AttackForge
AttackForge CommunityAttackForge Core & EnterpriseSelf-Service APIFAQ
Search
⌃K
Links

Template - Custom Tags

AttackForge ReportGen lets you define your own custom tags which can be referenced anywhere within your report templates.
Custom tags can be used to capture additional reporting information for projects, vulnerabilities and affected assets. This could include metadata, scoring, client information, or simply used for logically separating data within your reports - for example you can create a template to show just PCI-DSS vulnerabilities, or External vulnerabilities, etc.
Custom tags can be set at three (3) different levels:
  • Project-Level
  • Vulnerability Library
  • Affected Asset (vulnerability on project)

Project Custom Tags

  1. 1.
    From page menu, click on ReportGen Custom Tags. You must have Edit permissions to the project.
2. Create custom tags. Do not put any spaces in the Name field.
3. Update your ReportGen DOCX template file to reference the custom tags. You can access the tags using following syntax from the root/project level in the report:
{#projectCustomTags} {#ClientName} {ClientName} {/} {/}
where {ClientName} represents the value of this field.
You can also use Conditions, Loops, Filters, Data Aggregation, Data Formatting, & Assignments. Click here for more details.
4. Generate report and observe the custom tags are now referenced in your template.

Vulnerability Library Custom Tags

You can define & create custom vulnerability-level tags which can be referenced in your template within the following sections:
  • {#vulnerabilities}
  • {#criticalVulnerabilities}
  • {#highVulnerabilities}
  • {#mediumVulnerabilities}
  • {#lowVulnerabilities}
  • {#infoVulnerabilities}
  • {#completedTestcases} --> {#linked_vulnerabilities}
  • {#inProgressTestcases} --> {#linked_vulnerabilities}
  • {#notTestedTestcases} --> {#linked_vulnerabilities}
  • {#notApplicableTestcases} --> {#linked_vulnerabilities}
  • {#passedTestcases} --> {#linked_vulnerabilities}
  • {#failedTestcases} --> {#linked_vulnerabilities}
  • {#remediatedTestcases} --> {#linked_vulnerabilities}
  • {#abuseCases} --> {#linked_vulnerabilities}
  1. 1.
    Open your Vulnerability Library. Create a new entry, or Edit an existing entry.
2. Create custom tags. Do not put any spaces in the Name field.
3. Update your ReportGen DOCX template file to reference the custom tags.
{#vulnerabilities} {#vulnerabilityCustomTags} {#TLS_weakness == "True" || PCI-related == "True"} {priority} - {title} {description} {/} {/} {/}
where {priority}{title}{description} represents the vulnerability details.
The above code works as follows:
  • Loop through list of all vulnerabilities {#vulnerabilities}
  • Loop through list of all custom tags if present {#vulnerabilityCustomTags}
  • Check to see if the tag 'TLS_weakness' exists and has a value of 'True'; or check to see if the tag 'PCI-related' exists and has a value of 'True'.
  • If the above condition is met, print the {priority}{title}{description} for the current vulnerability.
You can also use Conditions, Loops, Filters, Data Aggregation, Data Formatting, & Assignments. Click here for more details.
4. Generate report and observe the custom tags are now referenced in your template.

Affected Asset Custom Tags

You can define & create custom vulnerability-level tags which can be referenced in your template within the following sections:
  • {#vulnerabilities} --> {#affected_assets}
  • {#criticalVulnerabilities --> {#affected_assets}
  • {#highVulnerabilities} --> {#affected_assets}
  • {#mediumVulnerabilities} --> {#affected_assets}
  • {#lowVulnerabilities} --> {#affected_assets}
  • {#infoVulnerabilities} --> {#affected_assets}
  • {#completedTestcases} --> {#linked_vulnerabilities} --> {#affected_assets}
  • {#inProgressTestcases} --> {#linked_vulnerabilities} --> {#affected_assets}
  • {#notTestedTestcases} --> {#linked_vulnerabilities} --> {#affected_assets}
  • {#notApplicableTestcases} --> {#linked_vulnerabilities} --> {#affected_assets}
  • {#passedTestcases} --> {#linked_vulnerabilities} --> {#affected_assets}
  • {#failedTestcases} --> {#linked_vulnerabilities} --> {#affected_assets}
  • {#remediatedTestcases} --> {#linked_vulnerabilities} --> {#affected_assets}
  • {#abuseCases} --> {#linked_vulnerabilities} --> {#affected_assets}
  1. 1.
    Create a new vulnerability or Edit an existing vulnerability on your project.
2. Create custom tags. Do not put any spaces in the Name field.
3. Update your ReportGen DOCX template file to reference the custom tags.
{#vulnerabilities} {#affected_assets} {#assetCustomTags} {#Discovered == "External Testing"} {#assetCustomTags} {#Application == "True"} {asset} - {title} {/} {/} {/} {/} {/} {/}
where {asset}{title} represents the affected asset name and title of the vulnerability.
The above code works as follows:
  • Loop through list of all vulnerabilities {#vulnerabilities}
  • Loop through list of affected assets for each vulnerability {#affected_assets}
  • Loop through list of all custom tags if present {#assetCustomTags}
  • Check to see if the tag 'Discovered' exists and has a value of 'External Testing'
  • If the above condition is true - loop through the list of all custom fields/tags and check to see if the tag 'Application' exists and has a value of 'True'. If both conditions are met print the asset name {asset} and vulnerability title {title}.
  • If the above condition is false - stop & move onto the next asset
You can also use Conditions, Loops, Filters, Data Aggregation, Data Formatting, & Assignments. Click here for more details.
4. Generate report and observe the custom tags are now referenced in your template.
Previous
Template - Charts
Next
Users
Last modified 1yr ago