Custom Fields & Forms
Last updated
Last updated
Check YouTube for more tutorials: https://youtube.com/@attackforge
AttackForge supports ability to create custom fields & forms. This can help to capture information which is relevant to your organization and customers.
Custom fields can be accessed in the application, in reports and also via the Self-Service APIs.
You can create custom fields & forms for the following:
Project Request
Project
Writeups
Vulnerabilities
Assets
Portfolios
Test Cases
Project Test Cases
Reporting
Project Pages
To set custom fields, you must be an Administrator. Start by clicking on Administration
module, then click on any of the following sections:
Portfolios
Projects
Project Requests
Vulnerabilities
Test Cases
Reporting
Pages
Assets
Writeups
Test Suites
AttackForge supports custom Sections
which can be used to group custom fields together in the form.
AttackForge supports the following custom field types:
Input field
Text Area
Select
Multi-Select
List
Datepicker
Datetimepicker
Table
Rich-Text
User Select
User Multi-Select
Group Select
Group Multi-Select
Input fields display a single-line input box within the relevant forms.
When creating an input field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Placeholder Value - This is the default value that will be displayed in the forms.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
Text area fields display multi-line input box within the relevant forms. Text area can be resized by the user within the form if additional space is needed. This option is useful if user is required to enter paragraphs of text.
When creating a text area field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Placeholder Value - This is the default value that will be displayed in the forms.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
Select fields display a drop-down menu with a single item select within the relevant forms. User can only select one option.
When creating a select field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Default Select Option - This is the default option that will be selected on the forms.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
Add Select Option - this button will create a new option for the menu. The menu must have at least one option.
Option - The option is the text that will be displayed in the drop-down menu within the form.
Value - The value is the data that will represent this option when it is selected by a user.
Multi-select fields displays a drop-down menu with a multi-item select within the relevant forms. User can select one or more options.
When creating a multi-select field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Default Select Options - This is the default options that will be selected on the forms. You can specify multiple options by separating each option with a comma e.g. pcidss,hipaa
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
Add Select Option - this button will create a new option for the menu. The menu must have at least one option.
Option - The option is the text that will be displayed in the drop-down menu within the form.
Value - The value is the data that will represent this option when it is selected by a user.
List fields display an input field with an option to add additional rows of input fields, similar to when typically adding tags.
When creating a list field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
The datepicker fields display a calendar where the user can select a single date.
When creating a datepicker field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Placeholder Date - This is the default date that will be displayed in the forms.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
The datetimepicker fields display a calendar where the user can select a single date and enter in a time.
When creating a datetimepicker field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Placeholder Date - This is the default date that will be displayed in the forms.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
The table field displays ability to define columns, where the user can then create rows of data against these columns.
When creating a table field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Label - This is the label that will be displayed in the form for this table.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the table is mandatory or optional in the forms.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
You can then add columns by clicking Add Column. Each column has the following options:
Type - Input field, Text Area, Select, Multi-Select or Datepicker
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Default Value / Selected Options - depending on the Type, this will allow you to specify default selected options/value for this field.
Label - This is the label that will be displayed in the form for this table.
Required - This is used to determine whether the table is mandatory or optional in the forms.
The form will present all of the columns (fields) for the user to enter, and ability to add rows.
Rich-Text fields display a multi-line WYSIWYG input box within the relevant forms.
When creating an rich-text field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Placeholder Value - This is the default value that will be displayed in the forms.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
User Select fields display a drop-down menu with a single item select within the relevant forms.
The user will be able to select a single user in the application from the drop-down list.
!IMPORTANT: This field type is restricted to access controls. An access control must be applied in order for this field type to be set. Any user with View privileges to this field will be able to view the input user and their profile. Any user with Edit privileges will be able to see all users in the system, including their first name, last name and email address. This is required in order to be able to select a user from the system.
When creating a user select field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Default Select Option - This is the default option that will be selected on the forms.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
User Multi-Select fields display a drop-down menu with a multi item select within the relevant forms.
The user will be able to select multiple users in the application from the drop-down list.
