Configuration Options
AttackForge Enterprise - Supported Tenant Configuration Options
AttackForge Core & Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.
The list of supported configuration options is included below and regularly updated.
You can access most of the configurations options via Administration module.
- Custom domain for accessing the application
- Custom domain for all emails
- default [email protected]
- Enable/Disable emails
- default Enabled
- Custom Email Template Header
- Custom Email Template Body Style
- Custom Email Template Footer
- Email project team when a project is On-Hold
- default Enabled
- Email project team when a project is Off-Hold
- default Enabled
- Email project team on Daily Start & Stop Testing Notifications
- default Enabled
- Email group members with project invites to their groups' projects, after they have been added to a group
- default Disabled
- Email user on change of IP address from last login
- default Enabled
- Email Admins When New User Is Created
- default Enabled
- Custom email body for new self-registrations
- Email New User Welcome Message
- default Enabled
- Custom email subject for all new manually created/invited users
- Custom email body for all new manually created/invited users
- Custom default email body for INDIVIDUAL new vulnerability notifications
- Custom default email body for GROUPED new vulnerability notifications
- Custom default additional email addresses for project team email notifications
- default None
- Custom email body for daily start/stop testing email notifications
- Custom additional email addresses for daily start/stop testing email notifications
- default None
- Enable Remediation Plan For Vulnerabilities
- default Disabled
- Enable Zero-Day (0-day) Field For Vulnerabilities
- default Enabled
- Enable CIA ratings in the Vulnerability Library
- default Enabled
- Enable Severity Field in the Vulnerability Library
- default Enabled
- Enable Likelihood of Exploitation Field in the Vulnerability Library
- default Enabled
- Enable Attack Scenario In Vulnerability Library
- default Enabled
- Enable CVSS Scoring Fields in the Vulnerability Library
- default Enabled
- Rich-Text Editor or Text Area for Steps to Reproduce (POC) for project vulnerabilities
- default Rich-Text Editor
- Text area will disable HTML conversion in reports & exports – to allow for verbatim POCs
- Default Steps to Reproduce (Proof of Concept) for all new vulnerabilities on a project
- default Empty
- Default Notes for all new vulnerabilities on a project
- default None
- Default option for whether a new vulnerability is Visible or Pending – depending on your QA workflow
- default Visible
- Allow Consultants to View & Action All Pending Projects Requests
- default No
- Allow Library Moderators to View & Action All Pending Projects Requests
- default No
- Allow Consultants to Create Projects
- default No
- Allow Library Moderators to Create Projects
- default No
- Default / Placeholder Executive Summary for New Projects
- default None
- Display 'Organization Code' field in Project Requests & New Project Creation forms. Also displays a new column on Projects table.
- default Disabled
- Give project coordinators access to all new created projects
- default Disabled
- Custom value for Project Code in the UI
- default Project Code
- Default value for Project Name field when creating a new project
- default None
- Default value for Project Code field when creating a new project
- default None
- Default value for Scoring System field when creating a new project
- default CVSSv3.1 Baseline
- Default Project Groups when creating a new project
- default None
- Default Project Team Notifications (e.g. New Critical Vuln, New High Vuln, etc.) when creating a new project
- default None
- Default Email Notification Type For New Vulnerabilities
- default Send one email for every new vulnerability
- Default Project Admin Notifications (e.g. Vulnerability Ready for Retesting, Vulnerability Closed, etc.) when creating a new project
- default None
- Default Portfolios / Streams when Creating New Project
- default None
- Replace Likelihood of Exploitation with CVSS Score in Project Vulnerabilities pages/tables
- default Disabled
- Default ReportGen Individual Report Template
- default None
- Disable ReportGen Group Reports
- default No
- Disable custom reports (ReportGen) for all users
- default No
- Disable default reports (PDF) for all users
- default No
- Disable default reports (DOCX) for all users
- default No
- Disable default reports (HTML) for all users
- default No
- Disable csv export (CSV) for all users
- default No
- Disable json export (JSON) for all users
- default No
- Disable custom reports (ReportGen) for just client users
- default No
- Disable default reports (PDF) for just client users
- default No
- Disable default reports (DOCX) for just client users
- default No
- Disable default reports (HTML) for just client users
- default No
- Disable csv export (CSV) for just client users
- default No
- Disable json export (JSON) for just client users
- default No
- Enable Password-Protection for all PDF Reports. Prior to download, user will be prompted to enter in strong password
- default Disabled
- Imported Vulnerabilities Library - Allowed Users & Roles
- default Everyone
- Project Vulnerabilities Library - Allowed Users & Roles
- default Everyone
- Custom Vulnerability Libraries with Access Controls
- default None
- Custom fields & forms for Projects
- Custom fields & forms for Project Requests
- Display 'Project Name' Field on Project Requests?
