Configuration Options

AttackForge Core & Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.
The list of supported configuration options is included below and regularly updated.
You can access most of the configurations options via Administration module.
Whitelabel
Custom domain for accessing the application
Custom domain for all emails
default [email protected]
Emails
Enable/Disable emails 
default Enabled
Custom Email Template Header
Custom Email Template Body Style
Custom Email Template Footer
Email project team when a project is On-Hold
default Enabled
Email project team when a project is Off-Hold
default Enabled
Email project team on Daily Start & Stop Testing Notifications
default Enabled
Email group members with project invites to their groups' projects, after they have been added to a group
default Disabled
Email user on change of IP address from last login
default Enabled
Email Admins When New User Is Created
default Enabled
Custom email body for new self-registrations
Email New User Welcome Message
default Enabled
Custom email subject for all new manually created/invited users
Custom email body for all new manually created/invited users
Custom default email body for INDIVIDUAL new vulnerability notifications
Custom default email body for GROUPED new vulnerability notifications
Custom default additional email addresses for project team email notifications
default None
Custom email body for daily start/stop testing email notifications
Custom additional email addresses for daily start/stop testing email notifications
default None
Custom Emails
See Custom Emails​
Vulnerabilities
Enable Remediation Plan For Vulnerabilities
default Disabled
Enable Zero-Day (0-day) Field For Vulnerabilities
default Enabled
Enable CIA ratings in the Vulnerability Library
default Enabled
Enable Severity Field in the Vulnerability Library
default Enabled
Enable Likelihood of Exploitation Field in the Vulnerability Library
default Enabled
Enable CVSS Scoring Fields in the Vulnerability Library
default Enabled
Rich-Text Editor or Text Area for Steps to Reproduce (POC) for project vulnerabilities
default Rich-Text Editor
Text area will disable HTML conversion in reports & exports – to allow for verbatim POCs
Default Steps to Reproduce (Proof of Concept) for all new vulnerabilities on a project
default Empty
Default Notes for all new vulnerabilities on a project
default None
Default option for whether a new vulnerability is Visible or Pending – depending on your QA workflow
default Visible
Projects
Default / Placeholder Executive Summary for New Projects
default None
Display 'Organization Code' field in Project Requests & New Project Creation forms. Also displays a new column on Projects table.
default Disabled
Give project coordinators access to all new created projects
default Disabled
Custom value for Project Code in the UI 
default Project Code
Default value for Project Name field when creating a new project
default None
Default value for Project Code field when creating a new project
default None
Default value for Scoring System field when creating a new project
default CVSSv3.1 Baseline
Default Project Groups when creating a new project
default None
Default Project Team Notifications (e.g. New Critical Vuln, New High Vuln, etc.) when creating a new project
default None
Default Project Admin Notifications (e.g. Vulnerability Ready for Retesting, Vulnerability Closed, etc.) when creating a new project
default None
Default Portfolios / Streams when Creating New Project
default None
Replace Likelihood of Exploitation with CVSS Score in Project Vulnerabilities pages/tables
default Disabled
Reporting
Default ReportGen Individual Report Template
default None
Disable ReportGen Group Reports
default No
Disable custom reports (ReportGen) for all users
default No
Disable default reports (PDF) for all users
default No
Disable default reports (DOCX) for all users
default No
Disable default reports (HTML) for all users
default No
Disable csv export (CSV) for all users
default No
Disable json export (JSON) for all users
default No
Disable custom reports (ReportGen) for just client users
default No
Disable default reports (PDF) for just client users
default No
Disable default reports (DOCX) for just client users
default No
Disable default reports (HTML) for just client users
default No
Disable csv export (CSV) for just client users
default No
Disable json export (JSON) for just client users
default No
Enable Password-Protection for all PDF Reports. Prior to download, user will be prompted to enter in strong password
default Disabled
Libraries
Imported Vulnerabilities Library - Allowed Users & Roles
default Everyone
Project Vulnerabilities Library - Allowed Users & Roles
default Everyone
Custom Vulnerability Libraries with Access Controls
default None
Custom Fields - Projects
Custom fields & forms for Projects
See Custom Fields & Forms​
Custom Fields - Project Requests
Custom fields & forms for Project Requests
See Custom Fields & Forms​
Project Request 'Project Name' Field Sort Order
default None
Project Request 'Project Name' Field Label
default Project Name
Project Request 'Project Name' Field Placeholder
default E.g. Corporate Website Pentest
Project Request 'Assets to be Tested (Scope)' Field Sort Order
default None
Project Request 'Assets to be Tested (Scope)' Field Label
default Assets to be Tested (Scope)
Project Request 'Assets to be Tested (Scope)' Field Placeholder
default Select asset(s)
Display 'Project Code' Field on Project Requests?
default Yes
Project Request 'Project Code' Field Sort Order
default None
Project Request 'Project Code' Field Label
default Project Code
Project Request 'Project Code' Field Placeholder
default E.g. CODE001
Display 'Associated Groups' Field on Project Requests?
default Yes
Project Request 'Associated Groups' Field Sort Order
default None
Project Request 'Associated Groups' Field Label
default Associated Groups
Project Request 'Associated Groups' Field Placeholder
default Select group(s)
Display 'Reason Testing Is Required (Justification)' Field on Project Requests?
default Yes
Project Request 'Reason Testing Is Required (Justification)' Field Sort Order
default None
Project Request 'Reason Testing Is Required (Justification)' Field Label
default Reason Testing Is Required (Justification)
Project Request 'Reason Testing Is Required (Justification)' Field Placeholder
default E.g new application, annual pentest, etc.