!IMPORTANT: This field type is restricted to access controls. An access control must be applied in order for this field type to be set. Any user with View privileges to this field will be able to view the input user and their profile. Any user with Edit privileges will be able to see all users in the system, including their first name, last name and email address. This is required in order to be able to select a user from the system.
When creating a user multi-select field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Default Select Option - This is the default option that will be selected on the forms.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
Group Select fields display a drop-down menu with a single item select within the relevant forms.
The user will be able to select a single group in the application from the drop-down list.
!IMPORTANT: This field type is restricted to access controls. An access control must be applied in order for this field type to be set. Any user with View privileges to this field will be able to view the input group name. Any user with Edit privileges will be able to see all groups in the system. This is required in order to be able to select a group from the system.
When creating a group select field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Default Select Option - This is the default option that will be selected on the forms.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
Group Select fields display a drop-down menu with a multi item select within the relevant forms.
The user will be able to select multiple groups in the application from the drop-down list.
!IMPORTANT: This field type is restricted to access controls. An access control must be applied in order for this field type to be set. Any user with View privileges to this field will be able to view the input group name. Any user with Edit privileges will be able to see all groups in the system. This is required in order to be able to select a group from the system.
When creating a group select field, the following options are available:
Key - This the name of the field (e.g. database field name). This is the reference you will use when referring to this field in the JSON export, ReportGen or via the Self-Service API. The key must be unique, and is limited to alpha-numeric and underscores only.
Default Select Option - This is the default option that will be selected on the forms.
Label - This is the label that will be displayed in the form for this field, as well as in the data tables.
Info - This is a custom information message that will display to the user when they have selected the field or are entering information into the field.
Required - This is used to determine whether the field is mandatory or optional in the forms.
Display in Tables - This is used to determine whether the field will be displayed as a new column in the relevant tables within the application.
Hide Condition - This is used to create a condition to hide the field, until such condition is met. See Hide Conditions for more details.
Access Controls - This is used to configure which Roles, Groups or Users will have access to see or modify this field and its data.
Hide expressions or conditions are used to hide a custom field or custom section until some condition is met.
Using the example below, let's say we have two (2) custom fields for a project request:
project_type - this field allows the person requesting the project to pick what type of project they are requesting, for example a web app pentest, vulnerability scan, code review, etc.
application_url - this field is used to capture the URL for the application IF the person is requesting a web app pentest.
Let's say we want to hide the application_url field until the user has selected 'Web App Pentest' from the project_type select menu.
We would enter the following hide condition into the application_url field:
This hide condition states: Hide this field WHILE project_type is NOT EQUAL to web_app_pentest
As a result, the project request form will not show this field until the user has selected 'Web App Pentest' as the type of assessment they are requesting.
Hide conditions support additional logical expressions, such as:
This hide condition states: Hide this field WHILE project_type is NOT EQUAL to web_app_pentest AND project_type is NOT EQUAL to vuln_scan
This is useful if we want this field to display on either a Web App Pentest or Vulnerability Scan.
This hide condition states: Hide this field WHILE project_type is EQUAL to web_app_pentest
This hide condition states: Hide this field WHILE project_type is NOT EQUAL to web_app_pentest AND company_name is not empty i.e. user has entered a value for company name field
Another example is showing a field "WEB APP Q1" only when a user selects "Web App" from another field. This example works for both Select & Multi-Select.
You can refer to fields using the following syntax:
core.<key> - refers to a system field with a well-known key (see sections below)
custom.<key> - refers to a custom field with a user-defined key
!IMPORTANT: For Vulnerability Custom Fields - you can also refer to project custom fields. The syntax works as follows:
project.core.<key> - refers to a project system field from a vulnerability custom field hide expression.
project.custom.<key> - refers to a project custom field with a user-defined key from a vulnerability custom field hide expression.
