Configuration Options
AttackForge Enterprise - Supported Tenant Configuration Options
AttackForge Core & Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.
The list of supported configuration options is included below and regularly updated.
You can access most of the configurations options via Administration module.

Whitelabel

  • Custom domain for accessing the application
  • Custom domain for all emails

Emails

  • Enable/Disable emails
    • default Enabled
  • Custom Email Template Header
  • Custom Email Template Body Style
  • Custom Email Template Footer
  • Email project team when a project is On-Hold
    • default Enabled
  • Email project team when a project is Off-Hold
    • default Enabled
  • Email project team on Daily Start & Stop Testing Notifications
    • default Enabled
  • Email group members with project invites to their groups' projects, after they have been added to a group
    • default Disabled
  • Email user on change of IP address from last login
    • default Enabled
  • Email Admins When New User Is Created
    • default Enabled
  • Custom email body for new self-registrations
  • Email New User Welcome Message
    • default Enabled
  • Custom email subject for all new manually created/invited users
  • Custom email body for all new manually created/invited users
  • Custom default email body for INDIVIDUAL new vulnerability notifications
  • Custom default email body for GROUPED new vulnerability notifications
  • Custom default additional email addresses for project team email notifications
    • default None
  • Custom email body for daily start/stop testing email notifications
  • Custom additional email addresses for daily start/stop testing email notifications
    • default None

Custom Emails

Vulnerabilities

  • Enable Remediation Plan For Vulnerabilities
    • default Disabled
  • Enable Zero-Day (0-day) Field For Vulnerabilities
    • default Enabled
  • Enable CIA ratings in the Vulnerability Library
    • default Enabled
  • Enable Severity Field in the Vulnerability Library
    • default Enabled
  • Enable Likelihood of Exploitation Field in the Vulnerability Library
    • default Enabled
  • Enable CVSS Scoring Fields in the Vulnerability Library
    • default Enabled
  • Rich-Text Editor or Text Area for Steps to Reproduce (POC) for project vulnerabilities
    • default Rich-Text Editor
    • Text area will disable HTML conversion in reports & exports – to allow for verbatim POCs
  • Default Steps to Reproduce (Proof of Concept) for all new vulnerabilities on a project
    • default Empty
  • Default Notes for all new vulnerabilities on a project
    • default None
  • Default option for whether a new vulnerability is Visible or Pending – depending on your QA workflow
    • default Visible

Projects

  • Default / Placeholder Executive Summary for New Projects
    • default None
  • Display 'Organization Code' field in Project Requests & New Project Creation forms. Also displays a new column on Projects table.
    • default Disabled
  • Give project coordinators access to all new created projects
    • default Disabled
  • Custom value for Project Code in the UI
    • default Project Code
  • Default value for Project Name field when creating a new project
    • default None
  • Default value for Project Code field when creating a new project
    • default None
  • Default value for Scoring System field when creating a new project
    • default CVSSv3.1 Baseline
  • Default Project Groups when creating a new project
    • default None
  • Default Project Team Notifications (e.g. New Critical Vuln, New High Vuln, etc.) when creating a new project
    • default None
  • Default Project Admin Notifications (e.g. Vulnerability Ready for Retesting, Vulnerability Closed, etc.) when creating a new project
    • default None
  • Default Portfolios / Streams when Creating New Project
    • default None
  • Replace Likelihood of Exploitation with CVSS Score in Project Vulnerabilities pages/tables
    • default Disabled

Reporting

  • Default ReportGen Individual Report Template
    • default None
  • Disable ReportGen Group Reports
    • default No
  • Disable custom reports (ReportGen) for all users
    • default No
  • Disable default reports (PDF) for all users
    • default No
  • Disable default reports (DOCX) for all users
    • default No
  • Disable default reports (HTML) for all users
    • default No
  • Disable csv export (CSV) for all users
    • default No
  • Disable json export (JSON) for all users
    • default No
  • Disable custom reports (ReportGen) for just client users
    • default No
  • Disable default reports (PDF) for just client users
    • default No
  • Disable default reports (DOCX) for just client users
    • default No
  • Disable default reports (HTML) for just client users
    • default No
  • Disable csv export (CSV) for just client users
    • default No
  • Disable json export (JSON) for just client users
    • default No
  • Enable Password-Protection for all PDF Reports. Prior to download, user will be prompted to enter in strong password
    • default Disabled

