LogoLogo
  • AttackForge Support
  • Release Notes
    • 2025
    • 2024
    • 2023
    • 2022
    • 2021
    • 2020
    • 2019
  • Core & Enterprise
    • Getting Started
      • How It Works
      • Requesting A Project
      • Creating & Updating Projects
      • Invite User To Project
      • View Project Team
      • Project Scope
      • Project Workspace
      • Project Notes
      • Project Pages
      • Test Cases
      • Creating Vulnerabilities
      • Updating Vulnerabilities
      • Review & QA
      • Attack Chains
      • Reporting
      • Retesting & Remediation
      • Notifications
      • Custom Fields & Forms
      • Vulnerability SLAs
      • User Settings
      • Login Redirects
    • Modules
      • Dashboard
      • Analytics
      • Vulnerabilities
      • Projects
      • Scheduling
      • Portfolios
      • Groups
      • Attack Chains
      • Assets
      • Writeups
      • Test Suites
      • Report Templates
        • Overview
        • Tutorial
        • Tips & Tricks
        • Troubleshooting
        • Template - Report Templates
        • Template - Tags
        • Template - Options
        • Template - Functions
        • Template - Filters
        • Template - Styles
        • Template - Tables
        • Template - Charts
        • Template - Conditions
        • ReportGen CLI
        • ReportGen Library
      • Users
      • Administration
      • Flows
      • Self-Service RESTful API
        • GETTING STARTED
        • EXPORTING TO CSV
        • ADVANCED QUERY FILTER
        • ActivateUser
        • AddProjectMembershipAdministrators
        • AddTestcaseToTestsuite
        • AddTestcasesToTestsuite
        • AddUserToGroup
        • ApproveProjectRequestById
        • ArchivePortfolio
        • ArchiveProject
        • CancelProjectRetestRound
        • CloneProject
        • CompleteProjectRetestRound
        • CreateAssetInLibrary
        • CreateGroup
        • CreatePortfolio
        • CreateProject
        • CreateProjectNote
        • CreateProjectRequest
        • CreateProjectTestCase
        • CreateProjectWorkspaceNote
        • CreateRemediationNote
        • CreateScope
        • CreateTestcaseNote
        • CreateTestsuite
        • CreateUser
        • CreateUsers
        • CreateVulnerability
        • CreateVulnerabilityBulk
        • CreateVulnerabilityLibraryIssue
        • CreateVulnerabilityWithLibrary
        • DeactivateUser
        • DownloadProjectTestCaseFile
        • DownloadProjectTestCaseNoteFile
        • DownloadProjectTestCaseWorkspaceNoteFile
        • DownloadVulnerabilityEvidence
        • DownloadVulnerabilityLibraryFile
        • DownloadWorkspaceFile
        • GetApplicationAuditLogs
        • GetAssets
        • GetAssetsByGroup
        • GetAssetInLibrary
        • GetAssetsInLibrary
        • GetCustomFieldsConfig
        • GetFormConfig
        • GetGroup
        • GetGroups
        • GetMostCommonVulnerabilities
        • GetMostFailedTestcases
        • GetMostVulnerableAssets
        • GetPortfolio
        • GetPortfolios
        • GetPortfolioStream
        • GetProjectAuditLogs
        • GetProjectById
        • GetProjects
        • GetProjectsAndVulnerabilities
        • GetProjectsByGroup
        • GetProjectMembershipAdministrators
        • GetProjectNotes
        • GetProjectReport
        • GetProjectReportData
        • GetProjectRequests
        • GetProjectRequestById
        • GetProjectTestcasesById
        • GetProjectVulnerabilitiesById
        • GetProjectWorkspace
        • GetTestsuiteById
        • GetTestsuites
        • GetUserByEmail
        • GetUserById
        • GetUserByUsername
        • GetUserAuditLogs
        • GetUserGroups
        • GetUserLoginHistory
        • GetUserProjects
        • GetUsers
        • GetVulnerabilityById
        • GetVulnerabilities
        • GetVulnerabilitiesByAssetName
        • GetVulnerabilitiesByGroup
        • GetVulnerabilityLibraryIssues
        • GetVulnerabilityRevisionHistory
        • InviteUserToProject
        • InviteUsersToProjectTeam
        • RejectProjectRequestById
        • RegenerateAPIKey
        • RemoveProjectMembershipAdministrators
        • RemoveProjectTeamMembers
        • RequestNewProjectRetest
        • RestoreProject
        • SendEmail
        • SendDailyCommencementEmail
        • SendDailyCompletionEmail
        • UpdateAssetInLibrary
        • UpdateCustomFieldsConfig
        • UpdateExecSummaryNotes
        • UpdateFormConfig
        • UpdateGroup
        • UpdatePortfolio
        • UpdateProjectById
        • UpdateProjectMembershipAdministrators
        • UpdateProjectNote
        • UpdateProjectRequestById
        • UpdateProjectRetestRound
        • UpdateProjectWorkspaceNote
        • UpdateScope
        • UpdateTestcase
        • UpdateTestcaseOnTestsuite
        • UpdateTestsuite
        • UpdateUserAccessOnGroup
        • UpdateUserAccessOnProject
        • UpdateUser
        • UpdateVulnerabilityById
        • UpdateVulnerabilityLibraryIssue
        • UpdateVulnerabilitySLAs
        • UpdateVulnerabilityWithLibrary
        • UploadTestcaseFile
        • UploadVulnerabilityEvidence
        • UploadVulnerabilityLibraryFile
        • UploadWorkspaceFile
      • Self-Service Events API
        • GETTING STARTED
        • Project Created
        • Project Updated
        • Project Request Created
        • Project Request Updated
        • Project Retest Requested
        • Project Retest Completed
        • Project Retest Cancelled
        • Vulnerability Created
        • Vulnerability Updated
        • Vulnerability Evidence Created
        • Vulnerability Evidence Updated
        • Vulnerability Remediation Note Created
        • Vulnerability Remediation Note Updated
    • AFScript
    • Access Control Matrix
    • Raising Support Tickets
    • Security
  • Contact
Powered by GitBook