!IMPORTANT: For Project Test Case Custom Fields - you can also refer to project and test case (from test suite) custom fields. The syntax works as follows:
project.core.<key> - refers to a project system field from a vulnerability custom field hide expression.
project.custom.<key> - refers to a project custom field with a user-defined key from a vulnerability custom field hide expression.
test_case.core.<key> - refers to a test case system field from a project test case custom field hide expression.
test_case.custom.<key> - refers to a test case custom field with a user-defined key from a project test case custom field hide expression.
NOT or ! - used to negate an expression. For example !(core.<key> === "...")
AND or && - used to and multiple expressions. For example core.<key> === "..." AND core.<key> === "..."
OR or || - used to or multiple expressions. For example core.<key> === "..." OR core.<key> === "..."
== - used to check for equivalency. For example core.<key> == "..."
=== - used to check for equality. For example core.<key> === "..."
!== - used to check for not equivalency. For example core.<key> !== "..."
> - used to check for greater-than comparison. For example core.<key> > 10
< - used to check for less-than comparison. For example core.<key> < 10
>= - used to check for greater-than-or-equals comparison. For example core.<key> >= 10
<= - used to check for less-than-or-equals comparison. For example core.<key> <= 10
( ) - used to group statements together. For example ((core.<key> === "...") AND (core.<key> === "...")) OR ((core.<key> === "...") AND (core.<key> == "..."))
Refers to a string value.
Example: Project Request "name" System Field
This rule will hide the field until the project name on the project request has at least 1 character filled in.
This rule will show the field until the project name on the project request has at least 1 character filled in.
This rule will hide the field until the project name on the project request is exactly "Project Name".
This rule will show the field until the project name on the project request is exactly "Project Name".
Refers to a string array / array of strings.
Example: Project Request "testing_to_be_performed" System Field
This rule will hide the field until the user has selected a particular service / test type.
It works as follows:
core.testing_to_be_performed == undefined OR core.testing_to_be_performed.length < 1
Hide the field if user has not selected any test types
|| core.testing_to_be_performed.length > 0 AND core.testing_to_be_performed.indexOf("62e0d2b6e326df35c2a4bdf4") < 0
Hide the field if user has selected a test type(s), but the test type(s) does not contain the ID of a particular test suite e.g. 62e0d2b6e326df35c2a4bdf4. Note you can get the ID of a test suite by checking the URL when visiting the test suite in the Test Suites module.
ISO date time
Refers to a datetime in ISO format e.g. YYYY-MM-DD-Thh:mm:ss.mmmZ
Example: Project "start_date" System Field
This rule will hide the field until the user has selected a date greater than 1st of January 2023.
Refers to an integer i.e. 1, 2 or 10
Example: Vulnerability "exploitability" System Field
This rule will hide the field until the user has selected a Likelihood of Exploitation greater than or equal to 5.
Refers to a boolean i.e. true or false
Example: Vulnerability "zero_day" System Field
This rule will hide the field until the user has selected Yes for Is Zero Day? field.