Libraries

  • Imported Vulnerabilities Library - Allowed Users & Roles
    • default Everyone
  • Project Vulnerabilities Library - Allowed Users & Roles
    • default Everyone
  • Custom Vulnerability Libraries with Access Controls
    • default None

Custom Fields - Projects

Custom Fields - Project Requests

  • Custom fields & forms for Project Requests
  • Project Request 'Project Name' Field Sort Order
    • default None
  • Project Request 'Project Name' Field Label
    • default Project Name
  • Project Request 'Project Name' Field Placeholder
    • default E.g. Corporate Website Pentest
  • Project Request 'Assets to be Tested (Scope)' Field Sort Order
    • default None
  • Project Request 'Assets to be Tested (Scope)' Field Label
    • default Assets to be Tested (Scope)
  • Project Request 'Assets to be Tested (Scope)' Field Placeholder
    • default Select asset(s)
  • Display 'Project Code' Field on Project Requests?
    • default Yes
  • Project Request 'Project Code' Field Sort Order
    • default None
  • Project Request 'Project Code' Field Label
    • default Project Code
  • Project Request 'Project Code' Field Placeholder
    • default E.g. CODE001
  • Display 'Associated Groups' Field on Project Requests?
    • default Yes
  • Project Request 'Associated Groups' Field Sort Order
    • default None
  • Project Request 'Associated Groups' Field Label
    • default Associated Groups
  • Project Request 'Associated Groups' Field Placeholder
    • default Select group(s)
  • Display 'Reason Testing Is Required (Justification)' Field on Project Requests?
    • default Yes
  • Project Request 'Reason Testing Is Required (Justification)' Field Sort Order
    • default None
  • Project Request 'Reason Testing Is Required (Justification)' Field Label
    • default Reason Testing Is Required (Justification)
  • Project Request 'Reason Testing Is Required (Justification)' Field Placeholder
    • default E.g new application, annual pentest, etc.
  • Display 'Testing to be Performed' Field on Project Requests?
    • default Yes
  • Project Request 'Testing to be Performed' Field Sort Order
    • default None
  • Project Request 'Testing to be Performed' Field Label
    • default Testing to be Performed
  • Project Request 'Testing to be Performed' Field Placeholder
    • default Select test type(s) to be performed
  • Project Request 'Testing to be Performed' Field Type
    • default Multi-Select
  • Display 'Desired Start Date' Field on Project Requests?
    • default Yes
  • Project Request 'Desired Start Date' Field Sort Order
    • default None
  • Project Request 'Desired Start Date' Field Label
    • default Select a date
  • Project Request 'Desired Start Date' Field Placeholder
    • default Desired Start Date
  • Display 'Desired Completion Date' Field on Project Requests?
    • default Yes
  • Project Request 'Desired Completion Date' Field Sort Order
    • default None
  • Project Request 'Desired Completion Date' Field Label
    • default Desired Completion Date' Field
  • Project Request 'Desired Completion Date' Field Placeholder
    • default Select a date
  • Display 'Desired Test Window' Field on Project Requests?
    • default Yes
  • Project Request 'Desired Test Window' Field Sort Order
    • default None
  • Project Request 'Desired Test Window' Field Label
    • default Desired Test Window
  • Project Request 'Desired Test Window' Field Placeholder
    • default Select an option
  • Display 'Onsite Testing Required?' Field on Project Requests?
    • default Yes
  • Project Request 'Onsite Testing Required?' Field Sort Order
    • default None
  • Project Request 'Onsite Testing Required?' Field Label
    • default Onsite Testing Required?

