Daily Digest

Coming soon is one of several new changes that will replace many of the ways we provide you with information.

You can see in the following image what data you will be able to access day by day through the new Daily Digest:

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

New URL *ACTION REQUIRED*

Our team is continuously working to provide you with a better experience. 

From April 15th, you will be able to access our Attack Surface Manager (formerly called Integrates) through the following URL: http://app.fluidattacks.com/.

We recommend that you bookmark this updated URL for your convenience, as the current URL (https://integrates.fluidattacks.com/) will stop working from the announced date.

Additionally, please be aware that the API's URL will change from integrates.fluidattacks.com/api to http://app.fluidattacks.com/api.

Date Filter

Have data available for making decisions is the dream of any manager. But always, a context is needed. We know that, and that is why in one of our recent deployments, we add a time filter option for these three graphics:

  • Vulnerabilities over the time
  • Mean time to remediate (all vulnerabilities)
  • Mean time to remediate (non treated vulnerabilities)


You can select one of the defined filters:

  • All data
  • Last 90 days
  • Last 30 days

This is useful to evaluate the team effort in specified dates.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.



DevSecOps Agent Token

Security and UX don't always go hand in hand, but it is one of our main goals to keep it together as possible.

A few days ago, we deployed a new DevSecOps agent version that improves its predecessor's stability, performance and usability. This new version comes with some changes to how the agent is going used.

Now, in our ASM scope section (Organization>Groups>GroupName>Scope), you will find DevSecOps Agent Token section. 

Where you can copy required token to execute DevSecOps Agent.

Only group managers could view and copy the token, so if you need to get the token, please contact them.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Vulnerabilities Info

Data is the essence of any organization, and more if that data could help you prevent a security incident.

With more data more effective are the efforts to solve a vulnerability. This is why we add new vulnerability info modal to give all data about reported vulnerabilities.

You can click on the vulnerability that you want more information about in the locations table.

If you think that you need more information, let us know, and we will give you.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Finding age

Know when a finding was reported is essential as to know if a new vulnerability reopened that finding.

You can find three dates to know all about your finding report dates:

  • Age(days): Days since the first vulnerability was reported to your group.
  • Open Age(days): Days since the first open vulnerability was reported to your group.
  • Last report (days): Days since the last vulnerability was reported to your group.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Analytics new graphs

Have the information to make decisions is essential to us, and we know that for you are important too.

We add new graphs to help to understand your vulnerabilities and all your group data. Now you will find these graphics:

  • Vulnerabilities over time in portfolios view
  • How many vulnerabilities by tag
  • How many vulnerabilities by tag
  • Vulnerabilities by treatments
  • Vulnerabilities by reattacks
  • Vulnerabilities by type
  • Total vulnerabilities in portfolios view
  • Accepted vulnerabilities by severity
  • Top 10 Oldest vulnerabilities
  • Top findings (by # vulnerabilities)
  •  Accepted vulnerabilities by user
  • Meantime to remediate for non-treated vulnerabilities

If you have any doubts with these or other metrics do not hesitate to contact us.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Environments in Git Roots

We give more relevance to the most important thing in any app, the source code. Now environments are included in Git Roots.

All source code needs to be deployed in an environment; this is why you need to select a Git Root as the origin of the code deployed in a specific environment.

If you want to add or edit an environment, you need to select the git root associated with the URL.

Add the desired URL, and that's it.


Accepting Vulnerabilities

The essential thing in Integrates is the vulnerabilities. That is why we were implementing some changes to give the vulnerabilities the relevance that they deserve. This is why now you can accept vulnerabilities one by one and define different treatments according to your product strategy.

To accept a vulnerability, go to the Vulnerabilities tab and click on the Edit button:

1.png

After that, select all the vulnerabilities for which you want to change the treatment:

4.png

Then, as usual, select the desired treatment and the person responsible for that treatment (if applicable); finally, provide the justification.

3.png

Now you can check the current treatment for each vulnerability in the vulnerabilities table.

Remember, all features are the product of a team effort. You can be part of it and contribute to creating a new feature by joining the Fluid Attacks Community or sending your comments to help@fluidattacks.com.

Show Previous EntriesShow Previous Entries