There are several actions you can take on a report in your inbox. You can:
Add a comment
Delete attachments
Mention users
Close a report
Change the state
Assign a report
Unassign a report
Set an award
Set traige instructions
Add a Comment
You can dialogue with hackers, team members, and groups or make notes about the report by adding comments.
To add a comment:
Go to the bottom of the report above the comment box.
Make sure the action picker is set to Add comment.
Select who you would like to make the comment visible to. You can select from these options:
Option | Details |
Team only | Only the members of your program will be able to view the comments. |
All participants | All participants of the report will be able to view the comment. |
Note: When adding a comment to your internal team only, the comment box will turn red.
Delete All Attachments from a Report
This action is available to users with the report_management
permission and is irreversible, meaning the attachments are completely removed from the systems. If a report contains attachments either in the vulnerability information or within activities, the "Delete All Attachments" option will be visible.
Note: This action cannot be undone. Once confirmed, all attachments will be permanently removed from the report.
Open the report containing the attachments you want to delete.
If there are attachments, you will see the Delete all attachments option in the right sidebar. Click the Delete all attachments option.
βA confirmation dialog will appear. Confirm the action by clicking the Delete button.
βAfter deletion, a placeholder will replace each attachment, and a new activity will be created to record this action, making it visible to all report participants.
β
Mention Users or Groups
In the comment box, type @ followed by the first few letters of the person or group that you want to mention in the comment. You can also see the number of members in that group and a group icon.
Close a Report
You can close a report to mark that it's:
Resolved
Informative
Not Applicable
Duplicate
Spam
To close a report:
Go to the bottom of the report above the comment box.
Select Close report in the action picker.
Select the status of the report in the Select status action picker.
Click Close report.
Change the State
You can change the state of a report to be marked as either triaged or new. This will help you keep track of what state your report is in.
To change the state of a report:
Go to the bottom of the report above the comment box.
Change the action picker from Add comment to Change state from the drop-down.
Select the state of the report and click Change state. You can choose from:
Option | Details |
Triaged | The report has passed the initial validation and is pending resolution. You can briefly describe the next steps in the comments section, such as further investigation, escalation, and engineer preparing a fix.
|
New | The report is pending triage and validation. |
Assign a Report
You can assign reports to individual members or groups in your program to evaluate and take action on a report.
To assign a report:
Go to the bottom of the report above the comment box.
Change the action picker from Add comment to Assign report from the drop-down.
Enter the username of the assignee or the group.
Click Assign report.
Unassign a Report
Once a report has been assigned, you can elect to unassign a report.
To unassign a report:
Go to the assigned report in your inbox.
Change the action picker to Unassign report from the drop-down.
Click Unassign report.
No one will be assigned to the report. You can reassign the report by following the steps in the Assign a Report section.
Set an Award
You can mark that you've rewarded a hacker with swag or a monetary amount by setting awards.
To set an award to a hacker for the report:
Go to the bottom of the report above the comment box.
Change the action picker from Add comment to Set award from the drop-down.
Select the type of award you want to reward the hacker with and click Set award. You can choose from the options below.
Option | Details |
Amount | Mark that you've rewarded the hacker with a specific dollar amount for the vulnerability. |
None (ineligible) | The report is ineligible for a bounty. It's best to explain why the report is ineligible to hackers in the comments section. |
Suggest amount | Suggest a bounty amount to award the hacker. Only internal members of your program will be able to view your bounty suggestion. |
Swag | Mark that you've rewarded the hacker with swag. |
Set Triage Instructions
If a Triager has a question about an asset not listed in the program scope, they can click the Ask customer for instructions button, fill out the form, and get the answer directly from your team. Learn more here.