- default Yes
- Project Request 'Project Name' Field Sort Order
- default None
- Project Request 'Project Name' Field Label
- default Project Name
- Project Request 'Project Name' Field Placeholder
- default E.g. Corporate Website Pentest
- Project Request 'Project Name' Field Hide Condition
- default None
- Display 'Assets to be Tested (Scope)' Field on Project Requests?
- default Yes
- Project Request 'Assets to be Tested (Scope)' Field Sort Order
- default None
- Project Request 'Assets to be Tested (Scope)' Field Label
- default Assets to be Tested (Scope)
- Project Request 'Assets to be Tested (Scope)' Field Placeholder
- default Select asset(s)
- Project Request 'Assets to be Tested (Scope)' Field Hide Condition
- default None
- Display 'Project Code' Field on Project Requests?
- default Yes
- Project Request 'Project Code' Field Sort Order
- default None
- Project Request 'Project Code' Field Label
- default Project Code
- Project Request 'Project Code' Field Placeholder
- default E.g. CODE001
- Project Request 'Project Code' Field Hide Condition
- default None
- Display 'Associated Groups' Field on Project Requests?
- default Yes
- Project Request 'Associated Groups' Field Sort Order
- default None
- Project Request 'Associated Groups' Field Label
- default Associated Groups
- Project Request 'Associated Groups' Field Placeholder
- default Select group(s)
- Project Request 'Associated Groups' Field Hide Condition
- default None
- Display 'Reason Testing Is Required (Justification)' Field on Project Requests?
- default Yes
- Project Request 'Reason Testing Is Required (Justification)' Field Sort Order
- default None
- Project Request 'Reason Testing Is Required (Justification)' Field Label
- default Reason Testing Is Required (Justification)
- Project Request 'Reason Testing Is Required (Justification)' Field Placeholder
- default E.g new application, annual pentest, etc.
- Project Request 'Reason Testing Is Required (Justification)' Field Hide Condition
- default None
- Display 'Testing to be Performed' Field on Project Requests?
- default Yes
- Project Request 'Testing to be Performed' Field Sort Order
- default None
- Project Request 'Testing to be Performed' Field Label
- default Testing to be Performed
- Project Request 'Testing to be Performed' Field Placeholder
- default Select test type(s) to be performed
- Project Request 'Testing to be Performed' Field Type
- default Multi-Select
- Project Request 'Testing to be Performed' Field Hide Condition
- default None
- Display 'Desired Start Date' Field on Project Requests?
- default Yes
- Project Request 'Desired Start Date' Field Sort Order
- default None
- Project Request 'Desired Start Date' Field Label
- default Select a date
- Project Request 'Desired Start Date' Field Placeholder
- default Desired Start Date
- Project Request 'Desired Start Date' Field Hide Condition
- default None
- Display 'Desired Completion Date' Field on Project Requests?
- default Yes
- Project Request 'Desired Completion Date' Field Sort Order
- default None
- Project Request 'Desired Completion Date' Field Label
- default Desired Completion Date' Field
- Project Request 'Desired Completion Date' Field Placeholder
- default Select a date
- Project Request 'Desired Completion Date' Field Hide Condition
- default None
- Display 'Desired Test Window' Field on Project Requests?
- default Yes
- Project Request 'Desired Test Window' Field Sort Order
- default None
- Project Request 'Desired Test Window' Field Label
- default Desired Test Window
- Project Request 'Desired Test Window' Field Placeholder
- default Select an option
- Project Request 'Desired Test Window' Field Hide Condition
- default None
- Display 'Onsite Testing Required?' Field on Project Requests?