Check YouTube for more tutorials: https://youtube.com/@attackforge

On this page
  • Overview
  • Creating a Portfolio
  • Linking Projects to Streams
  • Managing Access to Streams
  1. Core & Enterprise
  2. Modules

Portfolios

PreviousSchedulingNextGroups

Last updated 10 months ago

Overview

Portfolios help you to create dedicated programs to track and manage your security testing activities. Want to know how your internal systems compare to your external systems? Or wanting to track security posture for your applications? Portfolios makes this easy!

Every Portfolio comes with Streams.

Streams help you to consolidate all of your related testing activities for a portfolio, for example:

Portfolio: Externally Facing Applications

Stream 1: US External Apps

  • Project 1: USA Commerce Portal

  • Project 2: USA Mobile App

  • Project 3: Main Integration Gateway

Stream 2: European External Apps

  • Project 1: Main Integration Gateway

  • Project 2: EU Mobile App

Portfolios and Streams can help you track Business-as-Usual (BAU) pentesting and help you to better understand where to focus your time and resources more effectively.

Projects can be assigned to many streams and portfolios. This can help to ensure you are tracking the right vulnerabilities, across your enterprise.

Using the example above, vulnerabilities in project Main Integration Gateway might be relevant to both USA External Apps & European External Apps - therefore could be assigned to both streams.

Every Portfolio and Stream has a unique dashboard which includes details on vulnerabilities, projects & assets - helping you make more informed business decisions when it comes to tracking and remediation.

Portfolios are created and managed by administrators.

View access can be given to individual portfolios, or their respective streams, to non-admin users. Those users will only see data relevant to projects they have access to on the portfolio and/or stream.

Creating a Portfolio

Start by clicking on Portfolios module in your main menu. You must be an Administrator. Click on New.

Complete the details for your portfolio. You can add a stream by clicking on Streams.

Enter a name for your stream, and optionally link any existing projects to the stream.

You can create as many streams as you need.

View access can be given to to non-admin users for individual portfolios or their respective streams. Those users will only see data relevent to projects they have access to on the portfolio and/or stream.

Linking Projects to Streams

You can add new projects to Portfolios & Streams directly..

To edit a Portfolio, click on the cog from the portfolio page.

Select Access and Streams. You can create new streams and link associated projects, or you can update existing projects on existing streams.

You can also associate a project with one or more Portfolios & Streams at time of project creation or approval; or when editing a project.

Managing Access to Streams

View access can be given to to non-admin users for individual portfolios or their respective streams. Those users will only see data relevent to projects they have access to on the portfolio and/or stream.

Access can be granted to portfolios and/or streams based on Groups or Users.

Access can be granted to the entire Portfolio and its related Streams using the option at the top of the Access and Streams settings page for the Portfolio.

Alternatively, access to individual streams can be granted by clicking on any of the streams and configuring the access on that stream.