name (string | undefined)
code (string | undefined)
org_code (string | undefined)
start_date (ISO date time | undefined)
end_date (ISO date time | undefined)
timeframe (ISO date time | undefined, ISO date time | undefined)
linked_groups (string[] | undefined)
group_ids (string[] | undefined)
group_names (string[] | undefined)
linked_portfolio_streams (string[portfolioId/streamId] | undefined)
test_suite_ids (string[] | undefined)
test_suite_names (string[] | undefined)
vuln_scoring_system ('CVSS v3.1 Baseline' | 'CVSS v3.1 Baseline + Temporal' | 'CVSS v3.1 Baseline + Temporal + Environmental' | undefined)
vuln_code (string | undefined)
sla_apply_method ('Automatic' | 'Manual' | undefined)
name (string | undefined)
code (string | undefined)
linked_groups (string[] | undefined)
onsite_testing_required ('Yes' | 'No' | undefined)
reason_testing_is_required (string | undefined)
desired_test_window ('Mon-Fri (Business Hours)' | 'Mon-Fri (Non-Business Hours)' | 'Weekends (Sat/Sun)' | undefined)
testing_to_be_performed (string[] | string | undefined)
scope (string[] | undefined)
desired_start_date (string | undefined)
desired_end_date (string | undefined)
org_code (string | undefined)
writeup_library (object | undefined)
name (string)
key (string)
type ('system' | 'custom')
writeup (object | undefined)
id (string)
name (string)
asset_names (string[])
zero_day (true | false | undefined)
visibility_to_project_team (true | false | undefined)
priority ('Critical' | 'High' | 'Medium' | 'Low' | 'Info' | undefined)
exploitability (number | undefined)
steps_to_reproduce (string | undefined)
notes (string[] | undefined)
tags (string[] | undefined)
associated_test_cases (string[] | undefined)
project.core.<key> - refer to a project system field
project.custom.<key> - refer to a project custom field
library (object | undefined)
type ('system' | 'custom')
key (string)
import_source (string | undefined)
import_source_id (string | undefined)
template (string | undefined)
title (string | undefined)
description (string | undefined)
attack_scenario (string | undefined)
remediation_recommendation (string | undefined)
severity (number | undefined)
exploitability (number | undefined)
impact_on_confidentiality ('High' | 'Medium' | 'Low' | 'None' | undefined)
impact_on_integrity ('High' | 'Medium' | 'Low' | 'None' | undefined)
impact_on_availability ('High' | 'Medium' | 'Low' | 'None' | undefined)
tags (string[] | undefined)
name (string | undefined)
type (string | undefined)
id (string | undefined)
details (string | undefined)
linked_groups (string[] | undefined)
name (string | undefined)
code (string | undefined)
description (string | undefined)
level1_owner (string | undefined)
level2_owner (string | undefined)
level3_owner (string | undefined)
tags (string[] | undefined)
test_case (string | undefined)
details (string | undefined)
code (string | undefined)
execution_flow ({ title: string, details: string }[] | [])
tags (string[] | [])
status ('Tested', 'Not Tested', 'Testing In Progress', 'Not Applicable' | undefined)
assigned_to (string | undefined)
project.core.<key> - refer to a project system field
project.custom.<key> - refer to a project custom field
test_case.core.<key> - refer to a test case system field
test_case.custom.<key> - refer to a test case custom field
From the Administration
module, click on Projects -> Project Requests
then click on Add Custom Field in Project Requests section.
Add the custom fields you would like displayed in the forms and tables. Set the options as required for each field, then click Update.
You can view the custom fields in the following forms, pages and tables:
Request a New Project / Edit Project Request forms
Viewing a Project Request page
Approve Project Request with Updates form
Pending Requests table in Projects Module
Actioned Requests table in Projects Module
From the Administration
module, click on Projects
then click on Add Custom Field in Projects section.
Add the custom fields you would like displayed in the forms and tables. Set the options as required for each field, then click Update.
You can view the custom fields in the following forms, pages and tables:
Create New Project / Edit Project forms
Approve Project Request form
Project Dashboard
Projects and Archived Projects tables in Projects Module
Viewing projects in reports
From the Administration
module, click on Writeups
then click on Add Custom Field.
Add the custom fields you would like displayed in the forms and tables. Set the options as required for each field, then click Update.
You can view the custom fields in the following forms, pages and tables:
Create a New Writeup / Edit Writeup forms
Viewing a writeup in the library
Viewing a vulnerability on a project
Writeups tables in Writeups Module
Viewing writeups in reports
From the Administration
module, click on Projects -> Vulnerabilities
then click on Add Custom Field.
Add the custom fields you would like displayed in the forms and tables. Set the options as required for each field, then click Update.
You can view the custom fields in the following forms, pages and tables:
Create a New Vulnerability / Edit Vulnerability forms
Viewing a vulnerability on a project
Vulnerabilities tables
Viewing vulnerabilities in reports
From the Administration
module, click on Assets
then click on Add Custom Field.
Add the custom fields you would like displayed in the forms and tables. Set the options as required for each field, then click Update.
