Skip to main content
All CollectionsScope & Standards
Triage Scope Instructions
Triage Scope Instructions

Organizations: Set preferences for how Triagers handle reports on assets not listed in your scope

Updated over 4 months ago

If a Triager has a question about an asset not listed in the program scope, they can click the “ask customer for instructions” button, fill out the form, and get the answer directly from your team. You will then receive the request in your program inbox with a button to set up instructions for the Triage team.

Clicking the button will open a modal asking how to handle current and future reports for the asset(s).

  • Choose whether to accept or reject the current asset(s).

  • Select instructions for future reports on that asset

    • Don’t add to program scope, but:

      • Always accept reports from this host

      • Always reject reports from this host

      • Always ask us about reports from this host

  • Check the box below the selection bar if you want to make the asset eligible for bounty

  • Optional: add a message to Triagers

  • Click Send instructions

Your instructions to Triagers directly shape the policy. Items you tag for policy inclusion will be added, while those you omit will be stored separately in settings to manage instructions for out-of-scope assets.

Go to your Organization Settings and click Triage Instructions. Here, you will find a list of all assets not in your policy and the instructions for handling them. You can edit instructions from this screen as well. You can also set general preferences for which group to send these reports to and how to mark them.

Note: The Triage team cannot edit these instructions.

You may receive an alert if your settings will result in no notifications with recommendations to ensure nothing gets lost:

Did this answer your question?