Your Cobalt Contract

Learn what to expect when your organization’s contract is active or expires.

When Your Contract is Active

Once you’ve signed a contract with Cobalt and purchased credits, you get access to our Pentest as a Service (PtaaS) platform. You can start using your credits from the start date of your contract. Credits are not available prior to that date.

When your organization’s contract is active, you have full access to the platform, as determined by your user role. If your role allows, you can:

• Launch pentests to test your assets.
• Remediate findings and submit them for retest.
• View and download pentest reports once they’re ready.
• Collaborate on pentests.
• Use other platform features, as determined by your PtaaS tier.

When Your Contract Expires

When your organization’s contract is about to expire, we notify you in advance. Organization users get notifications reminding them to renew the contract.

• Be sure to start your pentests at least 30 days before your contract expires, if you have credits remaining.
  • The standard testing period is 14 days. It may vary depending on the pentest scope and other factors.
• Submit your findings for retest at least 10 days before your contract expires. Learn more about the free retesting duration.
• Download the data you need before we revoke your access to the platform.

After the contract expiration date, a 15-day grace period starts.

• Within the grace period, you still have access to the platform. Be sure to download the data you need within this time frame.
• Your remaining credits expire.
• You can no longer submit pentests for review or findings for retest.

Once the grace period is over, we revoke access to the platform from all organization users. If you renew your contract, you’ll get full access to the platform and your organization data.

Download Your Organization’s Data

To export data for your organization, you can:

Use the Cobalt API

Read our API documentation for details. You can send API requests to retrieve the following data:

• Pentests
  • All pentests
  • All pentest findings
  • A pentest report
• Engagements
  • All engagements
  • All engagement findings
• DAST
  • All DAST targets
  • All DAST findings

Manually download data in the Cobalt app

Select the key next to each item below for specific instructions.

All findings for a pentest:

1. On the pentest page, navigate to the Findings tab.
2. To clear all filters, select Clear all.
3. Select Download.

A pentest report:

1. On the pentest page, navigate to Report.
2. For Comprehensive and In-House pentests, select the report type.
3. Select Download.

An engagement report:

1. On the engagement page, navigate to the Report tab.
2. Select the report type.
3. Select Download.

All findings across different test types:

1. On the main Findings page, apply any filters as needed.
2. Select Download.

All Attack Surface domains:

1. On the Attack Surface page, select a domain.

2. Filter targets by Seen, Unused, or All, and apply any additional filters as needed.
3. Select Download CSV.

A DAST report:

1. On the DAST Scanner page, navigate to the Targets tab.
2. For any one target, select Download.
3. Select from a list of report types to download.
   • The same option is available on the Scans page and individual scan details page.

Insights:

1. On the Insights page, apply any filters as needed.
2. Select Download.

Credit ledger:

• On the Credits page, select Download CSV.