AttackForge Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.
The list of supported configuration options is included below and regularly updated.
Custom domain for accessing the application
Enable/Disable emails
default Enabled
Custom domain for all emails
default [email protected]
Whitelisted domains for self-registration via local accounts
default None
Session length
default 30 minutes
Assets Library Module
default Disabled
Give project coordinators access to all new created projects
default Disabled
Email project team when a project is On-Hold
default Enabled
Email project team when a project is Off-Hold
default Enabled
Email project team on Daily Start & Stop Testing Notifications
default Enabled
Email group members with project invites to their groups' projects, after they have been added to a group
default Disabled
Email user on change of IP address from last login
default Enabled
Local account self-registration
default Enabled
Admins require AF MFA on login via SSO
default Disabled
Simultaneous user sessions allowed
default Disabled
Custom email body for new registrations
default None
Custom blacklist for file upload extensions
Enable self-password reset workflow
default Enabled
Custom value for Project Code in the UI
default Project Code
Enable CIA ratings in the Vulnerability Library
default Enabled
Enable Slack
default Disabled
Enable Teams
default Disabled
Enable Discord
default Disabled
Custom default email body for daily start/stop testing email notifications
default None
Custom default additional email addresses for daily start/stop testing email notifications
default None
Custom default email body for project team email notifications e.g. new critical vulnerability
default None
Custom default additional email addresses for project team email notifications
default None
Rich-Text Editor or Text Area for Steps to Reproduce (POC) for project vulnerabilities
default Rich-Text Editor
Text area will disable HTML conversion in reports & exports – to allow for verbatim POCs
Disable default reports (PDF/DOCX/HTML) for all users or just client users – to force use of On-Demand ReportGen reports
default Enabled
Default option for whether a new vulnerability is Visible or Pending – depending on your QA workflow
default Visible
Support for US date format e.g. MM/dd/YYYY
default Disabled
Default value for Project Name field when creating a new project
default None
Default value for Project Code field when creating a new project
default None
Default value for Scoring System field when creating a new project
default CVSSv3.1 Baseline
Default Project Groups when creating a new project
default None
Default Project Team Notifications (e.g. New Critical Vuln, New High Vuln, etc.) when creating a new project
default None
Default Project Admin Notifications (e.g. Vulnerability Ready for Retesting, Vulnerability Closed, etc.) when creating a new project
default None
Support for Middle-East work week e.g. Sunday to Thursday when requesting a new project
default Disabled
Auto-redirect to SSO login on visiting application login page (recommended for SSO-integration tenants with Just-In-Time User Registration)
default Disabled
Custom Email Template Header
default None
Custom Email Template Body Style
default None
Custom Email Template Footer
default None
Replace Likelihood of Exploitation with CVSS Score in Project Vulnerabilities pages/tables
default Disabled
Default ReportGen Project Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Project Custom Tags on a project
default None
Default ReportGen Vulnerability Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Vulnerability Custom Tags in the library
default None
Default ReportGen Affected Assets Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Affected Asset Custom Tags on a project
default None
Enable Password-Protection for all PDF Reports. Prior to download, user will be prompted to enter in strong password
default Disabled