed in this notification refers to the fields validated to make a root. The role that will receive this notification is User Manager.

Root Added

Root updates (root moved)

Our Attacks Resistance Management platform makes it possible to correct errors such as having created a root in the wrong group. If you enable Root updates notifications, you will receive a Root Moved email whenever a root is moved to another group. The message includes which root was moved, where from and where to.

Root Moved

Root updates (root deactivated)

Our Attacks Resistance Management platform allows you to deactivate a root when it does not exist anymore, was changed, or added by mistake. You can also deactivate roots for which you no longer want an assessment. If you enable Root updates notifications, you will receive a Root Deactivated email along with the reason for deactivation, how long the root was registered on the ARM and the closed vulnerabilities that were found with SAST and DAST.

Root Deactivated

Updated root

This notification is created when updating an existing root in the Scope section. Any field that is updated or information is changed will be notified. The role that receives this email is the User Manager.

Root Updated

Analytics report

If you enable these notifications, you will receive an email daily, weekly or monthly containing the report of your organization, group or portfolio Analytics sections. You just need to subscribe by clicking on the button at the end of any of the Analytics sections on the ARM and selecting one of the periodicity options. The message will include charts and data on the status and characteristics of reported vulnerabilities and your remediation practices.

Analytics Report

Technical report

If you order a report of your group, you will receive an email that will allow you to download the report by clicking on the button Go to report. Your access will be granted for one hour only.

Report Available

Vulnerability alert

If you enable these notifications, you will get emails that will inform you when Fluid Attacks identifies (or your team remediates) a vulnerability in your systems with a critical or high severity score. The message will contain the type of vulnerability and its severity. At the end of the message, you will see a button that says Go to type of vulnerability. When you click on it, it will send you to the reported type of vulnerability on the ARM.

Vulnerability Alert

Event alert

If you enable these notifications, you will receive emails telling you when a new event is reported and solved in a group. The message will include the type of event, the date when it was created and the elapsed days without a solution. Additional emails are sent when:

  • seven days have passed and the event is still open and unsolved;
  • thirty days have passed and the event is still open and unsolved;
  • the event is solved.

At the end of the message, you will see a button that says Go to event. When you click on it, it will send you to the report of the event on the ARM.

Event Alert

Policies update

If you are a user manager or customer manager on our Attacks Resistance Management platform, you will receive emails notifying any updates to your organization’s acceptance policies. The message will include the name of the organization whose policies were changed and the policies’ name and new selected values.

Policies Update

Treatment expiration alert

If you are a user manager, customer manager, vulnerability manager or resourcer and enable these notifications, you will receive an email or an SMS seven days and one day before the end of the time set for the temporary acceptance of a vulnerability.

Treatment Expiration Alert

Treatment report

If you are a user manager or vulnerability manager, you will receive an email when a vulnerability has Temporarily Accepted treatment request and acceptance.

Treatment Report

User unsubscription

This notification will be triggered when any user unsubscribes from any ARM group. It is enabled for the User Manager role.

User Unsubscription

DevSecOps agent token

You will receive this notification when a new token is updated for your agent to implement in the pipeline. It will be sent by email or SMS to the User Manager role.

Agent Token

Updated group information

This notification will be generated if any information of the group is edited or modified. The User Manager role will be notified by email.

Updated Group

Updated services

If you are a User Manager, you will receive this notification via email called Services Updated, which will be generated when any of the Services fields in the Scope tab are modified.

Updated Services

File report

If you are a User Manager, you will receive this notification via email, which will be generated when a file is added or deleted in the Files section in the Scope tab.

File Report

Environment report

If you are a User Manager, you will receive the Environment Report notification, which will be generated when a new environment has been created, edited, or deleted.

Environment Report

Portfolio report

This notification will be generated when adding or deleting a tag in the Portfolio section of the Scope tab. This email will be sent to the User Manager role.

Portfolio Report

Root status

This notification will be generated when any situation affects registered root and Fluid Attacks team can't clone or access the root. The User Manager role will be notified by email with this.

Root Cloning

Confirm deletion

This notification will arrive when a user decides to delete the ARM account.

Confirm Deletion

API Deprecation Notice

This notification will be sent to all ARM users with an API token, reminding them which fields of the API token will be deleted in the following month.

Deprecation Notice

Missing registered environments

If you are a User Manager or Vulnerability Manager, you will receive this notification via email called Missing Registered Environments, which will be generated when no environments have been registered in a group.

