AttackForge Community
AttackForge Enterprise & AttackForge Core
Configuration Options
AttackForge Enterprise - Supported Tenant Configuration Options
AttackForge Core & Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.
The list of supported configuration options is included below and regularly updated.
You can access most of the configurations options via Administration module.
Whitelabel
- Custom domain for accessing the application
- Custom domain for all emails
- default [email protected]
Security
- Whitelisted domains for self-registration via local accounts
- default None
- Session length
- default 30 minutes
- Simultaneous user sessions allowed
- default Disabled
- Custom blacklist for file upload extensions
Users
- Local account login
- default Enabled
- SSO login
- default Disabled
- Local account self-registration
- default Enabled
- Admins require AF MFA on login via SSO
- default Disabled
- Enable self-password reset workflow
- default Enabled
- Auto-redirect to SSO login on visiting application login page (recommended for SSO-integration tenants with Just-In-Time User Registration)
- default Disabled
Emails
- Enable/Disable emails
- default Enabled
- Custom Email Template Header
- Custom Email Template Body Style
- Custom Email Template Footer
- Email project team when a project is On-Hold
- default Enabled
- Email project team when a project is Off-Hold
- default Enabled
- Email project team on Daily Start & Stop Testing Notifications
- default Enabled
- Email group members with project invites to their groups' projects, after they have been added to a group
- default Disabled
- Email user on change of IP address from last login
- default Enabled
- Custom Email Subject Name for all New Manually Created/Invited Users
- Custom Email Body for all New Manually Created/Invited Users
- Custom email body for daily start/stop testing email notifications
- Custom additional email addresses for daily start/stop testing email notifications
- default None
- Custom default email body for project team email notifications e.g. new critical vulnerability
- Custom default additional email addresses for project team email notifications
- default None
Modules
- Assets Library Module
- default Disabled
- Project Request Workflow
- default Enabled
Assets
- Display 'Asset Type' Field on Assets?
- default Yes
- Assets 'Asset Type' Field Label
- default Asset Type
- Assets 'Asset Type' Field Required?
- default Yes
- Assets 'Asset Type' Field Options
- defaults:
- Web App
- API
- Mobile
- Cloud
- Infrastructure
- Network
- Wifi
- Hardware
- Other
- Display 'Asset ID' Field on Assets?
- default Yes
- Assets 'Asset ID' Field Label
- default Asset ID
- Assets 'Asset ID' Field Placeholder
- default Enter Asset ID
- Assets 'Asset ID' Field Required?
- default No
- Display 'Asset Details' Field on Assets?
- default Yes
- Assets 'Asset Details' Field Label
- default Asset Details
- Assets 'Asset Details' Field Placeholder
- default Enter Details for the Asset...
- Assets 'Asset Details' Field Required?
- default No
- Display 'Associated Groups' Field on Assets?
- default Yes
Projects
- Custom fields & forms for Project Requests
- Custom fields & forms for Projects
- Project Request 'Project Name' Field Sort Order
- default None
- Project Request 'Project Name' Field Label
- default Project Name
- Project Request 'Project Name' Field Placeholder
- default E.g. Corporate Website Pentest
- Project Request 'Assets to be Tested (Scope)' Field Sort Order
- default None
- Project Request 'Assets to be Tested (Scope)' Field Label
- default Assets to be Tested (Scope)
- Project Request 'Assets to be Tested (Scope)' Field Placeholder
- default Select asset(s)
- Display 'Project Code' Field on Project Requests?
- default Yes
- Project Request 'Project Code' Field Sort Order
- default None
- Project Request 'Project Code' Field Label
- default Project Code
- Project Request 'Project Code' Field Placeholder
- default E.g. CODE001
- Display 'Associated Groups' Field on Project Requests?
- default Yes
- Project Request 'Associated Groups' Field Sort Order
- default None
- Project Request 'Associated Groups' Field Label
- default Associated Groups
- Project Request 'Associated Groups' Field Placeholder
- default Select group(s)
- Display 'Reason Testing Is Required (Justification)' Field on Project Requests?
- default Yes
- Project Request 'Reason Testing Is Required (Justification)' Field Sort Order
- default None
- Project Request 'Reason Testing Is Required (Justification)' Field Label
- default Reason Testing Is Required (Justification)
- Project Request 'Reason Testing Is Required (Justification)' Field Placeholder
- default E.g new application, annual pentest, etc.
- Display 'Testing to be Performed' Field on Project Requests?
