Custom Emails
AttackForge has a powerful utility for generating custom-emails based on our rules-based engine.
This utility allows you to craft & send custom emails on:
  • Time-based schedule
Custom emails extend the robust notifications that already come standard with AttackForge workflows. Custom emails allow you to create your own workflows for reminders, escalations, or reporting. These are just few examples of what custom emails can bring to your organisation.
Administrators can configure custom emails from the Administration --> Configuration --> Custom Emails tab.

Custom Time-Based Emails

Custom time-based emails allow you to create, configure and send emails on a repeating frequency.
Every custom email can have it's own unique set of configuration options, including:
  • Key
    • This is used to reference this custom email rule.
  • Email Frequency
    • This is where you define the repeating frequency for this custom email.
  • Email Time
    • This is where you define which hour of the day you would like this custom email to be sent.
  • Type
    • This is where you can configure the type of email you would like to send, and the data you will have access to for each recipient.
  • Filter
    • This is where you can filter the data from the Type based on your unique requirements for this custom email.
  • Recipients
    • This is where you configure the audience for this custom email.
  • Subject
    • This is the email subject for the custom email.
  • Body
    • This is the email body for the custom email.

Email Frequencies

The following email frequencies are currently supported:
  • Daily
    • Emails will be sent each day during the selected hour
  • Weekly
    • Emails will be sent on the selected day, every week during the selected hour

Email Time

Custom time-based emails can be configured to be sent at any time during the day, during a selected hourly block.
For example, you can configure a custom email to be sent between 8AM and 9AM to ensure recipients have the information at the start of their day; or between 5PM and 6PM so that they have a summary from that day.

Type

Types will give you access to a particular set of data that can be used for the custom email.
The following types are currently supported:
  • Vulnerabilities
    • This includes data relating to the vulnerabilities, their assets, projects, and users.
The type will determine what data can be included in the Filter and also the Body.

Filter

Filter is used to select the exact dataset you would like to use for the custom email. The filter works similar to a database query, where you can specify fields & operators - these help to narrow down the results to the data you would need for the custom email.
!IMPORTANT: After data is filtered, and before it is sent to recipients - it is verified against the recipient to ensure that the recipient has privileges to access the data.
Filters support the following operators:
$and
Can be used to AND two or more conditions.
Example: Filter vulnerabilities which are Open and Critical
$and: [
{
status: { $eq: 'Open' }
},
{
priority: { $eq: 'Critical' }
}
]
$or
Can be used to OR two or more conditions.
Example: Filter vulnerabilities which are Critical or High
$or: [
{
priority: { $eq: 'Critical' }
},
{
priority: { $eq: 'High' }
}
]
$eq
Used to check that a field is equal to a value. A value can be a string, boolean, number, null or a function.
Example: Filter vulnerabilities which are Critical
{
priority: { $eq: 'Critical' }
}
$ne
Used to check that a field is not equal to a value. A value can be a string, boolean, number, null or a function.
Example: Filter vulnerabilities which are not Informational
{
priority: { $ne: 'Info' }
}
$in
Used to check that a value exists in a list. Supports an array of values.
Example: Filter vulnerabilities which have a tag 'OWASP Top 10' (Top 10 Vulnerability)
{
tags: { $in: ['OWASP Top 10'] }
}
$nin
Used to check that a value does not exist in a list. Supports an array of values.
Example: Filter vulnerabilities which do not have a tag 'OWASP Top 10' (Not a Top 10 Vulnerability)
{
tags: { $nin: ['OWASP Top 10'] }
}
$gt
Used to check that a field is greater than a value. Supports strings, numbers and functions.
Example: Filter vulnerabilities which have a likelihood of exploitation greater than 7
{
likelihood_of_exploitation: { $gt: 7 }
}
$gte
Used to check that a field is greater than or equal to a value. Supports strings, numbers and functions.
Example: Filter vulnerabilities which have a likelihood of exploitation greater than or equal to 7
{
likelihood_of_exploitation: { $gte: 7 }
}
$lt
Used to check that a field is less than a value. Supports strings, numbers and functions.
Example: Filter vulnerabilities which have a likelihood of exploitation less than 7
{
likelihood_of_exploitation: { $lt: 7 }
}
$lte
Used to check that a field is less than or equal to a value. Supports strings, numbers and functions.
Example: Filter vulnerabilities which have a likelihood of exploitation less than or equal to 7
{
likelihood_of_exploitation: { $lte: 7 }
}

