Configuration Options

AttackForge Enterprise - Supported Tenant Configuration Options

AttackForge Core & Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.

The list of supported configuration options is included below and regularly updated.

You can access most of the configurations options via Administration module.

Whitelabel

  • Custom domain for accessing the application

  • Custom domain for all emails

Security

  • Whitelisted domains for self-registration via local accounts

    • default None

  • Session length

    • default 30 minutes

  • Simultaneous user sessions allowed

    • default Disabled

  • Custom blacklist for file upload extensions

Users

  • Local account login

    • default Enabled

  • SSO login

    • default Disabled

  • Local account self-registration

    • default Enabled

  • Admins require AF MFA on login via SSO

    • default Disabled

  • Enable self-password reset workflow

    • default Enabled

  • Auto-redirect to SSO login on visiting application login page (recommended for SSO-integration tenants with Just-In-Time User Registration)

    • default Disabled

Emails

  • Enable/Disable emails

    • default Enabled

  • Email project team when a project is On-Hold

    • default Enabled

  • Email project team when a project is Off-Hold

    • default Enabled

  • Email project team on Daily Start & Stop Testing Notifications

    • default Enabled

  • Email group members with project invites to their groups' projects, after they have been added to a group

    • default Disabled

  • Email user on change of IP address from last login

    • default Enabled

  • Custom email body for new registrations

    • default None

  • Custom default email body for daily start/stop testing email notifications

    • default None

  • Custom default additional email addresses for daily start/stop testing email notifications

    • default None

  • Custom default email body for project team email notifications e.g. new critical vulnerability

    • default None

  • Custom default additional email addresses for project team email notifications

    • default None

  • Custom Email Template Header

    • default None

  • Custom Email Template Body Style

    • default None

  • Custom Email Template Footer

    • default None

  • Custom Email Subject Name for all New Manually Created/Invited Users

  • Custom Email Body for all New Manually Created/Invited Users

Modules

  • Assets Library Module

    • default Disabled

  • Project Request Workflow

    • default Enabled

Projects

  • Give project coordinators access to all new created projects

    • default Disabled

  • Custom value for Project Code in the UI

    • default Project Code

  • Default value for Project Name field when creating a new project

    • default None

  • Default value for Project Code field when creating a new project

    • default None

  • Default value for Scoring System field when creating a new project

    • default CVSSv3.1 Baseline

  • Default Project Groups when creating a new project

    • default None

  • Default Project Team Notifications (e.g. New Critical Vuln, New High Vuln, etc.) when creating a new project

    • default None

  • Default Project Admin Notifications (e.g. Vulnerability Ready for Retesting, Vulnerability Closed, etc.) when creating a new project

    • default None

  • Replace Likelihood of Exploitation with CVSS Score in Project Vulnerabilities pages/tables

    • default Disabled

  • Display 'Organization Code' field in Project Requests & New Project Creation forms. Also displays a new column on Projects table.

    • default Disabled

Vulnerabilities

  • Enable CIA ratings in the Vulnerability Library

    • default Enabled

  • Enable Severity Field in the Vulnerability Library

    • default Enabled

  • Enable Likelihood of Exploitation Field in the Vulnerability Library

    • default Enabled

  • Enable CVSS Scoring Fields in the Vulnerability Library

    • default Enabled

  • Rich-Text Editor or Text Area for Steps to Reproduce (POC) for project vulnerabilities

    • default Rich-Text Editor

    • Text area will disable HTML conversion in reports & exports – to allow for verbatim POCs

  • Default Steps to Reproduce (Proof of Concept) for all new vulnerabilities on a project

    • default Empty

  • Default Notes for all new vulnerabilities on a project

    • default None

  • Default option for whether a new vulnerability is Visible or Pending – depending on your QA workflow

    • default Visible

Reporting

  • Disable default reports (PDF/DOCX/HTML) for all users – to force use of On-Demand ReportGen reports

    • default Enabled

  • Disable default reports (PDF/DOCX/HTML) for just client users – to force use of On-Demand ReportGen reports

    • default Enabled

  • Enable Password-Protection for all PDF Reports. Prior to download, user will be prompted to enter in strong password

    • default Disabled

  • Default ReportGen Vulnerability Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Vulnerability Custom Tags in the library

    • default None

  • Default ReportGen Affected Assets Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Affected Asset Custom Tags on a project

    • default None

  • Default ReportGen Project Custom Tags, to pre-fill & display on every project when a user attempts to create new ReportGen Project Custom Tags on a project

    • default None

Integrations

  • Enable Slack

    • default Disabled

  • Enable Teams

    • default Disabled

  • Enable Discord

    • default Disabled

Miscellaneous

  • Support for US date format e.g. MM/dd/YYYY

    • default Disabled

  • Support for Middle-East work week e.g. Sunday to Thursday when requesting a new project

    • default Disabled