AttackForge Core & Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.

The list of supported configuration options is included below and regularly updated.

You can access most of the configurations options via Administration module.

Whitelabel

• Custom domain for accessing the application

• Custom domain for all emails

  • default [email protected]

Security

• Whitelisted domains for self-registration via local accounts

  • default None

• Session length

  • default 30 minutes

• Simultaneous user sessions allowed

  • default Disabled

• Custom blacklist for file upload extensions

Users

• Local account self-registration

  • default Enabled

• Admins require AF MFA on login via SSO

  • default Disabled

• Enable self-password reset workflow

  • default Enabled

• Auto-redirect to SSO login on visiting application login page (recommended for SSO-integration tenants with Just-In-Time User Registration)

  • default Disabled

Emails

• Enable/Disable emails

  • default Enabled

• Email project team when a project is On-Hold

  • default Enabled

• Email project team when a project is Off-Hold

  • default Enabled

• Email project team on Daily Start & Stop Testing Notifications

  • default Enabled

• Email group members with project invites to their groups' projects, after they have been added to a group

  • default Disabled

• Email user on change of IP address from last login

  • default Enabled

• Custom email body for new registrations

  • default None

• Custom default email body for daily start/stop testing email notifications

  • default None

• Custom default additional email addresses for daily start/stop testing email notifications

  • default None

• Custom default email body for project team email notifications e.g. new critical vulnerability

  • default None

• Custom default additional email addresses for project team email notifications

  • default None

• Custom Email Template Header

  • default None

• Custom Email Template Body Style

  • default None

• Custom Email Template Footer

  • default None

• Custom Email Subject Name for all New Manually Created/Invited Users

• Custom Email Body for all New Manually Created/Invited Users

Modules

• Assets Library Module

  • default Disabled

• Project Request Workflow

  • default Enabled

Projects

• Give project coordinators access to all new created projects

  • default Disabled

• Custom value for Project Code in the UI

  • default Project Code

• Default value for Project Name field when creating a new project

  • default None

• Default value for Project Code field when creating a new project

  • default None

• Default value for Scoring System field when creating a new project

  • default CVSSv3.1 Baseline

• Default Project Groups when creating a new project

  • default None

• Default Project Team Notifications (e.g. New Critical Vuln, New High Vuln, etc.) when creating a new project

  • default None

• Default Project Admin Notifications (e.g. Vulnerability Ready for Retesting, Vulnerability Closed, etc.) when creating a new project

  • default None

• Replace Likelihood of Exploitation with CVSS Score in Project Vulnerabilities pages/tables

  • default Disabled

• Display 'Organization Code' field in Project Requests & New Project Creation forms. Also displays a new column on Projects table.

  • default Disabled

Vulnerabilities

• Enable CIA ratings in the Vulnerability Library

  • default Enabled

• Enable Severity Field in the Vulnerability Library

  • default Enabled

• Enable Likelihood of Exploitation Field in the Vulnerability Library

  • default Enabled

• Enable CVSS Scoring Fields in the Vulnerability Library

  • default Enabled

• Rich-Text Editor or Text Area for Steps to Reproduce (POC) for project vulnerabilities

  • default Rich-Text Editor

  • Text area will disable HTML conversion in reports & exports – to allow for verbatim POCs

• Default option for whether a new vulnerability is Visible or Pending – depending on your QA workflow

  • default Visible

Reporting

• Disable default reports (PDF/DOCX/HTML) for all users – to force use of On-Demand ReportGen reports

  • default Enabled

• Disable default reports (PDF/DOCX/HTML) for just client users – to force use of On-Demand ReportGen reports

  • default Enabled

• Enable Password-Protection for all PDF Reports. Prior to download, user will be prompted to enter in strong password

  • default Disabled

• Default ReportGen Vulnerability Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Vulnerability Custom Tags in the library

  • default None

• Default ReportGen Affected Assets Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Affected Asset Custom Tags on a project

  • default None

• Default ReportGen Project Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Project Custom Tags on a project

  • default None

Integrations

• Enable Slack

  • default Disabled

• Enable Teams

  • default Disabled

• Enable Discord

  • default Disabled

Miscellaneous

• Support for US date format e.g. MM/dd/YYYY

  • default Disabled

• Support for Middle-East work week e.g. Sunday to Thursday when requesting a new project

  • default Disabled