LogoLogo
  • AttackForge Support
  • Release Notes
    • 2025
    • 2024
    • 2023
    • 2022
    • 2021
    • 2020
    • 2019
  • Core & Enterprise
    • Getting Started
      • How It Works
      • Requesting A Project
      • Creating & Updating Projects
      • Invite User To Project
      • View Project Team
      • Project Scope
      • Project Workspace
      • Project Notes
      • Project Pages
      • Test Cases
      • Creating Vulnerabilities
      • Updating Vulnerabilities
      • Review & QA
      • Attack Chains
      • Reporting
      • Retesting & Remediation
      • Notifications
      • Custom Fields & Forms
      • Vulnerability SLAs
      • User Settings
      • Login Redirects
    • Modules
      • Dashboard
      • Analytics
      • Vulnerabilities
      • Projects
      • Scheduling
      • Portfolios
      • Groups
      • Attack Chains
      • Assets
      • Writeups
      • Test Suites
      • Report Templates
        • Overview
        • Tutorial
        • Tips & Tricks
        • Troubleshooting
        • Template - Tags
        • Template - Options
        • Template - Functions
        • Template - Filters
        • Template - Styles
        • Template - Tables
        • Template - Charts
        • Template - Conditions
        • ReportGen CLI
        • ReportGen Library
      • Users
      • Administration
      • Flows
      • Self-Service RESTful API
        • GETTING STARTED
        • EXPORTING TO CSV
        • ADVANCED QUERY FILTER
        • ActivateUser
        • AddProjectMembershipAdministrators
        • AddTestcaseToTestsuite
        • AddTestcasesToTestsuite
        • AddUserToGroup
        • ApproveProjectRequestById
        • ArchivePortfolio
        • ArchiveProject
        • CancelProjectRetestRound
        • CloneProject
        • CompleteProjectRetestRound
        • CreateAssetInLibrary
        • CreateGroup
        • CreatePortfolio
        • CreateProject
        • CreateProjectNote
        • CreateProjectRequest
        • CreateProjectTestCase
        • CreateProjectWorkspaceNote
        • CreateRemediationNote
        • CreateScope
        • CreateTestcaseNote
        • CreateTestsuite
        • CreateUser
        • CreateUsers
        • CreateVulnerability
        • CreateVulnerabilityBulk
        • CreateVulnerabilityLibraryIssue
        • CreateVulnerabilityWithLibrary
        • DeactivateUser
        • DownloadProjectTestCaseFile
        • DownloadProjectTestCaseNoteFile
        • DownloadProjectTestCaseWorkspaceNoteFile
        • DownloadVulnerabilityEvidence
        • DownloadVulnerabilityLibraryFile
        • DownloadWorkspaceFile
        • GetApplicationAuditLogs
        • GetAssets
        • GetAssetsByGroup
        • GetAssetInLibrary
        • GetAssetsInLibrary
        • GetCustomFieldsConfig
        • GetFormConfig
        • GetGroup
        • GetGroups
        • GetMostCommonVulnerabilities
        • GetMostFailedTestcases
        • GetMostVulnerableAssets
        • GetPortfolio
        • GetPortfolios
        • GetPortfolioStream
        • GetProjectAuditLogs
        • GetProjectById
        • GetProjects
        • GetProjectsAndVulnerabilities
        • GetProjectsByGroup
        • GetProjectMembershipAdministrators
        • GetProjectNotes
        • GetProjectReport
        • GetProjectReportData
        • GetProjectRequests
        • GetProjectRequestById
        • GetProjectTestcasesById
        • GetProjectVulnerabilitiesById
        • GetProjectWorkspace
        • GetTestsuiteById
        • GetTestsuites
        • GetUserByEmail
        • GetUserById
        • GetUserByUsername
        • GetUserAuditLogs
        • GetUserGroups
        • GetUserLoginHistory
        • GetUserProjects
        • GetUsers
        • GetVulnerabilityById
        • GetVulnerabilities
        • GetVulnerabilitiesByAssetName
        • GetVulnerabilitiesByGroup
        • GetVulnerabilityLibraryIssues
        • GetVulnerabilityRevisionHistory
        • InviteUserToProject
        • InviteUsersToProjectTeam
        • RejectProjectRequestById
        • RegenerateAPIKey
        • RemoveProjectMembershipAdministrators
        • RemoveProjectTeamMembers
        • RequestNewProjectRetest
        • RestoreProject
        • SendEmail
        • SendDailyCommencementEmail
        • SendDailyCompletionEmail
        • UpdateAssetInLibrary
        • UpdateCustomFieldsConfig
        • UpdateExecSummaryNotes
        • UpdateFormConfig
        • UpdateGroup
        • UpdatePortfolio
        • UpdateProjectById
        • UpdateProjectMembershipAdministrators
        • UpdateProjectNote
        • UpdateProjectRequestById
        • UpdateProjectRetestRound
        • UpdateProjectWorkspaceNote
        • UpdateScope
        • UpdateTestcase
        • UpdateTestcaseOnTestsuite
        • UpdateTestsuite
        • UpdateUserAccessOnGroup
        • UpdateUserAccessOnProject
        • UpdateUser
        • UpdateVulnerabilityById
        • UpdateVulnerabilityLibraryIssue
        • UpdateVulnerabilitySLAs
        • UpdateVulnerabilityWithLibrary
        • UploadTestcaseFile
        • UploadVulnerabilityEvidence
        • UploadVulnerabilityLibraryFile
        • UploadWorkspaceFile
      • Self-Service Events API
        • GETTING STARTED
        • Project Created
        • Project Updated
        • Project Request Created
        • Project Request Updated
        • Project Retest Requested
        • Project Retest Completed
        • Project Retest Cancelled
        • Vulnerability Created
        • Vulnerability Updated
        • Vulnerability Evidence Created
        • Vulnerability Evidence Updated
        • Vulnerability Remediation Note Created
        • Vulnerability Remediation Note Updated
    • AFScript
    • Access Control Matrix
    • Raising Support Tickets
    • Security
  • Contact
Powered by GitBook

Check YouTube for more tutorials: https://youtube.com/@attackforge

On this page
  • Overview
  • Custom Reports
  • Custom Report on Selected Vulnerabilities
  • Update Executive Summary
  • Custom Reporting Fields
  • Export JSON Project Data
  • Evidence as ZIP
  • Custom Project Report Name Tags
  1. Core & Enterprise
  2. Getting Started

Reporting

PreviousAttack ChainsNextRetesting & Remediation

Last updated 5 months ago

Overview

AttackForge provides high-quality reports on-demand when you or your customers need them.

Any team member on your project can download reports in custom templates. These reports are dynamic and will display the most current data on your project.

Every project can have an unlimited number of reporting templates available.

There is also a JSON export which contains all of the data for the reports. This is useful for creating reports offline or for backup purposes.

The ZIP archive contains all evidence which has been uploaded to the vulnerabilities on the project. It is useful if the customer needs high-resolution screenshots, or access to evidence which is not an image format and as such not already included in the reports - for example scripts, videos, etc.

You can download any of the on-demand custom reports, JSON export or ZIP archive - directly from your project.

Custom Reports

AttackForge has a custom built reporting engine we call ReportGen which helps you create custom DOCX reports, on-demand and in a variety of templates.

For example - you can create:

  • Pentest reports

  • Retesting reports

  • Executive reports

  • Testing summary reports

  • Application and Infrastructure reports

  • Mobile testing reports

  • Red Team and Purple Team reports

  • Configuration Audit reports

  • Compliance reports, to name a few.

Custom reports can be generated by any user, on demand, from the project dashboard or reporting section on their projects.

Each user can only see reporting options which have been made available to them.

Every report template can be configured with access controls in the Report Templates module to restrict visibility and usage of templates for Roles, Groups and Users.

You can also control when the Executive Summary and Custom Reports become available to users on the project, and who is allowed to create reports on the project. This is configure in the project settings under Access.

Custom Report on Selected Vulnerabilities

You can select one or more vulnerabilities to create a custom report with only that selection.

This is useful when you need to get a report out to different teams, with only the context for vulnerabilities which are relevant to that team.

Start by selecting the vulnerabilities from your project vulnerabilities tab, then select Actions -> Custom Report. Choose your custom report. The report will be tailored to only the vulnerabilities in your selection.

Update Executive Summary

The reports contain an Executive Summary section. This is where you can include:

  • Objectives of the assessment

  • Overall observations or notable findings determined during the assessment

  • Positive security controls identified

  • Assumptions

  • Limitations

If you need to update the Executive Summary, you can do this by clicking on Reporting tab from the project.

Note you must have Edit permissions on the project in order to update the executive summary section.

Custom Reporting Fields

You can create custom sections and custom fields to personalize your Reporting data to the project.

Some ideas for Sections and Fields you can create:

  • Project Summary - including Executive Summary, Summary of Recommendations and Positive Security Observations

  • Testing Overview - including Background, Approach and Methodology

  • Document Control - including Author(s), Reviewer, Approver and Version History

To get started, go to Administration and click on Reporting.

Start creating Sections and Fields for the Reporting data you want to capture on your projects.

Set default values to make your reporting easier!

Now on your existing or new project, enable the Reporting section.

Add access levels based on the needs of your project.

Enter information and upload files based on your configuration.

!IMPORTANT: Only users with Edit access on the project can edit the Reporting fields

Export JSON Project Data

There is also a JSON export which contains all of the data for the reports. This is useful for creating reports offline or for backup purposes.

Evidence as ZIP

The ZIP archive contains all evidence which has been uploaded to the vulnerabilities on the project. It is useful if the customer needs high-resolution screenshots, or access to evidence which is not an image format and as such not already included in the reports - for example scripts, videos, etc.

You can download any of the on-demand custom reports, JSON export or ZIP archive - directly from your project.

Custom Project Report Name Tags

You can use the following tags to dynamically change the name of the custom report which is downloaded on a project.

  • {project.id} - project Id.

  • {project.name} - project name.

  • {project.code} - project code.

  • {project.organization_code} - project organization code.

  • {project.status} - project status.

  • {project.start_date} - project start date.

  • {project.end_date} - project end date.

  • {project.custom_field.<key>} - project custom field. Replace <key> with the key on your custom field.

For more details on how to create reporting templates for custom reports, please see .

Add custom fields to your Reports. For more information how to do this, please visit

Reporting
https://github.com/AttackForge/ReportGen/issues/25