LogoLogo
  • AttackForge Support
  • Release Notes
    • 2025
    • 2024
    • 2023
    • 2022
    • 2021
    • 2020
    • 2019
  • Core & Enterprise
    • Getting Started
      • How It Works
      • Requesting A Project
      • Creating & Updating Projects
      • Invite User To Project
      • View Project Team
      • Project Scope
      • Project Workspace
      • Project Notes
      • Project Pages
      • Test Cases
      • Creating Vulnerabilities
      • Updating Vulnerabilities
      • Review & QA
      • Attack Chains
      • Reporting
      • Retesting & Remediation
      • Notifications
      • Custom Fields & Forms
      • Vulnerability SLAs
      • User Settings
      • Login Redirects
    • Modules
      • Dashboard
      • Analytics
      • Vulnerabilities
      • Projects
      • Scheduling
      • Portfolios
      • Groups
      • Attack Chains
      • Assets
      • Writeups
      • Test Suites
      • Report Templates
        • Overview
        • Tutorial
        • Tips & Tricks
        • Troubleshooting
        • Template - Tags
        • Template - Options
        • Template - Functions
        • Template - Filters
        • Template - Styles
        • Template - Tables
        • Template - Charts
        • Template - Conditions
        • ReportGen CLI
        • ReportGen Library
      • Users
      • Administration
      • Flows
      • Self-Service RESTful API
        • GETTING STARTED
        • EXPORTING TO CSV
        • ADVANCED QUERY FILTER
        • ActivateUser
        • AddTestcaseToTestsuite
        • AddTestcasesToTestsuite
        • AddUserToGroup
        • ApproveProjectRequestById
        • ArchivePortfolio
        • ArchiveProject
        • CloneProject
        • ConfirmRetestCompleted
        • CreateAssetInLibrary
        • CreateGroup
        • CreatePortfolio
        • CreateProject
        • CreateProjectNote
        • CreateProjectRequest
        • CreateProjectTestCase
        • CreateProjectWorkspaceNote
        • CreateRemediationNote
        • CreateScope
        • CreateTestcaseNote
        • CreateTestsuite
        • CreateUser
        • CreateUsers
        • CreateVulnerability
        • CreateVulnerabilityBulk
        • CreateVulnerabilityLibraryIssue
        • CreateVulnerabilityWithLibrary
        • DeactivateUser
        • DownloadVulnerabilityEvidence
        • DownloadVulnerabilityLibraryFile
        • DownloadWorkspaceFile
        • GetApplicationAuditLogs
        • GetAssets
        • GetAssetsByGroup
        • GetAssetInLibrary
        • GetAssetsInLibrary
        • GetCustomFieldsConfig
        • GetFormConfig
        • GetGroup
        • GetGroups
        • GetMostCommonVulnerabilities
        • GetMostFailedTestcases
        • GetMostVulnerableAssets
        • GetPortfolio
        • GetPortfolios
        • GetPortfolioStream
        • GetProjectAuditLogs
        • GetProjectById
        • GetProjects
        • GetProjectsAndVulnerabilities
        • GetProjectsByGroup
        • GetProjectNotes
        • GetProjectReport
        • GetProjectReportData
        • GetProjectRequests
        • GetProjectRequestById
        • GetProjectTestcasesById
        • GetProjectVulnerabilitiesById
        • GetProjectWorkspace
        • GetTestsuiteById
        • GetTestsuites
        • GetUserByEmail
        • GetUserById
        • GetUserByUsername
        • GetUserAuditLogs
        • GetUserGroups
        • GetUserLoginHistory
        • GetUserProjects
        • GetUsers
        • GetVulnerabilityById
        • GetVulnerabilities
        • GetVulnerabilitiesByAssetName
        • GetVulnerabilitiesByGroup
        • GetVulnerabilityLibraryIssues
        • GetVulnerabilityRevisionHistory
        • InviteUserToProject
        • InviteUsersToProjectTeam
        • RejectProjectRequestById
        • RegenerateAPIKey
        • RemoveProjectTeamMembers
        • RequestRetest
        • RestoreProject
        • SendEmail
        • SendDailyCommencementEmail
        • SendDailyCompletionEmail
        • UpdateAssetInLibrary
        • UpdateCustomFieldsConfig
        • UpdateExecSummaryNotes
        • UpdateFormConfig
        • UpdateGroup
        • UpdatePortfolio
        • UpdateProjectById
        • UpdateProjectNote
        • UpdateProjectRequestById
        • UpdateProjectRetestRound
        • UpdateProjectWorkspaceNote
        • UpdateScope
        • UpdateTestcase
        • UpdateTestcaseOnTestsuite
        • UpdateTestsuite
        • UpdateUserAccessOnGroup
        • UpdateUserAccessOnProject
        • UpdateUser
        • UpdateVulnerabilityById
        • UpdateVulnerabilityLibraryIssue
        • UpdateVulnerabilitySLAs
        • UpdateVulnerabilityWithLibrary
        • UploadTestcaseFile
        • UploadVulnerabilityEvidence
        • UploadVulnerabilityLibraryFile
        • UploadWorkspaceFile
      • Self-Service Events API
        • GETTING STARTED
        • Project Created
        • Project Updated
        • Project Request Created
        • Project Request Updated
        • Project Retest Requested
        • Project Retest Completed
        • Project Retest Cancelled
        • Vulnerability Created
        • Vulnerability Updated
        • Vulnerability Evidence Created
        • Vulnerability Evidence Updated
        • Vulnerability Remediation Note Created
        • Vulnerability Remediation Note Updated
    • AFScript
    • Access Control Matrix
    • Raising Support Tickets
    • Security
  • Contact
Powered by GitBook

Check YouTube for more tutorials: https://youtube.com/@attackforge

On this page
  • 28 February 2025
  • Introducing Flows - Automation Module for AttackForge
  • Custom Domains for AttackForge Core
  • Updates to AFScript
  • Updates to Groups
  • Updates to Custom Time-Based Notifications
  • Updates to ReportGen
  • Updates to Writeups Libraries and Test Suites
  • UX Improvements
  • Enhancements to Self-Service APIs
  1. Release Notes

2025

PreviousRelease NotesNext2024

Last updated 4 days ago

28 February 2025

Introducing Flows - Automation Module for AttackForge

We're super excited 🤩 to finally reveal Flows - AttackForge's comprehensive, end-to-end automation engine - powered by AFScript.