$regex

Used to perform a regular expression for a field. Support Javascript regular expressions.
Example: Filter vulnerabilities which have SQL in the title, using a case insensitive search.
{
title: { $regex: /SQL/i }
}

Functions

The following functions are currently supported:
  • datetime()

datetime(timeValue, modifiers)

datetime can be used to construct a date & time and then modify it (if needed).
  • timeValue - must be either:
    • now
    • YYYY-MM-DD
    • YYYY-MM-DD HH:MM
  • modifiers - must be either:
    • +999 years
    • -999 years
    • +999 months
    • -999 months
    • +999 days
    • -999 days
    • +999 hours
    • -999 hours
    • +999 minutes
    • -999 minutes
    • start of year
    • start of month
    • start of day
Example 1: Filter vulnerabilities created greater than 'now'.
{
created: { $gt: datetime('now') }
}
Example 2: Filter vulnerabilities created greater than June 1st, 2022.
{
created: { $gt: datetime('2022-06-01') }
}
Example 3: Filter vulnerabilities created greater than UTC 12:00 on June 1st, 2022.
{
created: { $gt: datetime('2022-06-01 12:00') }
}
Example 4: Filter vulnerabilities created greater than 7 days ago.
{
created: { $gt: datetime('now', '-7 days') }
}
Example 5: Filter vulnerabilities with SLA greater than 7 days from now.
{
sla: { $gt: datetime('now', '+7 days') }
}
Example 6: Filter vulnerabilities with SLA greater than 7 days + 1 year from now. Multiple modifiers will execute in order i.e. add 7 days, then add 1 year.
{
sla: { $gt: datetime('now', '+7 days', '+1 year') }
}

Vulnerability Fields

The following fields are supported in filters for the 'Vulnerability' type:
id
The id for the vulnerability.
Example: get vulnerability with id 62a190f7793b8ccd085e0d9d
{
id: { $eq: '62a190f7793b8ccd085e0d9d' }
}
alternate_id
The alternate id for the vulnerability (set by the vulnerability code on the project).
Example: get vulnerability with alternate id GLOBEX-1
{
alternate_id: { $eq: 'GLOBEX-1' }
}
created
The created date for the vulnerability.
Example: get vulnerabilities which have been created in the past 7 days.
{
created: { $gte: datetime('now', '-7 days') }
}
modified
The modified date for the vulnerability.
Example: get vulnerabilities which have been modified in the past 7 days.
{
modified: { $gte: datetime('now', '-7 days') }
}
priority
The priority for the vulnerability. Supports Critical, High, Medium, Low & Info.
Example: get vulnerabilities which are Critical.
{
priority: { $eq: 'Critical' }
}
title
The title for the vulnerability.
Example: get vulnerabilities which have SQL in the title.
{
title: { $regex: 'SQL' }
}
zero_day
Whether the vulnerability is a zero day or not. Supports Yes or No.
Example: get vulnerabilities which are a zero day.
{
zero_day: { $eq: 'Yes' }
}
likelihood_of_exploitation
The likelihood of exploitation for a vulnerability. Supports 1, 2, 3, 4, 5, 6, 7, 8, 9, 10.
Example: get vulnerabilities which have a likelihood of exploitation greater than or equal to 7.
{
likelihood_of_exploitation: { $gte: 7 }
}
status
The status for the vulnerability. Supports Open or Closed.
Example: get all open vulnerabilities.
{
status: { $eq: 'Open' }
}
status_updated
The date when the status was last updated for the vulnerability.
Example: get vulnerabilities which have had their status change in the past 7 days.
{
status_updated: { $gte: datetime('now', '-7 days') }
}
is_retest
Whether the vulnerability is flagged for retesting or not. Supports Yes or No.
Example: get vulnerabilities which are currently flagged for retesting.
{
is_retest: { $eq: 'Yes' }
}
sla
The SLA date for the vulnerability.
Example: get open vulnerabilities which have exceeded/breached their assigned SLA by 7 days.
$and: [
{
status: { $eq: 'Open' }
},
{
sla: { $lte: datetime('now', '-7 days') }
}
]
target_remediation_date
The target remediation date for the vulnerability.
Example: get open vulnerabilities which have target remediation date exactly 7 days from now.
$and: [
{
status: { $eq: 'Open' }
},
{
target_remediation_date: { $lte: datetime('now', '+7 days') }
},
{
target_remediation_date: { $gte: datetime('now', '+6 days') }
}
]
release_date
The release date for the vulnerability.
Example: get vulnerabilities which have been released in the past 7 days.
{
release_date: { $gte: datetime('now', '-7 days') }
}
custom_tags
The custom tags for the vulnerabilities.
Example: get vulnerabilities which have a custom tag 'is_pci' and value 'Yes'.
{
custom_tags.name: { $eq: 'is_pci' },
custom_tags.value: { $eq: 'Yes' }
}
custom_fields
The custom fields for the vulnerabilities.
Example: get vulnerabilities which have a custom field 'qa_passed' and value 'Yes'.
{
custom_fields.name: { $eq: 'qa_passed' },
custom_fields.value: { $eq: 'Yes' }
}