Missing Environments

Exclusive Free Trial notifications

Free trial start

This notification will be sent to new users who have completed the enrollment, i.e., when the user completes the process of creating the repository, the organization and the group.

Trial Start

Abandoned trial

If you are a user who started the ARM free trial registration you will receive this notification reminding you that you are just a few steps away from completing the self-enrollment where you can use and enjoy all the benefits of the platform free of charge for 21 days.

Abandoned trial

Add repositories

If you are a user who successfully completed the ARM free trial registration you will receive this notification telling you that you can add more repositories for vulnerability scanning of these.

Add repositories

Add stakeholders

If you are a user who completed the ARM free trial registration successfully, you will receive this notification informing you that you can add more team members or co-workers who can use the platform to review vulnerabilities and contribute to vulnerability fixes.

Add stakeholders

Analytics notification

This notification will be sent to you if you are a user who has completed the ARM free trial registration letting you know what information you can find in the ARM Analytics, encouraging you to explore this section.

Analytics notification

Define treatments

This notification will be sent to you if you are a user who has completed the ARM free trial registration encouraging you to apply the different treatments to your vulnerabilities to orderly manage them.

Define treatments

Devsecops agent

This notification will be sent to you if you are a user who completed the ARM free trial registration We recommend that users install the agent on their CI to avoid passing to open production vulnerabilities.

Devsecops agent

Trial reports

If you are a user who completed the ARM free trial registration and are enjoying the Continuous Hacking service, you will receive this notification where we remind you that you can download the reports with information about your vulnerabilities.

Reports

Free trial over

Once you receive this notification, you will receive an email informing you that the free trial is over. You can continue to enjoy Continuous Hacking by contacting a salesperson or having a CS section to give us feedback on your experience using the platform.

Free trial over

CS Improve

When you receive this notification, you will receive an email invitation to a Customer Success section. In this section, we want to hear from our new users how they have experienced the platform, improvement areas, and features to highlight.

CS section

Support channels

This notification will be sent to you if you are a user who completed the ARM free trial registration and is enjoying the Continuous Hacking service. We will remind you that we have several support channels you can use when you have questions, concerns, or need help on the platform.

Support

Trial ended

When you receive this notification, you will receive an email reminding you that the Free Trial has ended and you enjoyed the 21 free days of the Continuous Hacking plan. With this reminder, you can continue with the service by contacting a salesperson, or you can also download the information on the vulnerabilities reported in that time of usability of the platform.

Trial done

Trial ending

If you receive this notification, you will receive an email that your Free Trial plan will end in three days. Here you have two options: Contact a salesperson or download all the vulnerabilities reported in that time.

Trial ending soon

Upgrade squad

You will receive an email notifying you of the squad plan benefits for our ARM, inviting our new users to include this plan in the vulnerability validation of their software.

Squad

Notifications exclusive to Fluid Attacks staff

Draft updates (new draft)

When reporting a vulnerability in a group, hackers may need to add a type of vulnerability in which to include it. In this scenario, they must submit a vulnerability draft. If you enable Draft updates notifications, you will receive an email telling you when a draft is submitted for revision.

New Draft

Draft updates (draft rejected)

If you enable Draft updates notifications, you will receive an email telling you when a draft is rejected (its status then changes to not-submitted). The message tells you who rejected it, the name of the type of vulnerability and who had submitted it. At the end of the message, you will see a button that says Go to draft. When you click on it, it will direct you to the draft.

Draft Rejected

Vulnerability updates (vulnerability remediated)

If you are part of Fluid Attack’s Reattack Team and enable Vulnerability updates notifications, you will receive email notifications when a client asks to verify the fix they have implemented for a vulnerability with a reattack. The message contains who requests the reattack, what vulnerability type is said to be remediated and in which group. At the end of the message, you will be presented with a button that says Go to type of vulnerability, which will lead you to the type of vulnerability in question.

Vulnerability Remediated

Vulnerability updates (pending to verify)

If you enable Vulnerability updates notifications, you will receive email notifications telling you which reattacks are pending. The email is automatically generated and sent by [email protected] on weekdays at 5:30 AM and 4:30 PM (GMT-5).

Pending To Verify

Vulnerability updates (type of vulnerability deleted)

If you enable Vulnerability updates notifications, you will receive email notifications when a type of vulnerability or a draft are removed by a hacker, reviewer or architect. The message will contain who removed it, in which group, the name of the type of vulnerability, the ID and the justification.

Vulnerability Deleted