# 2025 ## 19 December 2025 ### Integrate AI Assistants with AttackForge! AI is finally available in AttackForge! 🤩 We've made it *flexible, robust and secure* by allowing you - and your users - to **connect your own AI Assistants!** Whether you're using AI frontier assistants like [Claude](http://claude.ai/), [ChatGPT](https://chatgpt.com/) or [Copilot](https://copilot.microsoft.com/); or you've developed your own model from open-source - so long as it supports [Model Context Protocol (MCP)](https://modelcontextprotocol.io/docs/getting-started/intro) - you can plug into AttackForge 🔌 and start **improving productivity to get real work done, fast!!** 📈

So what can you do with this new superpower? 🦸 Let's take a look at some examples! #### [1. Generate executive summaries for your assessments and data](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#generate-pentest-executive-summary)

#### [2. Generate vulnerability descriptions and recommendations](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#generate-vulnerability-descriptions-and-recommendations)

#### [3. Determine the single highest-risk vulnerability on a project](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#determine-single-highest-risk-vulnerability-on-project)

#### [4. Create vulnerability composition metrics dashboards](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#create-a-vulnerability-composition-metrics-dashboard)

#### [5. Create interactive vulnerability charts](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#create-interactive-vulnerabilities-chart)

#### [6. Review vulnerabilities in retest](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#review-of-vulnerabilities-in-retest)

#### [7. Generate a report on all vulnerabilities assigned to you](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#show-vulnerabilities-assigned-to-me)

#### [8. Generate a report on the top 10 vulnerabilities](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#top-10-vulnerabilities-report)

#### [9. Create a top 10 vulnerabilities dashboard](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#top-10-vulnerabilities-dashboard)

#### [10. Create a top 10 affected assets dashboard](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#top-10-affected-assets-dashboard)

#### [11. Create a CVSS dashboard](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#cvss-dashboard)

#### [12. Generate a report on unique OWASP Top 10 vulnerabilities](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#unique-owasp-top-10-vulnerabilities-report)

#### [13. Create an interactive executive project closeout scorecard](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#interactive-executive-project-closeout-scorecard)

These are just some examples to get you started. You're only limited by your prompting creativity! We will continue to add more examples over the coming months. Integrating your AI Assistants with AttackForge has a number of significant benefits: > More Helpful and Accurate Responses ***Access to Current AttackForge Information*** Instead of being limited to training data, AI Assistants using MCP can pull real-time information from AttackForge - for example access to your latest vulnerabilities and projects. This provides context and answers based on your latest data, not outdated information. ***Personalized Assistance*** MCP enables AI to access your specific context - your AttackForge vulnerabilities, writeups, assets, projects - making responses tailored to your actual situation rather than generic advice. > Greater Productivity ***Unified Interface*** Instead of switching between different APIs and creating complex scripts, you can interact with your AttackForge through a single conversational interface. Ask questions about your data, retrieve records, check statuses, all in one place. ***Automated Workflows*** The AI can perform multi-step tasks, like pulling data from AttackForge, analyzing it, and updating a spreadsheet or creating a presentation - all from a simple request. > Better Privacy and Control ***Data Stays Where It Belongs*** With MCP, your sensitive vulnerability data doesn't need to be sent to AI providers for training. The AI accesses your data when needed and only for your specific requests. ***Granular Permissions*** You control exactly what data and capabilities the AI can access on behalf of any AttackForge user you authorize to use MCP, ensuring appropriate boundaries and compliance with your security requirements. > Future-Proof Investment ***Vendor Independence*** If you build workflows using MCP, you're not locked into a specific AI provider. You can switch AI Assistants while keeping all your integrations working. ***Growing Ecosystem*** As AttackForge continues to build more MCP tools and services, you'll automatically gain access to new capabilities without needing custom development work. > Connecting your AI Assistants to AttackForge is super easy! 😎 We've created guides to help you with: * [Enabling MCP](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#enabling-mcp) * [Configuring Remote MCP](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#configuring-remote-mcp) * [Configuring Self-Registration](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#self-registration) * [Configuring Assisted Registration](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#assisted-registration) * [Configuring Local MCP](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#configuring-local-mcp) * [Available MCP Tools](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#tools) If you're experimenting with AI in AttackForge - we would love to hear from you! We're already planning for the next set of MCP tools, and we would love to incorporate your feedback! ### CVSS Version 4 Vulnerability Scoring We've added support for CVSS Version 4! 🥳 This major change comes with a ton of new improvements: * Option to configure multiple scoring systems on a project, including CVSS v4 * Re-order preferences for each scoring system * Determine required and optional scoring systems