Custom Fields - Vulnerability Library

Custom Fields - Vulnerabilities

Custom Fields - Assets

  • Custom fields & forms for Assets
  • Display 'Asset Type' Field on Assets?
    • default Yes
  • Assets 'Asset Type' Field Label
    • default Asset Type
  • Assets 'Asset Type' Field Required?
    • default Yes
  • Assets 'Asset Type' Field Options
    • defaults:
      • Web App
      • API
      • Mobile
      • Cloud
      • Infrastructure
      • Network
      • Wifi
      • Hardware
      • Other
  • Display 'Asset ID' Field on Assets?
    • default Yes
  • Assets 'Asset ID' Field Label
    • default Asset ID
  • Assets 'Asset ID' Field Placeholder
    • default Enter Asset ID
  • Assets 'Asset ID' Field Required?
    • default No
  • Display 'Asset Details' Field on Assets?
    • default Yes
  • Assets 'Asset Details' Field Label
    • default Asset Details
  • Assets 'Asset Details' Field Placeholder
    • default Enter Details for the Asset...
  • Assets 'Asset Details' Field Required?
    • default No
  • Display 'Associated Groups' Field on Assets?
    • default Yes

Custom Fields - Portfolios

  • Custom fields & forms for Assets
  • Display 'Code' Field on Portfolios?
    • default Yes
  • Display 'Description' Field on Portfolios?
    • default Yes
  • Display 'Level 1 Owner' Field on Portfolios?
    • default Yes
  • Display 'Level 2 Owner' Field on Portfolios?
    • default Yes
  • Display 'Level 3 Owner' Field on Portfolios?
    • default Yes

Custom Tags - Projects

  • Default Project Custom Tags
    • default None

Custom Tags - Vulnerability Library

  • Default Vulnerability Library Custom Tags
    • default None

Custom Tags - Vulnerabilities

  • Default Vulnerability Tags
    • default None

SLAs

  • Enable Vulnerability SLAs
    • default Disabled
  • Custom Vulnerability SLA Rules
    • default Critical / High / Medium / Low only if Enabled

Modules

  • Assets Library Module
    • default Disabled
  • Project Request Workflow
    • default Enabled

Integrations

  • Enable Slack
    • default Disabled
  • Enable Teams
    • default Disabled
  • Enable Discord
    • default Disabled

Users

  • Local account login
    • default Enabled
  • Enable Self-Registration
    • default Enabled
  • Enable self-password reset workflow
    • default Enabled
  • SSO (1) login
    • default Disabled
  • SSO (1) login button text
    • default Sign In with SSO
  • SSO (2) login
    • default Disabled
  • SSO (2) login button text
    • default Sign In with SSO
  • Admins require AF MFA on login via SSO
    • default Disabled
  • Auto-redirect to SSO login on visiting application login page (recommended for SSO-integration tenants with Just-In-Time User Registration)
    • default Disabled

Security

  • Whitelisted domains for self-registration via local accounts
    • default None
  • Session length
    • default 30 minutes
  • Simultaneous user sessions allowed
    • default Disabled
  • Disable Inactive Non-Admin Users?
    • default No
  • Disable Inactive Non-Admin Users After How Many Inactive Days?
    • default NA
  • Custom blacklist for file upload extension

Miscellaneous

  • Support for US date format e.g. MM/dd/YYYY
    • default Disabled
  • Support for Middle-East work week e.g. Sunday to Thursday when requesting a new project
    • default Disabled
  • Upload New Logo - Login Page + Reports - Max filesize 1Mb. PNG/JPEG only.
  • Upload New Logo - Navigation Menu - Max filesize 1Mb. PNG/JPEG only.
  • Logo - Navigation Menu - Width
    • default 150
  • PDF Report - Cover Page - Title Color
    • default black
  • HTML Report - Cover Page - Title Color
    • default black
  • UI Default Theme - Header - Background Color
    • default dark-blue
  • UI Default Theme - Navigation Menu - Background Color
    • default dark-blue
  • UI Default Theme - Navigation Menu - Active Link Color
    • default blue
  • UI Login Page - Primary Button Color
    • default blue
  • UI Login Page - Secondary Button Color
    • default light-blue