Notifications

Overview

AttackForge includes email notifications to help keep everyone informed on testing progress.

Notify Team I Have Started / Stopped Testing

For project team members with Edit access e.g. pentesters/consultants, they can inform the project team by email every day when they start or stop testing.
To do this, from the project dashboard menu - select Send Daily Commencement Email to inform the project team you have started testing; and Send Daily Completion Email to inform the project team you have stopped testing.

Custom Email Notifications on Daily Start & Stop Testing

When creating or updating a project, you can set a custom email body for the daily start & stop testing notifications which are sent to the project team. You can also send the emails to additional recipients which are not already on the project team, for example SOC teams.
When creating a custom email body, ensure to include all HTML tags as the emails will be sent in HTML format. You can adjust the standard template which is already pre-loaded in the form for you.
The following meta tags will map to the following details when the email is sent:
    {firstName} - this will include the firstName of the project team member. For Additional email recipients who are not on the project team, this field will be skipped.
    {consultant} - this is the first name & last name of the consultant who is sending the daily email.
    {started_or_stopped_testing} - this will be either 'Started Testing' or 'Stopped Testing' depending on the daily email action being performed.
    {projectName} - this will be the name of the project.
    {scope} - this is the scope on the project. It is presented as an unordered list.

Notify Team On New Vulnerabilities

When creating a new project, you can choose to send emails to the project team when a new vulnerability is discovered. The email can be triggered on Critical, High, Medium, Low or Informational vulnerabilities, or any combination. The email does not include any vulnerability data other than the title and priority.

Custom Email Notifications on New Vulnerabilities

When creating or updating a project, you can set a custom email body for the new vulnerability notifications which are sent to the project team. You can also send the emails to additional recipients which are not already on the project team, for example SOC teams.
When creating a custom email body, ensure to include all HTML tags as the emails will be sent in HTML format. You can adjust the standard template which is already pre-loaded in the form for you.
The following meta tags will map to the following details when the email is sent:
    {firstName} - this will include the firstName of the project team member. For Additional email recipients who are not on the project team, this field will be skipped.
    {consultant} - this is the first name & last name of the consultant who is sending the daily email.
    {projectName} - this will be the name of the project.
    {priority} - this is the priority of the vulnerability i.e. Critical, High, Medium, Low, Info.
    {title} - this is the title of the vulnerability.
    {asset} - this is the affected asset for the vulnerability.
    {likelihood_of_exploitation} - this is the likelihood of exploitation for the vulnerability. It is a number between 1 to 10.
    {is_zeroday} - this is either Yes or No depending on if the vulnerability is a Zero-Day (0-day) or not.
    {description} - this is the description of the vulnerability.
    {attack_scenario} - this is the attack scenario of the vulnerability.
    {remediation_recommendation} - this is the remediation recommendation for the vulnerability.
    {proof_of_concept} - this is the proof of concept / steps to reproduce the vulnerability. This is rendered in full HTML.
    {notes} - this is the notes for the vulnerability.
    {tags} - this is the tags for the vulnerability. It is presented as an unordered list.

Notify Administrators on Vulnerability Events

When creating a new project, you can choose to send emails to the Administrators when a vulnerability status is changed on the project. The email can be triggered on a vulnerability being flagged as Ready for Retesting; a vulnerability which has been Closed; or a vulnerability which has been Re-Opened. The email does not include any vulnerability data other than the title, priority and status.

Configuring Email Notifications

Project Team members can receive emails related to events on the project, for example testing has started/stopped or new vulnerabilities have been found.
Admins can configure these options per project team member, via Manage Access section on the project.
The following email notifications can be configured per project team member:
    All Emails
    No Emails
    Daily Start/Stop Testing Email
    New Critical Vulnerability Discovered
    New High Vulnerability Discovered
    New Medium Vulnerability Discovered
    New Low Vulnerability Discovered
    New Info Vulnerability Discovered
    Project Role Has Been Updated
    Project is On-Hold / Off-Hold
    Retest Has Been Completed
!IMPORTANT: emails are only sent to project team members. Users with Group-based access to the project will not receive project emails.
!IMPORTANT: for the New Vulnerability email to be sent to a project team member, this must first be enabled in the projects' settings.
Last modified 5mo ago