Recipients

The recipients are the list of users who will be sent the custom email.

Vulnerability Recipients

The following vulnerability recipients are currently supported:
  • Vulnerability Creator
  • Project Team - Clients
  • Project Team - Consultants
  • Project Team - Library Moderators
  • Project Team - Project Coordinators
  • Project Team - Administrators
  • Project Team - Everyone
  • Project Group Members - Clients
  • Project Group Members - Consultants
  • Project Group Members - Library Moderators
  • Project Group Members - Project Coordinators
  • Project Group Members - Administrators
  • Project Group Members - Everyone
  • Clients
  • Consultants
  • Library Moderators
  • Project Coordinators
  • Administrators
  • Individual Groups (select groups by name)
  • Individual Users (select users by name/email)
Every vulnerability recipient will receive a personalised vulnerability list based on vulnerabilities & projects for which they have access to.

Subject

This is the subject name/title for custom email that will be delivered to recipients.

Body

This is the body/contents of the email that will be delivered to recipients. Emails are HTML enabled meaning you can include things like headings, lists, tables and images.
Every body will have different meta-tags which are supported based on the custom email type. For a full list of supported tags, please check below:

Vulnerability Metatags

  • {user.firstName} - recipient first name
  • {user.lastName} - recipient last name
  • {vulnerabilities}...{/vulnerabilities} - execute a loop for every vulnerability. Place tags below in-between these tags.
    • {vuln.id} - vulnerability id
    • {vuln.created} - vulnerability created date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
    • {vuln.modified} - vulnerability modified date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
    • {vuln.priority} - vulnerability priority. Either Critical/High/Medium/Low/Info
    • {vuln.title} - vulnerability title
    • {vuln.description} - vulnerability description
    • {vuln.attack_scenario} - vulnerability attack scenario
    • {vuln.remediation_recommendation} - vulnerability remediation recommendation
    • {vuln.proof_of_concept} - vulnerability proof of concept / steps to reproduce
    • {vuln.status} - vulnerability status. Either Open/Retest/Closed
    • {vuln.status_updated} - vulnerability status last updated date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
    • {vuln.tags} - list of vulnerability tags. Displayed in unordered list format <ul><li>[tag]</li></ul>
    • {vuln.zero_day} - vulnerability zero day status. Either Yes or No
    • {vuln.likelihood_of_exploitation} - vulnerability likelihood of exploitation. Displayed in format 1/10...10/10.
    • {vuln.notes} - notes associated with the vulnerability. Each note is displayed in a new paragraph e.g. <p>[note]</p>
    • {vuln.test_cases} - list of vulnerability test cases. Displayed in unordered list format <ul><li>[test_case]</li></ul>
    • {vuln.alternate_id} - vulnerability alternative id (from project vulnerability code)
    • {vuln.sla} - vulnerability sla date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
    • {vuln.target_remediation_date} - vulnerability target remediation date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
    • {vuln.release_date} - vulnerability release date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
    • {vuln.cvssv3} - vulnerability CVSSv3 score e.g. 7.6
    • {vuln.cvssv3_vector} - vulnerability CVSSv3 vector e.g. CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
    • {vuln.cvssv3_base_score} - vulnerability CVSSv3 base score e.g. 7.1
    • {vuln.cvssv3_temporal_score} - vulnerability CVSSv3 temporal score e.g. 7.6
    • {vuln.cvssv3_environmental_score} - vulnerability CVSSv3 environmental score e.g. 6.9
    • {vuln.custom_tag_[name]} - vulnerability custom tag. Replace [name] with the name for your custom tag.
    • {vuln.custom_field_[key]} - vulnerability custom field. Replace [key] with the key for your custom field.
    • {vuln.library_id} - linked vulnerability library write-up id
    • {vuln.library_created} - linked vulnerability library write-up created date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
    • {vuln.library_modified} - linked vulnerability library write-up modified date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
    • {vuln.library_code} - linked vulnerability library write-up code
