Configuration Options
AttackForge Enterprise - Supported Tenant Configuration Options
AttackForge Core & Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.
The list of supported configuration options is included below and regularly updated.
You can access most of the configurations options via Administration module.

Whitelabel

  • Custom domain for accessing the application
  • Custom domain for all emails

Security

  • Whitelisted domains for self-registration via local accounts
    • default None
  • Session length
    • default 30 minutes
  • Simultaneous user sessions allowed
    • default Disabled
  • Custom blacklist for file upload extensions

Users

  • Local account login
    • default Enabled
  • SSO login
    • default Disabled
  • Local account self-registration
    • default Enabled
  • Admins require AF MFA on login via SSO
    • default Disabled
  • Enable self-password reset workflow
    • default Enabled
  • Auto-redirect to SSO login on visiting application login page (recommended for SSO-integration tenants with Just-In-Time User Registration)
    • default Disabled

Emails

  • Enable/Disable emails
    • default Enabled
  • Custom Email Template Header
  • Custom Email Template Body Style
  • Custom Email Template Footer
  • Email project team when a project is On-Hold
    • default Enabled
  • Email project team when a project is Off-Hold
    • default Enabled
  • Email project team on Daily Start & Stop Testing Notifications
    • default Enabled
  • Email group members with project invites to their groups' projects, after they have been added to a group
    • default Disabled
  • Email user on change of IP address from last login
    • default Enabled
  • Custom Email Subject Name for all New Manually Created/Invited Users
  • Custom Email Body for all New Manually Created/Invited Users
  • Custom email body for daily start/stop testing email notifications
  • Custom additional email addresses for daily start/stop testing email notifications
    • default None
  • Custom default email body for project team email notifications e.g. new critical vulnerability
  • Custom default additional email addresses for project team email notifications
    • default None

Modules

  • Assets Library Module
    • default Disabled
  • Project Request Workflow
    • default Enabled

Assets

  • Display 'Asset Type' Field on Assets?
    • default Yes
  • Assets 'Asset Type' Field Label
    • default Asset Type
  • Assets 'Asset Type' Field Required?
    • default Yes
  • Assets 'Asset Type' Field Options
    • defaults:
      • Web App
      • API
      • Mobile
      • Cloud
      • Infrastructure
      • Network
      • Wifi
      • Hardware
      • Other
  • Display 'Asset ID' Field on Assets?
    • default Yes
  • Assets 'Asset ID' Field Label
    • default Asset ID
  • Assets 'Asset ID' Field Placeholder
    • default Enter Asset ID
  • Assets 'Asset ID' Field Required?
    • default No
  • Display 'Asset Details' Field on Assets?
    • default Yes
  • Assets 'Asset Details' Field Label
    • default Asset Details
  • Assets 'Asset Details' Field Placeholder
    • default Enter Details for the Asset...
  • Assets 'Asset Details' Field Required?
    • default No
  • Display 'Associated Groups' Field on Assets?
    • default Yes

