Configuration Options
AttackForge Core & Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.
The list of supported configuration options is included below and regularly updated.
You can access most of the configurations options via Administration module.
Custom domain for accessing the application
Custom domain for all emails
default [email protected]
Whitelisted domains for self-registration via local accounts
default None
Session length
default 30 minutes
Simultaneous user sessions allowed
default Disabled
Custom blacklist for file upload extensions
Local account login
default Enabled
SSO login
default Disabled
Local account self-registration
default Enabled
Admins require AF MFA on login via SSO
default Disabled
Enable self-password reset workflow
default Enabled
Auto-redirect to SSO login on visiting application login page (recommended for SSO-integration tenants with Just-In-Time User Registration)
default Disabled
Enable/Disable emails
default Enabled
Email project team when a project is On-Hold
default Enabled
Email project team when a project is Off-Hold
default Enabled
Email project team on Daily Start & Stop Testing Notifications
default Enabled
Email group members with project invites to their groups' projects, after they have been added to a group
default Disabled
Email user on change of IP address from last login
default Enabled
Custom email body for new registrations
default None
Custom default email body for daily start/stop testing email notifications
default None
Custom default additional email addresses for daily start/stop testing email notifications
default None
Custom default email body for project team email notifications e.g. new critical vulnerability
default None
Custom default additional email addresses for project team email notifications
default None
Custom Email Template Header
default None
Custom Email Template Body Style
default None
Custom Email Template Footer
default None
Custom Email Subject Name for all New Manually Created/Invited Users
Custom Email Body for all New Manually Created/Invited Users
Assets Library Module
default Disabled
Project Request Workflow
default Enabled
Give project coordinators access to all new created projects
default Disabled
Custom value for Project Code in the UI
default Project Code
Default value for Project Name field when creating a new project
default None
Default value for Project Code field when creating a new project
default None
Default value for Scoring System field when creating a new project
default CVSSv3.1 Baseline
Default Project Groups when creating a new project
default None
Default Project Team Notifications (e.g. New Critical Vuln, New High Vuln, etc.) when creating a new project
default None
Default Project Admin Notifications (e.g. Vulnerability Ready for Retesting, Vulnerability Closed, etc.) when creating a new project
default None
Replace Likelihood of Exploitation with CVSS Score in Project Vulnerabilities pages/tables
default Disabled
Display 'Organization Code' field in Project Requests & New Project Creation forms. Also displays a new column on Projects table.
default Disabled
Enable CIA ratings in the Vulnerability Library
default Enabled
Enable Severity Field in the Vulnerability Library
default Enabled
Enable Likelihood of Exploitation Field in the Vulnerability Library
default Enabled
Enable CVSS Scoring Fields in the Vulnerability Library
default Enabled
Rich-Text Editor or Text Area for Steps to Reproduce (POC) for project vulnerabilities
default Rich-Text Editor
Text area will disable HTML conversion in reports & exports – to allow for verbatim POCs
Default Steps to Reproduce (Proof of Concept) for all new vulnerabilities on a project
default Empty
Default Notes for all new vulnerabilities on a project
default None
Default option for whether a new vulnerability is Visible or Pending – depending on your QA workflow
default Visible
Disable default reports (PDF/DOCX/HTML) for all users – to force use of On-Demand ReportGen reports
default Enabled
Disable default reports (PDF/DOCX/HTML) for just client users – to force use of On-Demand ReportGen reports
default Enabled
Enable Password-Protection for all PDF Reports. Prior to download, user will be prompted to enter in strong password
default Disabled
Default ReportGen Vulnerability Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Vulnerability Custom Tags in the library
default None
Default ReportGen Affected Assets Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Affected Asset Custom Tags on a project
default None
Default ReportGen Project Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Project Custom Tags on a project
default None
Enable Slack
default Disabled
Enable Teams
default Disabled
Enable Discord
default Disabled
Support for US date format e.g. MM/dd/YYYY
default Disabled
Support for Middle-East work week e.g. Sunday to Thursday when requesting a new project
default Disabled