    • {vuln.library_tags} - linked vulnerability library write-up tags. Displayed in unordered list format <ul><li>[tag]</li></ul>
    • {vuln.library_import_source} - linked vulnerability library write-up import source
    • {vuln.library_import_source_id} - linked vulnerability library write-up import source id
    • {vuln.library_custom_tag_[name]} - linked vulnerability library write-up custom tag. Replace [name] with the name for your custom tag.
    • {vuln.library_custom_field_[key]} - linked vulnerability library write-up custom field. Replace [key] with the key for your custom field.
    • {vuln.asset} - vulnerability asset name
    • {vuln.asset_id} - vulnerability asset library id
    • {vuln.asset_created} - vulnerability asset library created date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
    • {vuln.asset_modified} - vulnerability asset library modified date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
    • {vuln.asset_external_id} - vulnerability asset library external id
    • {vuln.asset_type} - vulnerability asset library type
    • {vuln.asset_details} - vulnerability asset library details
    • {vuln.asset_custom_tag_[name]} - vulnerability asset library custom tag. Replace [name] with the name for your custom tag.
    • {vuln.asset_custom_field_[key]} - vulnerability asset library custom field. Replace [key] with the key for your custom field.
    • {vuln.user_id} - vulnerability creator user id
    • {vuln.user_first_name} - vulnerability creator user first name
    • {vuln.user_last_name} - vulnerability creator user last name
    • {projects}...{/projects} - execute a loop for every linked project for this vulnerability. Place tags below in-between these tags.
      • {vuln.project_id} - vulnerability linked project id
      • {vuln.project_created} - vulnerability linked project created date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
      • {vuln.project_modified} - vulnerability linked project modified date in DAY MONTH DATE YEAR format e.g. Sat July 02 2022
      • {vuln.project_name} - vulnerability linked project name
      • {vuln.project_code} - vulnerability linked project code
      • {vuln.project_start_date} - vulnerability linked project start date
      • {vuln.project_end_date} - vulnerability linked project end date
      • {vuln.project_vuln_link} - link to the vulnerability page on the project in AttackForge. Displayed as a hyperlink with text View
      • {vuln.project_link} - link to the project dashboard for the vulnerability on the project in AttackForge. Displayed as a hyperlink with text View
      • {vuln.project_custom_tag_[name]} - vulnerability linked project custom tag. Replace [name] with the name for your custom tag.
      • {vuln.project_custom_field_[key]} - vulnerability linked project custom field. Replace [key] with the key for your custom field.

Examples

Example 1
The following example is used to notify customers/engineers, security team administrators & compliance team about vulnerabilities they have access to for which the SLA will be exceeded/breached in exactly 7-days from now.

Type

Vulnerabilities

Filter

{
$and: [
{
status: { $eq: 'Open' }
},
{
sla : { $lte: datetime('now', '+7 days') }
},
{
sla: { $gte: datetime('now', '+6 days') }
}
]
}

Recipients

  • Project Team - Clients
  • Project Group Members - Clients
  • Administrators
  • Compliance Team (Group)

Subject

Vulnerability SLA Breaches In 7-days

Body

<p style="text-align: center; font-size: 20px;"><b>Vulnerability SLA Breaches In 7-days</b></p>
<p>Hi {user.firstName},</p>
<p>The following vulnerabilities will breach their SLAs in 7-days.<p>
<p>Please ensure you have reached out to the security team to schedule a retest, or discuss remediation plan.</p>
<p>
<table>
<tr>
<th style="width: 30%; text-align: left;">Vulnerability</th>
<th style="width: 10%; text-align: left;">Priority</th>
<th style="width: 10%; text-align: left;">SLA</th>
<th style="width: 50%; text-align: left;">Projects</th>
</tr>
{vulnerabilities}
<tr style="vertical-align: text-top;">
<td>{vuln.title}</td>
<td>{vuln.priority}</td>
<td>{vuln.sla}</td>
<td><ul>{projects}<li>{vuln.project_name} - {vuln.project_vuln_link}</li>{/projects}</ul></td>
</tr>
{/vulnerabilities}
</table>
</p>

Output

The following email will be sent to customers/engineers, security team administrators & compliance team with personalised vulnerability list based on vulnerabilities & projects for which they have access to.