User Guide

Managed Service

The content described in this page is valid for the customers who possess the SaaS & Managed version of SATAYO. If you don’t have it you won’t see this features in SATAYO, but you can read here anyway to understand how it works.



General info

After the initial scan is completed, SATAYO allows you download a report at any time in which the Exposure Assessment Index Value is calculated based on the evidences found. The procedure on how to do it was already explained in the section How does SATAYO work. This applies to all the modalities in which SATAYO is offered, but with the SaaS & Managed version our team will periodically schedule a one-hour meeting with you to discuss the findings, align on what the platform is tracking, discuss any new domain to be added to the organization or any new keywords to be inserted.



Help Center

The Help Center of Wuerth Phoenix, is the place where you can open tickets or requests for malfunctions, informations, help with configurations or anything you need.

The Help Center is based on Atlassian Jira and you need a Jira account to open requests. It can be easily created here. Simply enter your email address and you will receive a link to finalize the registration.

Our analysts will communicate with you through this portal. The opening of tickets and their possible statuses is explained in the next section.

Interface

When you open a link to a ticket, you will see an interface similar to this one:

../../../_images/helpCenter.png


  1. Ticket details may be hidden if there are multiple comments under it, but they can be easily expanded with the Show details button.

  2. From this section the current status of the ticket is shown and you have the option to edit it.

  3. Participants (people who can see and interact with the ticket) are listed here. Additional people can be added if necessary.

  4. From here it is possible to comment on the ticket. After a customer comment, the status automatically changes and becomes Waiting for Support. Similarly, after an analyst comment, the status becomes Waiting for Customer. Your action in required when the ticket is in this status.



Tickets in SATAYO

Jira has been integrated into SATAYO, and in some sections such as domains, vulnerability, market, open bug bounty, general social and sandboxes, you will see a column called Status.

This column may show different options, depending on the status of the ticket. The possible scenarios you can encounter are the following:

../../../_images/ticketCustomer.png


  1. Status and ticket number: Once the ticket is opened, progress and status changes are shown. The link points directly to the ticket in Jira. The status varies as the analysis proceeds.

  2. Status Acknowledged: The ticket was reviewed by an analysts and marked as acknowledged

  3. Blue icon: Clicking on it allows you to write a ticket where you can request a further analysis on the selected evidence

The Acknowledged status is important because it indicates that an analysis was performed, but the evidence was classified as false positive or not dangerous and there was no need to bother the client with a ticket, leaving room for more important communications.

Note

Most of the time we open tickets for suspicious evidences by ourselves, and you will be informed via email notification that a new analysis is available.

Our analysts follow a logic and open tickets by prioritizing the most dangerous evidence, such as credentials for sale in a marketplace, newly created domains, high and critical vulnerabilities, etc.

../../../_images/ticketStatuses.png

This is the workflow with all the different statuses a ticket can have.

  • OPEN, marked in GREY, is the first status of each ticket

  • IN PROGRESS, IN PROGRESS FOR CUSTOMER, WAITING FOR CUSTOMER, WAITING FOR SUPPORT, marked in BLUE, are the statuses that show the ticket is managed by someone, either a customer or an analyst.

  • RESOLVED, CANCELED, RISK ACCEPTED, FALSE POSITIVE, marked in GREEN, are the final statuses of each ticket. When the ticket is closed, it’s in one of these four statuses.

In addition to the status, every opened ticket has two important values: Priority and TLP. The priority value can range from Lowest, Low, Medium, High, Highest, and refers to the severity of the evidence. The TLP is the Traffic Light Protocol value, a standard created by FIRST (https://www.first.org/tlp/) that provides a simple and intuitive scheme for defining the level of sharing of potentially sensitive information. There are four levels of sharing: TLP:RED, TLP:AMBER, TLP:GREEN and TLP:CLEAR.

Additional information

In order to open tickets, your must have a JIRA account associated to your SATAYO account. From Settings -> Support you can check if your account is correctly activated.

../../../_images/registered.png

If you see REGISTERED it means you won’t have problem to open tickets.

Status of the tickets can be checked from Settings -> Status Managed. Here detailed information about tickets are shown. There is a link for each ticket that brings you to the Help Center where you can directly interact with it. When the status of the ticket is in Waiting for Customer it means it’s your turn to open it, read what we analyzed and the mitigation we proposed and comment.