Projects

  • Custom fields & forms for Project Requests
  • Custom fields & forms for Projects
  • Project Request 'Project Name' Field Sort Order
    • default None
  • Project Request 'Project Name' Field Label
    • default Project Name
  • Project Request 'Project Name' Field Placeholder
    • default E.g. Corporate Website Pentest
  • Project Request 'Assets to be Tested (Scope)' Field Sort Order
    • default None
  • Project Request 'Assets to be Tested (Scope)' Field Label
    • default Assets to be Tested (Scope)
  • Project Request 'Assets to be Tested (Scope)' Field Placeholder
    • default Select asset(s)
  • Display 'Project Code' Field on Project Requests?
    • default Yes
  • Project Request 'Project Code' Field Sort Order
    • default None
  • Project Request 'Project Code' Field Label
    • default Project Code
  • Project Request 'Project Code' Field Placeholder
    • default E.g. CODE001
  • Display 'Associated Groups' Field on Project Requests?
    • default Yes
  • Project Request 'Associated Groups' Field Sort Order
    • default None
  • Project Request 'Associated Groups' Field Label
    • default Associated Groups
  • Project Request 'Associated Groups' Field Placeholder
    • default Select group(s)
  • Display 'Reason Testing Is Required (Justification)' Field on Project Requests?
    • default Yes
  • Project Request 'Reason Testing Is Required (Justification)' Field Sort Order
    • default None
  • Project Request 'Reason Testing Is Required (Justification)' Field Label
    • default Reason Testing Is Required (Justification)
  • Project Request 'Reason Testing Is Required (Justification)' Field Placeholder
    • default E.g new application, annual pentest, etc.
  • Display 'Testing to be Performed' Field on Project Requests?
    • default Yes
  • Project Request 'Testing to be Performed' Field Sort Order
    • default None
  • Project Request 'Testing to be Performed' Field Label
    • default Testing to be Performed
  • Project Request 'Testing to be Performed' Field Placeholder
    • default Select test type(s) to be performed
  • Project Request 'Testing to be Performed' Field Type
    • default Multi-Select
  • Display 'Desired Start Date' Field on Project Requests?
    • default Yes
  • Project Request 'Desired Start Date' Field Sort Order
    • default None
  • Project Request 'Desired Start Date' Field Label
    • default Select a date
  • Project Request 'Desired Start Date' Field Placeholder
    • default Desired Start Date
  • Display 'Desired Completion Date' Field on Project Requests?
    • default Yes
  • Project Request 'Desired Completion Date' Field Sort Order
    • default None
  • Project Request 'Desired Completion Date' Field Label
    • default Desired Completion Date' Field
  • Project Request 'Desired Completion Date' Field Placeholder
    • default Select a date
  • Display 'Desired Test Window' Field on Project Requests?
    • default Yes
  • Project Request 'Desired Test Window' Field Sort Order
    • default None
  • Project Request 'Desired Test Window' Field Label
    • default Desired Test Window
  • Project Request 'Desired Test Window' Field Placeholder
    • default Select an option
  • Display 'Onsite Testing Required?' Field on Project Requests?
    • default Yes
  • Project Request 'Onsite Testing Required?' Field Sort Order
    • default None
  • Project Request 'Onsite Testing Required?' Field Label
    • default Onsite Testing Required?
  • Default ReportGen Project Custom Tags
    • default None
  • Default / Placeholder Executive Summary for New Projects
    • default None
  • Display 'Organization Code' field in Project Requests & New Project Creation forms. Also displays a new column on Projects table.
    • default Disabled
  • Give project coordinators access to all new created projects
    • default Disabled
  • Custom value for Project Code in the UI
    • default Project Code
  • Default value for Project Name field when creating a new project
    • default None
  • Default value for Project Code field when creating a new project
    • default None
  • Default value for Scoring System field when creating a new project
    • default CVSSv3.1 Baseline
  • Default Project Groups when creating a new project
    • default None
  • Default Project Team Notifications (e.g. New Critical Vuln, New High Vuln, etc.) when creating a new project
    • default None
  • Default Project Admin Notifications (e.g. Vulnerability Ready for Retesting, Vulnerability Closed, etc.) when creating a new project
    • default None
  • Replace Likelihood of Exploitation with CVSS Score in Project Vulnerabilities pages/tables
    • default Disabled

Vulnerabilities

  • Custom fields & forms for Vulnerability Library templates
  • Custom fields & forms for Vulnerabilities
  • Default ReportGen Vulnerability Library Custom Tags
    • default None
  • Default ReportGen Vulnerability Custom Tags
    • default None
  • Enable Zero-Day (0-day) Field For Vulnerabilities
    • default Enabled
  • Enable CIA ratings in the Vulnerability Library
    • default Enabled
  • Enable Severity Field in the Vulnerability Library
    • default Enabled
  • Enable Likelihood of Exploitation Field in the Vulnerability Library
    • default Enabled
  • Enable CVSS Scoring Fields in the Vulnerability Library
    • default Enabled
  • Rich-Text Editor or Text Area for Steps to Reproduce (POC) for project vulnerabilities
    • default Rich-Text Editor
    • Text area will disable HTML conversion in reports & exports – to allow for verbatim POCs
  • Default Steps to Reproduce (Proof of Concept) for all new vulnerabilities on a project
    • default Empty
  • Default Notes for all new vulnerabilities on a project
    • default None
  • Default option for whether a new vulnerability is Visible or Pending – depending on your QA workflow
    • default Visible

Reporting

  • Default ReportGen Individual Report Template
    • default None
  • Disable ReportGen Group Reports
    • default No
  • Disable default reports (PDF/DOCX/HTML) for all users – to force use of On-Demand ReportGen reports
    • default Enabled
  • Disable default reports (PDF/DOCX/HTML) for just client users – to force use of On-Demand ReportGen reports
    • default Enabled
  • Enable Password-Protection for all PDF Reports. Prior to download, user will be prompted to enter in strong password
    • default Disabled

Libraries

  • Imported Vulnerabilities Library - Allowed Users & Roles
    • default Everyone
  • Project Vulnerabilities Library - Allowed Users & Roles
    • default Everyone
  • Custom Vulnerability Libraries with Access Controls
    • default None

Integrations

  • Enable Slack
    • default Disabled
  • Enable Teams
    • default Disabled
  • Enable Discord
    • default Disabled

Miscellaneous

  • Support for US date format e.g. MM/dd/YYYY
    • default Disabled
  • Support for Middle-East work week e.g. Sunday to Thursday when requesting a new project
    • default Disabled
Last modified 18d ago