News

Product Roadmap
In Review
VEX Support
new
In Progress
Azure integration
new
Container images analysis
new
PHP SAST Suppport
new
Platform redesign
new
CVSS 4.0 in our platform
new
4 years ago

Organization Analytics View

Since we have the new analytics dashboard, we included some graphics and indicators. Now the time is for organizations' data.

In your organization's dashboard, you will find interesting data about all your groups, such as how many findings or vulnerabilities your entire organization has.

Screenshot from 2020-11-20 12-01-59.png

All these features are the product of a team effort. You can be part of it and create new elements by joining the Fluid Attacks Community or sending your comments to help@fluidattacks.com.

Avatar of authorJuan
4 years ago

About Integrates massive mailing on 2020-09-20

What happened

  • Last Friday (September 20th) there was an incident in which emails about accepted findings were massively sent.
  • We are currently finishing the implementation of the functionality which allows setting a time limit for the acceptation of findings on the platform.
  • The final step of this functionality is to assign a maximum time of three months to all existing findings that have already been accepted. In the process of performing the latter, due to a programming error, the acceptation emails were sent again and multiple times.
  • The programming mistake that was made allowed the script that updates the acceptation dates of findings to be executed repeatedly and without notice from a development workstation.

What we’ve done

  • As of today (September 23rd), the programming errors have been solved and the emails will not be sent again in this process.
  • To avoid future occurrences of this type, we have restricted the credentials that we used to send all the emails, so now a double check is needed to send any of them.

What’s the impact

  • Approximately 100,000 emails were sent to customers. The users that were affected the most were those who had several projects with assumed findings, receiving up to 1100 emails.
  • No finding that had not previously been accepted was modified, nor were their justification and treatment manager modified.

What we are doing to help
With this announcement, customers are being notified that this does not represent a security threat and was only an internal error.

Avatar of authorJuan
4 years ago

About availability issues on 2020-09

What happened

Service interruptions, which have lasted up to 10 minutes during the last week, have the following two explanations:

  1. Due to the exponential growth of the application during the last months, the engine that stored one of Integrates’s databases started to run out of resources. This generated an impact over the response times and general availability of the application.
  2. Integrates is currently allocated in our Kubernetes cluster. As we have been developing an API for it, we created a very memory consuming function. Calls to such function, made in the testing phase by ourselves, caused the cluster nodes to stop working due to lack of memory.

What we’ve done

To fix (1), we:

  • Deployed new infrastructure according to the application’s present and future needs, thus guarantying optimal performance and availability.

To fix (2), we:

  • Created integrates replicas in all the cluster nodes, so we can guarantee high redundancy in case of node unavailability.
  • Established consumption limits for integrates, so we can ensure stability on the infrastructure that is running it.

What’s the impact

Integrates was not accessible during service interruptions, preventing anyone who uses the platform to do any work on it.

What we are doing to help

We will keep closely monitoring all our infrastructure in order to guarantee optimal up and recovery times.


Avatar of authorJuan
4 years ago

About login issues on 2020-09-15

What happened

  • Due to a firewall misconfiguration, users were not able to login.

What we’ve done

  • We reverted the firewall change that caused the issue.

What’s the impact

  • Users were unable to login from 18:43 to 19:11.

What we are doing to help

  • We are working on preparing the application for the new set of firewall rules, including the ones that caused the issue.
Avatar of authorJuan
4 years ago

New Endpoint for Integrates API From October 1st, 2020

From October 1st, 2020, the endpoint for Integrates API will change to integrates.fluidattacks.com/api.

You will only be able to use the Integrates API from the new endpoint.

We strongly recommend you to update your scripts ASAP to avoid unexpected behaviors.

All these features are the product of a team effort. You can be part of it and contribute to the creation of new elements by joining the Fluid Attacks Community or sending your comments to help@fluidattacks.com.

Avatar of authorJuan
4 years ago

Change of Integrates Domain From October 1st, 2020

From October 1st, 2020, the Integrates domain will change to:
integrates.fluidattacks.com.

You will only be able to access our system on the new domain.

All these features are the product of a team effort. You can be part of it and contribute to the creation of new elements by joining the Fluid Attacks Community or sending your comments to help@fluidattacks.com.

Avatar of authorJuan
4 years ago

Service Status

You can now check the service status of Integrates, the Integrates API and Fluid Attacks’ website in the following link (included at the bottom of our website):
https://status.fluidattacks.com/

WebStatus.PNG

All these features are product of a team effort. You can be part of it and create new elements by joining the Fluid Attacks Community or sending your comments to help@fluidattacks.com.

Avatar of authorJuan
4 years ago

About low performance on 2020-09-07

What happened

  • As ephemeral environments were in process of being migrated to a new Kubernetes cluster,
    changes to Integrates internal ports were made. Such changes triggered an error
    as readiness probes were not properly modified for such change.

What we’ve done

  • After identifying the problem, we pushed a fix for the readiness probes.

What’s the impact

  • Downgraded performance from 6pm to 7:30pm

What we are doing to help

  • We are working on improving our Integrates Kubernetes manifests
    by placing them all together, by doing this relevant files
    won’t be missed when infra related changes occur
Avatar of authorJuan
4 years ago

Group Creation

With the introduction of organizations, Integrates changed the way of group creation.

To create a new group:

From the Groups tab, you can add a new project to be evaluated with the services you require.

  • Access to Integrates (required)
  • Active Drills and Forces services according to your needs

After creating a new group, do not forget to add all the information from the repositories and environments to the Group’s Scope tab.

unnamed (1).png

All these features are the product of a team effort. You can be part of it and create new features by joining the Fluid Attacks Community or sending your comments to help@fluidattacks.com.

Avatar of authorJuan
4 years ago

Bitbucket Login

Until this time, only Google or Azure users could log in and use Integrates.

It is my pleasure to announce that we have a new login method.

Screenshot from 2020-11-20 12-16-02.png

Welcome, Bitbucket, to our family!

Avatar of authorJuan