- default Yes
- Project Request 'Onsite Testing Required?' Field Sort Order
- default None
- Project Request 'Onsite Testing Required?' Field Label
- default Onsite Testing Required?
- Project Request 'Onsite Testing Required?' Field Hide Condition
- default None
- Custom fields & forms for Vulnerability Library templates
- Custom fields & forms for Vulnerabilities
- Custom fields & forms for Assets
- Display 'Asset Type' Field on Assets?
- default Yes
- Assets 'Asset Type' Field Label
- default Asset Type
- Assets 'Asset Type' Field Required?
- default Yes
- Assets 'Asset Type' Field Options
- defaults:
- Web App
- API
- Mobile
- Cloud
- Infrastructure
- Network
- Wifi
- Hardware
- Other
- Display 'Asset ID' Field on Assets?
- default Yes
- Assets 'Asset ID' Field Label
- default Asset ID
- Assets 'Asset ID' Field Placeholder
- default Enter Asset ID
- Assets 'Asset ID' Field Required?
- default No
- Display 'Asset Details' Field on Assets?
- default Yes
- Assets 'Asset Details' Field Label
- default Asset Details
- Assets 'Asset Details' Field Placeholder
- default Enter Details for the Asset...
- Assets 'Asset Details' Field Required?
- default No
- Display 'Associated Groups' Field on Assets?
- default Yes
- Custom fields & forms for Assets
- Display 'Code' Field on Portfolios?
- default Yes
- Display 'Description' Field on Portfolios?
- default Yes
- Display 'Level 1 Owner' Field on Portfolios?
- default Yes
- Display 'Level 2 Owner' Field on Portfolios?
- default Yes
- Display 'Level 3 Owner' Field on Portfolios?
- default Yes
- Default Project Custom Tags
- default None
- Default Vulnerability Library Custom Tags
- default None
- Default Vulnerability Tags
- default None
- Enable Vulnerability SLAs
- default Disabled
- Custom Vulnerability SLA Rules
- default Critical / High / Medium / Low only if Enabled
- Assets Library Module
- default Disabled
- Project Request Workflow
- default Enabled
- Enable Slack
- default Disabled
- Enable Teams
- default Disabled
- Enable Discord
- default Disabled
- Default User Role for New Users
- default Client
- Local account login
- default Enabled
- Enable Self-Registration
- default Enabled
- Enable self-password reset workflow
- default Enabled
- SSO (1) login
- default Disabled
- SSO (1) login button text
- default Sign In with SSO
- SSO (2) login
- default Disabled
- SSO (2) login button text
- default Sign In with SSO
- Admins require AF MFA on login via SSO
- default Disabled
- Auto-redirect to SSO login on visiting application login page (recommended for SSO-integration tenants with Just-In-Time User Registration)
- default Disabled
- Sign-in page text
- default None
- Whitelisted domains for self-registration via local accounts
- default None
- Session length
- default 30 minutes
- Simultaneous user sessions allowed
- default Disabled
- Disable Inactive Non-Admin Users?
- default No
- Disable Inactive Non-Admin Users After How Many Inactive Days?
- default NA
- Custom blacklist for file upload extension
- Support for US date format e.g. MM/dd/YYYY
- default Disabled
- Support for Middle-East work week e.g. Sunday to Thursday when requesting a new project
- default Disabled
- Upload New Logo - Login Page + Reports - Max filesize 1Mb. PNG/JPEG only.
- Upload New Logo - Navigation Menu - Max filesize 1Mb. PNG/JPEG only.
- Logo - Navigation Menu - Width
- default 150
- PDF Report - Cover Page - Title Color
- default black
- HTML Report - Cover Page - Title Color
- default black
- UI Default Theme - Header - Background Color
- default dark-blue
- UI Default Theme - Navigation Menu - Background Color
- default dark-blue
- UI Default Theme - Navigation Menu - Active Link Color
- default blue
- UI Login Page - Primary Button Color
- default blue
- UI Login Page - Secondary Button Color
- default light-blue