You can view the custom fields in the following forms, pages and tables:
Create or Update an Asset within Asset Module
Viewing an Asset within Assets module
Assets table
Viewing assets in reports
From the Administration
module, click on Portfolios
then click on Add Custom Field.
Add the custom fields you would like displayed in the forms and tables. Set the options as required for each field, then click Update.
You can view the custom fields in the following forms, pages and tables:
Create or Update a Portfolio within Portfolios Module
Viewing a portfolio
Portfolios table
From the Administration
module, click on Test Suites
then click on Add Custom Field.
Add the custom fields you would like displayed in the forms and tables. Set the options as required for each field, then click Update.
You can view the custom fields in the following forms, pages and tables:
Create or Update a Test Case within Test Suites Module
Viewing test cases on a test suite
Viewing test cases on a project
Viewing test cases in reports
From the Administration
module, click on Projects -> Test Cases
then click on Add Custom Field.
Add the custom fields you would like displayed in the forms and tables. Set the options as required for each field, then click Update.
You can view the custom fields in the following forms, pages and tables:
Update a Test Case on a project
Viewing test cases on a project
Viewing test cases in reports
From the Administration
module, click on Projects -> Reporting
then click on Add Custom Field.
Add the custom fields you would like displayed in the forms and tables. Set the options as required for each field, then click Update.
You can view the custom fields in the following forms and pages:
Reporting section on a project
Viewing reporting fields in reports
From the Administration
module, click on Projects -> Pages
then click on Add Custom Field.
Add the custom fields you would like displayed in the forms and tables. Set the options as required for each field, then click Update.
You can view the custom fields in the following forms and pages:
Summary page on a project
Viewing summary page fields in reports
When setting up your project request custom fields & project custom fields, you may wish to have come data from the project request captured and stored on the project as well. This can be achieved using the Linked Project Key on the Project Request custom fields.
The following example will:
create a custom field on Projects to capture project status notes "project_notes".
create a custom field on Project Requests to capture additional notes from the customer "customer_notes".
Map the additional notes from the customer "customer_notes" to the project status notes "project_notes" when the request is getting approved and project is getting set up.
You can create and update custom fields using the Self-Service APIs and the import vulnerabilities application API.
Custom fields do not need to be configured in the administration settings in order to be created or updated via the APIs. However, if the custom field Key matches one that is already defined in the admin settings, it will be automatically typed to that setting when presented in the user interface.
When importing custom fields, you must supply a Key and a Value for each custom field as follows:
The Key must meet the following conditions:
is lowercase letters, uppercase letters, numbers or underscores.
cannot start with underscore.
The Value must meet the following conditions:
is String, String Array, or Array of Objects
Strings are used to store data for Input, Text Area, Date-picker, Rich-Text and Select fields.
An example of a custom field with a string is as follows:
If intending to use the data for a Date-picker, you must supply it as a UTC string e.g. 2021-06-03T23:15:33.008Z
String Arrays are used to store data for Multi-Select, User Select, User Multi-Select, Group Select, Group Multi-Select fields.
An example of a custom field with a string array is as follows:
Array of Objects are used to store data in tabular format for Table fields.
Every object is considered a row of data.
Every key in the object is considered a column of data.
Therefore a 2x2 table:
hello
goodbye
goodbye
hello
Can be represented as follows:
The objects must have a Key and Value.
The Key must meet the following conditions:
is lowercase letters, uppercase letters, numbers or underscores.
cannot start with underscore.
The Value must meeting the following conditions:
is String or String Array
You can also delete a custom field by passing null to the Value as follows:
You can set custom fields for well-known system fields which provide additional functionality in AttackForge.
The following system field can be used to create a template steps to reproduce / proof of concept that will be automatically copied to the POC field when creating a new vulnerability.
Vulnerability Library Custom Field - af_sys_steps_to_reproduce
To set up this custom system field, go to Administration -> Writeups -> Custom Fields
and create a Text Area field with a key af_sys_steps_to_reproduce
Now when that writeup is selected when adding a new vulnerability on a project, the template steps to reproduce / proof of concept will be automatically copied to the Steps to Reproduce field.