Flows can help you to automate AttackForge with nearly unlimited systems. You can streamline processes across your organization to save time and focus on what's most important.

Some examples you can do with Flows:

  • Integrate your vulnerability data with ticketing tools like Atlassian JIRA, ServiceNow, Azure DevOps, BMC Helix and others.

  • Visualize your pentesting data in powerful tools like Power BI and Tableau

  • Help make better risk decisions by sending your vulnerability data to GRC platforms like RSA Archer, MetricStream, OneTrust and LogicGate

  • Create workflow automations by chaining together AttackForge Self-Service APIs

  • Trigger automated scanning activities in your security toolset like Rapid7, Tenable and Qualys

  • Create messages on collaboration platforms like Slack and Teams

  • Prioritize vulnerabilities with threat-intelligence like VulnDB

  • Create custom webhooks

  • Send custom email notifications on events

Flows can interact with any HTTP interface, including your own tools as well as the AttackForge Self-Service APIs

Flows is included in all AttackForge Enterprise plans and in the AttackForge Core SME plan. For all others plans, Flows can be added-on from the Administration -> Subscriptions page.

We've made some Flows available on our GitHub which you can import into your AttackForge to get started fast! Examples include:

  • Create JIRA Issue

  • Update JIRA Issue

  • Create ServiceNow Incident

  • Create Azure DevOps Work Item

  • Prioritize Vulnerability with Threat Intelligence from VulnDB

  • Trigger an Automated Scan in Tenable

  • Create Slack Message

  • Create Teams Message

  • Send Vulnerability to PowerBI

  • Create a Salesforce Opportunity

  • Create a WebHook

  • Send a Custom Email

Some of the great features of Flows include:

  • Share your Flows with multiple team members to help collaborate on your Flows together

  • Import and Export Flows to get started fast! You can also to share your Flows with other people using AttackForge

  • Various Triggers to handle a variety of use cases and bespoke needs

  • Support for Secrets to protect your passwords, API tokens and keys

  • Powerful Actions. Create your own custom logic and decision paths using AFScript

  • Run History for robust testing. Tracking and monitoring for peace of mind. Access detailed logs to know exactly what your Flows are doing at any time.

  • Unlimited Flows and Flow Actions! Build as many automations and integrations as you need, start with simple Flows and level up to complex sequences and chains.

We will be releasing even more capabilities and examples for Flows in the coming months so stay tuned!

Custom Domains for AttackForge Core

We have released fully custom domain names for AttackForge Core!

You can now have your own personal domain for hosting and accessing your AttackForge tenant.

Currently only available on AttackForge Core SME plans

Updates to AFScript

We've extended AFScript yet again!

You can now suggest values across all of your custom fields, everywhere, using AFScript.

We've also added String.replace() and String.replaceAll() functions.

Updates to Groups

We've updated Groups to now support Custom Fields and Forms.

This makes to possible to have a custom set of fields and forms for different Groups such as customers, security teams, technology and engineering teams, risk teams, subsidiaries and divisions, platforms and other ways in which you use groups.

You can configure Group custom fields and forms from Administration -> Groups.

In addition, we added support for mapping AttackForge Groups to SSO Identity Provider Groups to include support for assigning no access to the groups projects, as well as support for assigning access to Project Requests.

Updates to Custom Time-Based Notifications

We've added support for ability to use the dateFormat filter to adjust the way the date and time is displayed in your custom time-based emails.

For example, you can now do this:

{project.start_date | dateFormat:["fullDate"]}

Updates to ReportGen

We added new Filters including isArray, isBoolean, isInteger, and isString.

We also updated the styling and layout for the out-of-the-box Pentest Report Template to showcase even more possibilities for custom reports in ReportGen!

We also added a Retry button in the Offline Browser Tool from Chrome users which makes building reports even faster! 🥳 You no longer need to re-select the template file or JSON data.

Updates to Writeups Libraries and Test Suites

We've added MITRE ATT&CK Framework for Writeups! Including Enterprise v16.1, ICS v16.1, Mobile v16.1. You can now leverage MITRE ATT&CK directly in your Writeups.

We've also updated to MITRE CWE v4.16 and MITRE CAPEC v3.9 including new tags to cross-reference between CWE and CAPEC.

We've also updated MITRE ATT&CK Framework for Test Suites to the latest versions - Enterprise v16.1, ICS v16.1, Mobile v16.1.

UX Improvements

Now when creating a new Writeup in the Project Library from the Vulnerability form, the current project will be auto-selected.

Also after completing an Abuse Case, there is now a button to Create Another.

Enhancements to Self-Service APIs

We're always improving our Self-Service APIs to make automations and integrations even easier!

  • New RESTful endpoints:

    • Upload Writeup File

    • Send Email

    • Update Project Retest Round

  • Updates to REST endpoints:

    • Get Application Audit Logs - now supports new query filters

    • Get Project Audit Logs - now supports new query filters

    • Get User Audit Logs - now supports new query filters