* Ability to filter vulnerabilities by CVSS Score and CVSS Vector

* View and score CVSS v3 and CVSS v4 independently * Priority and Exploitability can be independently adjusted from the CVSS Score * Recommendation on Priority if the current value selected is different to CVSS determined priority * CVSS Vectors will show shorthand syntax i.e. ignore metrics which are *Not Defined (X)*

> **Coming soon!** Create your own custom scoring systems! DREAD, STRIDE, PASTA, or completely custom in-house solution ### File Uploads and Downloads Supported In Flows We've added support for uploading and downloading files in Flows! 💪 With this new addition, you can now: * Attach vulnerability evidence (e.g. screenshots, videos, scripts) to your external tickets and systems in real-time. * Ingest vulnerability files from external sources like JIRA, ServiceNow, Bug Bounty platforms, and others - in real-time. * Programmatically save Excel files, PDFs, diagrams, ZIP archives, etc. in your project workspace. * plus much more.. Every [Flow Action](https://support.attackforge.com/attackforge-enterprise/modules/flows#actions) now supports `Options` which also includes `Download Response`. This instructs the Flow to download the response from the HTTP request, and returns a `fileId` which can then be referenced later on to upload the file to wherever it needs to go. [Request Scripts](https://support.attackforge.com/attackforge-enterprise/modules/flows#request-script) now also support passing a `multipart` body in the request configuration, which can be used to reference one or more previously downloaded files through their *fileIds*. This is used to perform the file upload action. For more information on how to upload and download files using Flows, check out the following links: * [Download Files using Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows#downloading-files-using-flows) * [Upload Files using Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows#uploading-files-using-flows) ### Fetch Flow Run Outcome on HTTP Triggered Flow We previously released [HTTP Triggered Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows#external-events) which empowers you to create your own custom APIs in AttackForge. You can use these custom APIs the same way you would use any other REST APIs. The key difference is *you are in control* of: * who can call those APIs * the input accepted * the actions performed * the resulting output In this release, we've added support for retrieving the outcome of the HTTP Triggered Flow after it has been triggered. Due to the asynchronous nature of a [Flow Run](https://support.attackforge.com/attackforge-enterprise/modules/flows#runs), you will immediately receive a `Flow Run Id` in the response:

The Flow Run Id can then be used to poll and fetch the results of the Flow Run once it has reached its terminal state. To fetch the results of the Flow Run, you would need to make the following API request: ```bash curl --request GET \ --url 'https://{{tenant}}/api/flows/runs/{{flowRunId}}' \ --header 'content-type: application/json' \ --header 'x-user-key: {{api-key}}' ``` The result of the Flow Run will then be returned:

### Bugcrowd Integration We're committed to supporting our customers with integrating all of their offensive security testing into AttackForge - this includes Bug Bounty! 🐛🎯 Previously we released an [integration with HackerOne](https://support.attackforge.com/attackforge-enterprise/modules/flows#create-vuln-from-hackerone-report). In this release, we've created a bi-directional integration with [Bugcrowd](https://www.bugcrowd.com/) to help you: * Automatically ingest submissions discovered in the Bugcrowd portal * Automatically receive updates when submissions have been updated in the Bugcrowd portal * Automatically create a comment in Bugcrowd when a remediation note is created/updated in AttackForge * Automatically create/update a remediation note in AttackForge when a comment is created/updated in Bugcrowd You can read more about these [Flows on our Support Portal](https://support.attackforge.com/attackforge-enterprise/modules/flows#create-vulnerability-on-bugcrowd-submission). Or import these Flows into your AttackForge from our [Flows GitHub Repository](https://github.com/AttackForge/Flows).

> Not using Bugcrowd or Hackerone? Import and configure these Flows for your own Bug Bounty provider! ### UX Improvements We've improved the `Info Panel` across the application so that you can *lock* and *unlock* the data shown in the panel. This can help you to persist vital information on the screen at all times.

We've also made it possible to switch between the current information and the Writeup when working on a vulnerability:

We've also improved the Vulnerabilities module to now include options to select from **Pending, Draft and All Vulnerabilities** in addition to *Visible* vulnerabilities.

We've also added bulk actions, filtering and sorting to the access applied to an individual user:

### Improved BURP and Nessus Imports We've improved the way AttackForge handles evidence from [Burp](https://portswigger.net/burp) and [Nessus](https://www.tenable.com/products/nessus) during vulnerability imports. This means less manual changes and better looking findings! * HTTP Request and HTTP Response is now wrapped in code blocks * URL Path now shows as Affected Components * For BURP - Likelihood of Exploitation is now set using *Confidence* * IP address now shows in tags

### Updates to AFScript We've powered-up 🔋 our in-app programming language [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript) to make writing scripts even easier! * **New** functions: * [**String.split()**](https://support.attackforge.com/attackforge-enterprise/afscript#strings) - takes a pattern and divides the string into an ordered list of substrings by searching for the pattern, puts these substrings into an array, and returns the array. * [**Datetime.format()**](https://support.attackforge.com/attackforge-enterprise/afscript#dates) - can be used to convert a date and time to a specified mask. ### Enhancements to Self-Service APIs & Events We're always improving our Self-Service APIs and Events to make automations and integrations even easier! 💪 * **New** Events: * [**vulnerability-remediation-note-file-uploaded**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/vulnerability-remediation-note-file-uploaded) - event triggered when a file is uploaded to a remediation note. * **Updates** to Events: * [**vulnerability-remediation-note-created**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/vulnerability-remediation-note-created) - now includes "remediation\_note\_files" and "remediation\_note\_details\_html". * [**vulnerability-remediation-note-updated**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/vulnerability-remediation-note-updated) - now includes "remediation\_note\_files" and "remediation\_note\_details\_html". * **New** RESTful endpoints: * [**Upload Remediation Note File**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/uploadremediationnotefile) - upload a file to a remediation note. * [**Download Remediation Note File**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/downloadremediationnotefile) - download a file on a remediation note. * [**Update Remediation Note**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/createremediationnote-1) - update a remediation note on a vulnerability. * [**Upload Test Suite Test Case File**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/uploadtestsuitetestcasefile) - upload a file to a test case on a test suite. * [**Download Test Suite Test Case File**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/downloadtestsuitetestcasefile) - download a file on a test case on a test suite. * **Updates** to REST endpoints: * [**Get Project Report Data**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getprojectreportdata) - now supports *allowlists* (`cf_key_allowlist`) and *blocklists* (`cf_key_blocklist`) to control which custom fields are returned. * [**Get Test Suite**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/gettestsuite) - now returns "files". ## 30 October 2025 ### Enhancements to Emails! *...Damn. That's a good looking email!* 🤩 is what people will be saying when they receive your newly styled AttackForge emails! 🥳 We've overhauled the email notifications to provide even more flexibility, predictability and flare to your emails. #### Script Editor With Live Preview Gone are the days of having script in a text box, making it almost unusable to change your email templates. Now you have the full power of a code editor with syntax highlighting and code auto-formatting - making it a breeze to whip up new emails or modify your emails on the fly! You will get **instant feedback** in the `Preview` tab. *No more guesswork* on how the emails will look when they land in the inbox. You will have *peace of mind* even before the emails are sent. You can also click on the `HTML` tab to inspect the code to see exactly what will be sent in the email.

#### New Global Email Template Settings We've removed all barriers - you now have *FULL CONTROL* over your email template 💪 Want to include `` tags? What about your own custom CSS stylesheets? How about links to external files and images? Now, you're **in control** over everything which goes in to your emails. Start making changes by visiting `Administration > Notifications > Templates > Header and Footer`

#### Configurable Daily/Weekly Emails The Daily/Weekly Summary Emails have a lot of really useful information. The only problem before was that these emails could not be modified. That's no longer a problem. You can now include the *exact data you need*, and style them exactly *how you need them to look*. Start making changes by visiting `Administration > Notifications > Users > Email User on Daily Project Update` and `Administration > Notifications > Users > Email User on Weekly Project Update`

#### New Email Tags We've added a whole heap of [new email tags](https://support.attackforge.com/attackforge-enterprise/getting-started/notifications#custom-email-meta-tags), to ensure you can always include the information you need in your emails. ### Updates to Flows We've made our in-house [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows) engine *even more powerful and easier to use*! 😍🤟 Workflow automation and integrations have never been so flexible and easy to build! > Keep an eye out 👀 for our upcoming releases which are going to *turn Flows on its head*! 😉🤫 #### New Action Type - Script Introducing [Script Actions](https://support.attackforge.com/attackforge-enterprise/modules/flows#script-action) - the latest addition to our arsenal of [Flow Actions](https://support.attackforge.com/attackforge-enterprise/modules/flows#actions)! > Script Actions make it easy to *separate your business logic from your HTTP Request/Response logic*. Script Actions can execute user-defined logic. Script Actions can receive input from [Data](https://support.attackforge.com/attackforge-enterprise/modules/flows#data) and output Data into the proceeding Action. In the example below: * **Action 1 (HTTP)**: Retrieves vulnerabilities from the AttackForge Self-Serviced APIs. * **Action 2 (Script)**: Takes the vulnerabilities from Action 1; groups them into the required format, then passes them into Action 3. * **Action 3 (HTTP)**: Sends the formatted vulnerabilities to an external security platform.

The Script Action contains a single code editor where the script can be entered in and modified.

#### New Flows Events We've added even more [Events](https://support.attackforge.com/attackforge-enterprise/modules/flows#internal-events) to trigger more automations and integrations when you need them! * **Writeup Created** * **Writeup Updated** These events are super handy for triggering a workflow to start a QA review for a new or modified [Writeup](https://support.attackforge.com/attackforge-enterprise/modules/vulnerability-library). They're also useful for keeping tabs on when new content is created, in case you would need to perform automated analysis or integration with *your own AI tools*, for example to improve the quality of descriptions and recommendations. You can also leverage these events to hook into your own version control! * **Workspace File Uploaded** This event is perfect for notifying you as soon as a client uploads a file to the project workspace! You no longer need to anxiously keep checking for new updates 😎 * **Project Test Case Updated** This event is great for programmatically monitoring progress on tests, to ensure testing is on track and even providing *progress updates in real time* to project stakeholders and external systems! #### User Id in Events [Events](https://support.attackforge.com/attackforge-enterprise/modules/flows#internal-events) now include the user id for the user which triggered the event. This is useful if you are needing to attribute the creation or modification of a record to a person, for example: * Notify people for who just approved or created a new project * Let people know who just created or modified a Writeup * Know if a pentester or a client just uploaded a file #### Terminate a Running Flow We all make mistakes. Nobody is perfect. But when you make a mistake building an automation or integration - the outcome can be spoooOOOoooky 🎃 (hey, it's almost Halloween - cut us some slack). You know what we mean - setting up an automation, your loop becomes a bit too loopy, and now someone just received 10,000 emails. Or you're creating vulnerabilities - forgot to add an important piece of data - and now 3,000 unattributable vulnerabilities just surfaced. Don't worry - now you can terminate a running Flow! Stop the flow dead in its tracks 🦸‍♂️ and prevent the damage from building up. #### Download Large HTTP Responses Are you processing vast amounts of data in your Flows? When the data in your [Request](https://support.attackforge.com/attackforge-enterprise/modules/flows#request) or [Response](https://support.attackforge.com/attackforge-enterprise/modules/flows#response) is too big - you will now see an option to download the data directly as a file. This makes it far easier to use the data, for searching or manual inspection. #### Action Modals Now Display Titles We've added the titles for all [Actions](https://support.attackforge.com/attackforge-enterprise/modules/flows#actions) to the modal when you're working on an Action. This makes it easier to keep track of which scripts you are working on - to avoid mistakes! #### All Messages Show on Flow Run Page We've made it possible to view the message on the outcome of a [Flow Run](https://support.attackforge.com/attackforge-enterprise/modules/flows#run-overview) - regardless of whether it was successful or not.

#### Synack Integration Are you working with Pentest-as-a-Service (PTaaS) providers? Do you wish you could collaborate effortlessly on vulnerabilities and retesting? 🤔 We've created fully bi-directional [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows#import-synack-vulns) with [Synack](https://www.synack.com/) to help you: * Automatically ingest vulnerabilities discovered in the Synack portal * Automatically inform Synack when vulnerabilities are Ready for Retesting * Automatically receive updates when vulnerabilities have been updated in the Synack portal * Automatically close vulnerabilities when they have been closed in the Synack portal * Automatically create Remediation Notes when new comments are posted on the vulnerability in the Synack portal You can read more about these [Flows on our Support Portal](https://support.attackforge.com/attackforge-enterprise/modules/flows#import-synack-vulns). Or import these Flows into your AttackForge from our [Flows GitHub Repository](https://github.com/AttackForge/Flows).

> Not using Synack? Import and configure these Flows for your own PTaaS provider! ### Review Notes on Project Test Cases and Project Summary In recent updates, we've focused on making quality assurance reviews ✅ *faster and easier* in AttackForge. In this update, we've extended [Review Notes](https://support.attackforge.com/attackforge-enterprise/getting-started/reviewing-and-qa-vulnerabilities) to **Project Test Cases** and **Project Summary**:

> Review Notes are coming soon to Writeups! 👀 ### UX Improvements #### Improved Experience When Scoring Vulnerabilities As part of our mission to bring you the *best vulnerability scoring experience* - we've started with enhancing how CVSS Version 3 scores are captured. You now have a modal experience which helps to: * Paste CVSS Vector strings to automatically score the vulnerability * Easily score, with support for metrics sections and no scrolling needed! * Better validation and user feedback when scoring * Access multiple scoring tabs (coming soon!)

> Watch out for CVSS Version 4 and Build-Your-Own-Scoring-Systems coming soon! #### Rich-Text Editor Now Supports Strikethrough and Blockquote We've (yet again) extended the rich-text editor! This time we've added support for strikethrough and blockquote.

> Strikethrough and Blockquote are also now supported in reports! #### Project Notes Now Support Files and Inline Images We've added support for file uploads and image previews to Project Notes! 🤩 This provides even more options on capturing and storing the right information in the right places on your projects.

#### Workspace Items Now Support Inline Images You can now include inline images in your workspace items!

#### Drag and Drop Files Into Workspace Files and Testing Logs We've extended the file upload feature to support drag and drop ability for Workspace Files and Testing Logs. #### Workspace Files, Testing Logs and Workspace Item Files Now Support Captions You can now add captions to files which have been uploaded to: * Workspace Files * Testing Logs * Workspace Item Files #### Copy Ids Directly From Page Titles and Page Breadcrumbs We've made it possible to now copy ids directly from page titles and page breadcrumbs. This saves time and effort if you are working with APIs, [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows) and scripts. #### Hide Expression Support for `project.core.linked_portfolio_streams` We've extended [Hide Expressions](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#hide-expressions-conditions) on Vulnerabilities to support [Portfolios and Streams](https://support.attackforge.com/attackforge-enterprise/modules/portfolios) assigned to the Project. This means you can have custom sections and custom fields either hide or show on your vulnerability form, based on which portfolios and streams are assigned to the project you are working on. ### Asset and Portfolio Forms Upgraded We've powered-up the [Asset](https://support.attackforge.com/attackforge-enterprise/modules/assets) and [Portfolio](https://support.attackforge.com/attackforge-enterprise/modules/portfolios) forms! 🚀 * Re-order the entire forms - have full control over where the fields are shown * Create custom sections - group your fields into relevant sections * Rename the default sections, or remove them entirely * Apply [Hide Expressions](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#hide-expressions-conditions) against sections to hide entire sets of fields when they are not relevant, or show them when they are!

### Affected Components Now Track Actioned Status You can now use `Actioned` status for individual Affected Components on every Affected Asset on a Vulnerability! This is useful to track exactly which components of the affected asset (API endpoint, TCP port, line of code, etc.) has been fixed, and which ones haven't.

### Updates to ReportGen We're always improving on our kick-ass reporting engine - **ReportGen** 🥋 #### New Stacked Bar Chart We've added support for stacked bar charts! 📊 These charts are useful when you have multiple sources of data to represent, for example when you have vulnerabilities with different ratings (Critical, High, Medium, Low) categorized by an identifier (OWASP Top 10, CWE, CAPEC, etc.).

#### Updated Resize Filter The [Resize filter](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#resize) now supports up to 1500 pixels, for even larger in-line WYSIWYG images in reports! #### Format Dates in Report File Names We've added support for the `{now}` tag which can be placed in the report name configuration. This tag will be replaced when the report is generated, with an ISO 8601 date representing the current time. You can also add a [dateFormat](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#dateformat) filter to adjust the representation of the date, for example `{now | dateFormat:["mm/dd/yyyy"]}`. #### Increased Support For `"$(variable)"` We've extended support for [**$increment**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-functions#usdincrement), [**$decrement**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-functions#usddecrement), [**$includes**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-functions#usdincludes), [**$assign**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-functions#usdassign), and [**$equals**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-functions#usdequals) to reference dynamic variable names. ### Updates to AFScript We've powered-up 🔋 our in-app programming language [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript) to make writing scripts even easier! * **New** functions: * [**String.includes()**](https://support.attackforge.com/attackforge-enterprise/afscript#strings) - performs a case-sensitive search to determine whether a given string may be found within this string, returning `true` or `false` as appropriate. * [**Object.entries()**](https://support.attackforge.com/attackforge-enterprise/afscript#objects) - returns an array of a given object's own enumerable string-keyed property key-value pairs. * [**Object.keys()**](https://support.attackforge.com/attackforge-enterprise/afscript#objects) - returns an array of a given object's own enumerable string-keyed property names. * [**Object.values()**](https://support.attackforge.com/attackforge-enterprise/afscript#objects) - returns an array of a given object's own enumerable string-keyed property values. ### Enhancements to Self-Service APIs We're always improving our Self-Service APIs to make automations and integrations even easier! 💪 * **New** RESTful endpoints: * [**Markdown To Rich-Text**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/markdowntorichtext) - convert Markdown data to HTML data supported in the AttackForge rich-text fields. * [**Archive Group**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/archivegroup) - Archive a group. * [**Restore Group**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/restoregroup) - Restore a previously archived group. * **Updates** to REST endpoints: * All GET endpoints which support custom fields now also support *allowlists* (`cf_key_allowlist`) and *blocklists* (`cf_key_blocklist`) to control which custom fields are returned. * [**Create Group**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/creategroup) and [**Update Group**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updategroup) - now supports configuring SSO and Group Member access controls; auto add project requests; and enabling project team notifications. * [**Get Group**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getgroup) - now returns all group data, including SSO and Group Member access controls; auto add project requests config; and enable project team notifications config. ## 27 August 2025 ### Scheduled Flows - For Automated Daily Tasks, Polling-Based Integrations and Cron Jobs We're super excited to release [**Scheduled Flows**](https://support.attackforge.com/attackforge-enterprise/modules/flows#scheduled-events) which means you can now ***schedule repetitive or one-time tasks*** within AttackForge! ⏰🦾 Need a Flow to run every morning? How about the end of the month? We've got you covered! 😌 *Scheduled Flows can help you to:* * Create polling-based integrations and data syncing with external APIs and tools * Create batch-jobs, like daily/weekly/monthly reports on progress of your security testing program * Schedule automated tests based on configurable policies such as criticality of assets * Clean-up old testing data based on configurable policies such as expiration dates