Display 'Testing to be Performed' Field on Project Requests?
default Yes
Project Request 'Testing to be Performed' Field Sort Order
default None
Project Request 'Testing to be Performed' Field Label
default Testing to be Performed
Project Request 'Testing to be Performed' Field Placeholder
default Select test type(s) to be performed
Project Request 'Testing to be Performed' Field Type
default Multi-Select
Display 'Desired Start Date' Field on Project Requests?
default Yes
Project Request 'Desired Start Date' Field Sort Order
default None
Project Request 'Desired Start Date' Field Label
default Select a date
Project Request 'Desired Start Date' Field Placeholder
default Desired Start Date
Display 'Desired Completion Date' Field on Project Requests?
default Yes
Project Request 'Desired Completion Date' Field Sort Order
default None
Project Request 'Desired Completion Date' Field Label
default Desired Completion Date' Field
Project Request 'Desired Completion Date' Field Placeholder
default Select a date
Display 'Desired Test Window' Field on Project Requests?
default Yes
Project Request 'Desired Test Window' Field Sort Order
default None
Project Request 'Desired Test Window' Field Label
default Desired Test Window
Project Request 'Desired Test Window' Field Placeholder
default Select an option
Display 'Onsite Testing Required?' Field on Project Requests?
default Yes
Project Request 'Onsite Testing Required?' Field Sort Order
default None
Project Request 'Onsite Testing Required?' Field Label
default Onsite Testing Required?
Custom Fields - Vulnerability Library
Custom fields & forms for Vulnerability Library templates
See Custom Fields & Forms​
Custom Fields - Vulnerabilities
Custom fields & forms for Vulnerabilities
See Custom Fields & Forms​
Custom Fields - Assets
Custom fields & forms for Assets
See Custom Fields & Forms​
Display 'Asset Type' Field on Assets?
default Yes
Assets 'Asset Type' Field Label
default Asset Type
Assets 'Asset Type' Field Required?
default Yes
Assets 'Asset Type' Field Options
defaults:
Web App
API
Mobile
Cloud
Infrastructure
Network
Wifi
Hardware
Other
Display 'Asset ID' Field on Assets?
default Yes
Assets 'Asset ID' Field Label
default Asset ID
Assets 'Asset ID' Field Placeholder
default Enter Asset ID
Assets 'Asset ID' Field Required?
default No
Display 'Asset Details' Field on Assets?
default Yes
Assets 'Asset Details' Field Label
default Asset Details
Assets 'Asset Details' Field Placeholder
default Enter Details for the Asset...
Assets 'Asset Details' Field Required?
default No
Display 'Associated Groups' Field on Assets?
default Yes
Custom Fields - Portfolios
Custom fields & forms for Assets
See Custom Fields & Forms​
Display 'Code' Field on Portfolios?
default Yes
Display 'Description' Field on Portfolios?
default Yes
Display 'Level 1 Owner' Field on Portfolios?
default Yes
Display 'Level 2 Owner' Field on Portfolios?
default Yes
Display 'Level 3 Owner' Field on Portfolios?
default Yes
Custom Tags - Projects
Default Project Custom Tags
default None
Custom Tags - Vulnerability Library
Default Vulnerability Library Custom Tags
default None
Custom Tags - Vulnerabilities
Default Vulnerability Tags
default None
SLAs
Enable Vulnerability SLAs
default Disabled
Custom Vulnerability SLA Rules
default Critical / High / Medium / Low only if Enabled
Modules
Assets Library Module
default Disabled
Project Request Workflow
default Enabled
Integrations
Enable Slack
default Disabled
Enable Teams
default Disabled
Enable Discord
default Disabled
Users
Local account login
default Enabled
Enable Self-Registration
default Enabled
Enable self-password reset workflow 
default Enabled
SSO (1) login
default Disabled
SSO (1) login button text
default Sign In with SSO
SSO (2) login
default Disabled
SSO (2) login button text
default Sign In with SSO
Admins require AF MFA on login via SSO 
default Disabled
Auto-redirect to SSO login on visiting application login page (recommended for SSO-integration tenants with Just-In-Time User Registration)
default Disabled
Security
Whitelisted domains for self-registration via local accounts
default None
Session length
default 30 minutes
Simultaneous user sessions allowed 
default Disabled
Disable Inactive Non-Admin Users?
default No
Disable Inactive Non-Admin Users After How Many Inactive Days?
default NA
Custom blacklist for file upload extension
Miscellaneous
Support for US date format e.g. MM/dd/YYYY
default Disabled
Support for Middle-East work week e.g. Sunday to Thursday when requesting a new project
default Disabled
Upload New Logo - Login Page + Reports - Max filesize 1Mb. PNG/JPEG only.
Upload New Logo - Navigation Menu - Max filesize 1Mb. PNG/JPEG only.
Logo - Navigation Menu - Width
default 150
PDF Report - Cover Page - Title Color
default black
HTML Report - Cover Page - Title Color
default black
UI Default Theme - Header - Background Color
default dark-blue
UI Default Theme - Navigation Menu - Background Color
default dark-blue
UI Default Theme - Navigation Menu - Active Link Color
default blue
UI Login Page - Primary Button Color
default blue
UI Login Page - Secondary Button Color
default light-blue
AttackForge Enterprise & AttackForge Core - Previous
Access Control Matrix
Next - AttackForge Enterprise & AttackForge Core
Raising Support Tickets
Last modified 4d ago