If a Triager has a question about an asset not listed in the program scope, they can click the “ask customer for instructions” button, fill out the form, and get the answer directly from your team. You will then receive the request in your program inbox with a button to set up instructions for the Triage team.
Clicking the button will open a modal asking how to handle current and future reports for the asset(s).
Choose whether to accept or reject the current asset(s).
Select instructions for future reports on that asset
Don’t add to program scope, but:
Always accept reports from this host
Always reject reports from this host
Always ask us about reports from this host
Check the box below the selection bar if you want to make the asset eligible for bounty
Optional: add a message to Triagers
Click Send instructions
Your instructions to Triagers directly shape the policy. Items you tag for policy inclusion will be added, while those you omit will be stored separately in settings to manage instructions for out-of-scope assets.
Go to your Organization Settings and click Triage Instructions. Here, you will find a list of all assets not in your policy and the instructions for handling them. You can edit instructions from this screen as well. You can also set general preferences for which group to send these reports to and how to mark them.
Note: The Triage team cannot edit these instructions.
You may receive an alert if your settings will result in no notifications with recommendations to ensure nothing gets lost: