LogoLogo
  • AttackForge Support
  • Release Notes
    • 2025
    • 2024
    • 2023
    • 2022
    • 2021
    • 2020
    • 2019
  • Core & Enterprise
    • Getting Started
      • How It Works
      • Requesting A Project
      • Creating & Updating Projects
      • Invite User To Project
      • View Project Team
      • Project Scope
      • Project Workspace
      • Project Notes
      • Project Pages
      • Test Cases
      • Creating Vulnerabilities
      • Updating Vulnerabilities
      • Review & QA
      • Attack Chains
      • Reporting
      • Retesting & Remediation
      • Notifications
      • Custom Fields & Forms
      • Advanced Filtering
      • Vulnerability SLAs
      • User Settings
      • Login Redirects
    • Modules
      • Dashboard
      • Analytics
      • Vulnerabilities
      • Projects
      • Scheduling
      • Portfolios
      • Groups
      • Attack Chains
      • Assets
      • Writeups
      • Test Suites
      • Report Templates
        • Overview
        • Tutorial
        • Tips & Tricks
        • Troubleshooting
        • Template - Report Templates
        • Template - Tags
        • Template - Options
        • Template - Functions
        • Template - Filters
        • Template - Styles
        • Template - Tables
        • Template - Charts
        • Template - Conditions
        • ReportGen CLI
        • ReportGen Library
      • Users
      • Administration
      • Flows
      • Self-Service RESTful API
        • GETTING STARTED
        • EXPORTING TO CSV
        • ADVANCED QUERY FILTER
        • ActivateUser
        • AddProjectMembershipAdministrators
        • AddTestcaseToTestsuite
        • AddTestcasesToTestsuite
        • AddUserToGroup
        • ApproveProjectRequestById
        • ArchivePortfolio
        • ArchiveProject
        • CancelProjectRetestRound
        • CloneProject
        • CompleteProjectRetestRound
        • CreateAssetInLibrary
        • CreateGroup
        • CreatePortfolio
        • CreateProject
        • CreateProjectNote
        • CreateProjectRequest
        • CreateProjectTestCase
        • CreateProjectWorkspaceNote
        • CreateRemediationNote
        • CreateScope
        • CreateTestcaseNote
        • CreateTestsuite
        • CreateUser
        • CreateUsers
        • CreateVulnerability
        • CreateVulnerabilityBulk
        • CreateVulnerabilityLibraryIssue
        • CreateVulnerabilityWithLibrary
        • DeactivateUser
        • DownloadProjectTestCaseFile
        • DownloadProjectTestCaseNoteFile
        • DownloadProjectTestCaseWorkspaceNoteFile
        • DownloadVulnerabilityEvidence
        • DownloadVulnerabilityLibraryFile
        • DownloadWorkspaceFile
        • GetApplicationAuditLogs
        • GetAssets
        • GetAssetsByGroup
        • GetAssetInLibrary
        • GetAssetsInLibrary
        • GetCustomFieldsConfig
        • GetFormConfig
        • GetGroup
        • GetGroups
        • GetMostCommonVulnerabilities
        • GetMostFailedTestcases
        • GetMostVulnerableAssets
        • GetPortfolio
        • GetPortfolios
        • GetPortfolioStream
        • GetProjectAuditLogs
        • GetProjectById
        • GetProjects
        • GetProjectsAndVulnerabilities
        • GetProjectsByGroup
        • GetProjectMembershipAdministrators
        • GetProjectNotes
        • GetProjectReport
        • GetProjectReportData
        • GetProjectRequests
        • GetProjectRequestById
        • GetProjectTestcasesById
        • GetProjectVulnerabilitiesById
        • GetProjectWorkspace
        • GetTestsuiteById
        • GetTestsuites
        • GetUserByEmail
        • GetUserById
        • GetUserByUsername
        • GetUserAuditLogs
        • GetUserGroups
        • GetUserLoginHistory
        • GetUserProjects
        • GetUsers
        • GetVulnerabilityById
        • GetVulnerabilities
        • GetVulnerabilitiesByAssetName
        • GetVulnerabilitiesByGroup
        • GetVulnerabilityLibraryIssues
        • GetVulnerabilityRevisionHistory
        • InviteUserToProject
        • InviteUsersToProjectTeam
        • RejectProjectRequestById
        • RegenerateAPIKey
        • RemoveProjectMembershipAdministrators
        • RemoveProjectTeamMembers
        • RequestNewProjectRetest
        • RestoreProject
        • SendEmail
        • SendDailyCommencementEmail
        • SendDailyCompletionEmail
        • UpdateAssetInLibrary
        • UpdateCustomFieldsConfig
        • UpdateExecSummaryNotes
        • UpdateFormConfig
        • UpdateGroup
        • UpdatePortfolio
        • UpdateProjectById
        • UpdateProjectMembershipAdministrators
        • UpdateProjectNote
        • UpdateProjectRequestById
        • UpdateProjectRetestRound
        • UpdateProjectWorkspaceNote
        • UpdateScope
        • UpdateTestcase
        • UpdateTestcaseOnTestsuite
        • UpdateTestsuite
        • UpdateUserAccessOnGroup
        • UpdateUserAccessOnProject
        • UpdateUser
        • UpdateVulnerabilityById
        • UpdateVulnerabilityLibraryIssue
        • UpdateVulnerabilitySLAs
        • UpdateVulnerabilityWithLibrary
        • UploadTestcaseFile
        • UploadVulnerabilityEvidence
        • UploadVulnerabilityLibraryFile
        • UploadWorkspaceFile
      • Self-Service Events API
        • GETTING STARTED
        • Project Created
        • Project Updated
        • Project Request Created
        • Project Request Updated
        • Project Retest Requested
        • Project Retest Completed
        • Project Retest Cancelled
        • Vulnerability Created
        • Vulnerability Updated
        • Vulnerability Evidence Created
        • Vulnerability Evidence Updated
        • Vulnerability Remediation Note Created
        • Vulnerability Remediation Note Updated
    • AFScript
    • Access Control Matrix
    • Raising Support Tickets
    • Security
  • Contact
Powered by GitBook

Check YouTube for more tutorials: https://youtube.com/@attackforge

On this page
  • Overview
  • Update Vulnerability
  • Upload Evidence
  • QA Reviews
  • Overwrites
  • Remediation Plan
  • Ready for Retesting
  • Remediation Notes
  • Closed or Re-Opened
  • Bulk Add Tags
  • Bulk Add Custom Tags
  • Update SLA
  • Re-apply SLA
  • Duplicating Vulnerabilities
  • Linking Vulnerabilities
  • Re-Assigning Vulnerabilities
  1. Core & Enterprise
  2. Getting Started

Updating Vulnerabilities

PreviousCreating VulnerabilitiesNextReview & QA

Last updated 1 year ago

Overview

Once a vulnerability has been created, you can then update the vulnerability in a number of ways.

Considering updating vulnerabilities is part of the role for a pentester, only users with Edit access to the project can perform this function.

However, any project team member can add remediation notes & mark a vulnerability as Ready For Retesting. This allows customers, developers & engineers to track remediation performed for a given issue, and inform once the vulnerability is ready to be retested.

Update Vulnerability

From the vulnerability page, click on Edit.

Upload Evidence

If you need to upload further evidence to a vulnerability, you can upload it from the Evidence section.

QA Reviews

Review Notes in AttackForge can be created against Vulnerabilities and Project Executive Summary.

Review notes help teams keep track of the changes needed, and all communication in one place.

You must have Edit permissions on the project to view and create review notes.

If you need to perform QA on multiple vulnerabilities, or would like to review each vulnerability one-by-one (from one screen) - you can select the vulnerabilities then click on Actions -> Edit.

Here you can review and update each vulnerability individually, and cycle through each vulnerability as needed.

Overwrites

If you need to perform a bulk overwrite on selected fields across many vulnerabilities - you can select the vulnerabilities then click on Actions -> Overwrite .

You can opt into each field you would like to update, at one time for all selected vulnerabilities.

Remediation Plan

If the Remediation Plan field is enabled (see Administration module), project team members can update the remediation plan for any of the vulnerabilities. This is useful to help get vulnerabilities acknowledged by technical teams, and plan for when those vulnerabilities will be fixed.

The vulnerability will now track Target Remediation Date.

You can use the Target Remediation Date to create Custom Time-Based Emails which automatically follow up on vulnerabilities for you.

Ready for Retesting

Once a vulnerability is ready for retesting, any user on the project can mark the vulnerability as Ready for Retesting from the vulnerability page or using bulk actions.

The audit trail for the vulnerability will also get updated to reflect the change in status.

Remediation Notes

Project team members can update the vulnerability remediation history and create remediation notes.

Closed or Re-Opened

During remediation testing, vulnerabilities can be Closed and Re-Opened depending on the outcome.

Bulk Add Tags

You can bulk add new tags for each selected vulnerability if the tag does not already exist.

Bulk Add Custom Tags

You can bulk add new custom tags for each selected vulnerability if the custom tag does not already exist. Otherwise if the custom tag already exists, it will update its value.

Update SLA

You can bulk-update Remediation SLA on vulnerabilities to a new future date.

!IMPORTANT: Only Admins and Project Coordinators are allowed to perform this operation.

Re-apply SLA

You can re-apply the Remediation SLA on vulnerabilities. This will remove the existing SLA, and replace it with a new SLA from the SLA ruleset defined in Administration module.

If no SLA exists on the vulnerability, a new SLA will be applied.

!IMPORTANT: Only Admins and Project Coordinators are allowed to perform this operation.

Duplicating Vulnerabilities

Duplicating vulnerabilities will clone a vulnerability. This means you will end up with two (2) of the same vulnerability. As the clone is a unique vulnerability, it will be treated as such from a dashboard/analytics/reporting perspective.

Linking Vulnerabilities

Vulnerabilities in AttackForge get created on projects. A vulnerability is linked to either one or more projects.

With the exception of Administrators, a user can only see vulnerabilities for which they have access to the project(s) linked to those vulnerabilities.

Linking vulnerabilities will make vulnerabilities available on other projects. Users on the linked projects will have view and edit access to the linked vulnerabilities, depending on their access level on the linked projects.

Linking vulnerabilities is useful when consolidating vulnerabilities into projects for remediation or tracking.

!IMPORTANT: When linking vulnerabilities, keep in mind: - Vulnerabilities are not transferred. Vulnerabilities will become available on the new project, and will also remain available in the current project. You can link a vulnerability to many projects. - Vulnerabilities are not copied. This means there will be no duplication of vulnerabilities in your dashboards, analytics, tables, etc. - Vulnerabilities are universal. Any changes to these vulnerabilities in either project will universally apply. - Assets assigned to each vulnerability will be added to the new projects' scope.

If a user deletes a linked vulnerability, it will only be deleted from its project. It will not be deleted on other linked projects for that vulnerability.

Re-Assigning Vulnerabilities

You can re-assign a vulnerability to another project. Once a vulnerability is re-assigned, it will no longer be available on the current project. All remediation notes, review notes & evidence will also be relocated to the new project.