- default Yes
- Project Request 'Testing to be Performed' Field Sort Order
- default None
- Project Request 'Testing to be Performed' Field Label
- default Testing to be Performed
- Project Request 'Testing to be Performed' Field Placeholder
- default Select test type(s) to be performed
- Project Request 'Testing to be Performed' Field Type
- default Multi-Select
- Display 'Desired Start Date' Field on Project Requests?
- default Yes
- Project Request 'Desired Start Date' Field Sort Order
- default None
- Project Request 'Desired Start Date' Field Label
- default Select a date
- Project Request 'Desired Start Date' Field Placeholder
- default Desired Start Date
- Display 'Desired Completion Date' Field on Project Requests?
- default Yes
- Project Request 'Desired Completion Date' Field Sort Order
- default None
- Project Request 'Desired Completion Date' Field Label
- default Desired Completion Date' Field
- Project Request 'Desired Completion Date' Field Placeholder
- default Select a date
- Display 'Desired Test Window' Field on Project Requests?
- default Yes
- Project Request 'Desired Test Window' Field Sort Order
- default None
- Project Request 'Desired Test Window' Field Label
- default Desired Test Window
- Project Request 'Desired Test Window' Field Placeholder
- default Select an option
- Display 'Onsite Testing Required?' Field on Project Requests?
- default Yes
- Project Request 'Onsite Testing Required?' Field Sort Order
- default None
- Project Request 'Onsite Testing Required?' Field Label
- default Onsite Testing Required?
- Default ReportGen Project Custom Tags
- default None
- Default / Placeholder Executive Summary for New Projects
- default None
- Display 'Organization Code' field in Project Requests & New Project Creation forms. Also displays a new column on Projects table.
- default Disabled
- Give project coordinators access to all new created projects
- default Disabled
- Custom value for Project Code in the UI
- default Project Code
- Default value for Project Name field when creating a new project
- default None
- Default value for Project Code field when creating a new project
- default None
- Default value for Scoring System field when creating a new project
- default CVSSv3.1 Baseline
- Default Project Groups when creating a new project
- default None
- Default Project Team Notifications (e.g. New Critical Vuln, New High Vuln, etc.) when creating a new project
- default None
- Default Project Admin Notifications (e.g. Vulnerability Ready for Retesting, Vulnerability Closed, etc.) when creating a new project
- default None
- Replace Likelihood of Exploitation with CVSS Score in Project Vulnerabilities pages/tables
- default Disabled
Vulnerabilities
- Custom fields & forms for Vulnerability Library templates
- Custom fields & forms for Vulnerabilities
- Default ReportGen Vulnerability Library Custom Tags
- default None
- Default ReportGen Vulnerability Custom Tags
- default None
- Enable Zero-Day (0-day) Field For Vulnerabilities
- default Enabled
- Enable CIA ratings in the Vulnerability Library
- default Enabled
- Enable Severity Field in the Vulnerability Library
- default Enabled
- Enable Likelihood of Exploitation Field in the Vulnerability Library
- default Enabled
- Enable CVSS Scoring Fields in the Vulnerability Library
- default Enabled
- Rich-Text Editor or Text Area for Steps to Reproduce (POC) for project vulnerabilities
- default Rich-Text Editor
- Text area will disable HTML conversion in reports & exports – to allow for verbatim POCs
- Default Steps to Reproduce (Proof of Concept) for all new vulnerabilities on a project
- default Empty
- Default Notes for all new vulnerabilities on a project
- default None
- Default option for whether a new vulnerability is Visible or Pending – depending on your QA workflow
- default Visible
Reporting
- Default ReportGen Individual Report Template
- default None
- Disable ReportGen Group Reports
- default No
- Disable default reports (PDF/DOCX/HTML) for all users – to force use of On-Demand ReportGen reports
- default Enabled
- Disable default reports (PDF/DOCX/HTML) for just client users – to force use of On-Demand ReportGen reports
- default Enabled
- Enable Password-Protection for all PDF Reports. Prior to download, user will be prompted to enter in strong password
- default Disabled
Libraries
- Imported Vulnerabilities Library - Allowed Users & Roles
- default Everyone
- Project Vulnerabilities Library - Allowed Users & Roles
- default Everyone
- Custom Vulnerability Libraries with Access Controls
- default None
Integrations
- Enable Slack
- default Disabled
- Enable Teams
- default Disabled
- Enable Discord
- default Disabled
Miscellaneous
- Support for US date format e.g. MM/dd/YYYY
- default Disabled
- Support for Middle-East work week e.g. Sunday to Thursday when requesting a new project
- default Disabled
AttackForge Enterprise & AttackForge Core - Previous
Access Control Matrix
Next - AttackForge Enterprise & AttackForge Core
Raising Support Tickets
Last modified 18d ago