To make Scheduled Flows super flexible, we support [cron](https://en.wikipedia.org/wiki/Cron). Cron is the *golden standard* 🌟 when it comes to scheduling repetitive or one-time tasks. We've built a **crontab helper** 🤖 which makes building your schedule even easier:

We've also added a *next run* indicator - for peace of mind that your schedule will run exactly when you need it:

You can also set which timezone to use 🌏

After your Flow is created, you can always check to see when the next run is scheduled:

And view the details of a specific [Flow Run](https://support.attackforge.com/attackforge-enterprise/modules/flows#runs)

### Delay and Repeat Flow Actions We've added options to `delay` and `repeat` [Flow Actions](https://support.attackforge.com/attackforge-enterprise/modules/flows#actions)! This opens *a world of possibilities* in how you can use your Flow Actions 💪 #### [Repeat Action](https://support.attackforge.com/attackforge-enterprise/modules/flows#decision) * Create a 'for loop' Action over a list of data - for example create a new vulnerability for each record in a long list. * Interact with paginated endpoints to retrieve the full list of results. * Request failed; update the payload and try again. When you repeat an action, you can also modify its context. This means you can pass in new data to the Action. #### Action (Request)

#### Action (Response)

***Example 1: Process list of data*** Say you have 100 vulnerabilities in a list. The purpose of your Action is to create a new vulnerability. On the *first iteration* of the Action, you create vulnerability `1 out of 100` - leaving 99 more to go. You can then repeat the Action, updating the list to remove the vulnerability which was just created. On the *second iteration* of the Action, you create vulnerability `2 out of 100` - leaving 98 more to go. This process repeats until you have 0 vulnerabilities left in the list to process, then you call *next* to move on to the next Action in your Flow, or *finish* to gracefully end your Flow. ***Example 2: Interact with paginated endpoints*** Say you have 1000 vulnerabilities you need to access, however the page length of the API endpoint only returns 50 at a time. The purpose of your Action is to fetch a page of vulnerabilities. On the *first iteration* of the Action, you fetch vulnerabilities `1 to 50 out of 1000` - leaving 950 more to go. You can then repeat the Action, updating the page marker to fetch the next page. On the *second iteration* of the Action, you fetch vulnerabilities `51 to 100 out of 1000` - leaving 900 more to go. This process repeats until you have 0 pages left to fetch, then you call *next* to move to the next Action in your Flow, or *finish* to gracefully end your Flow. When an Action repeats, the logs for each iteration will be visible to you in the [Flow Run](https://support.attackforge.com/attackforge-enterprise/modules/flows#run-overview) logs.

#### [Delay Action](https://support.attackforge.com/attackforge-enterprise/modules/flows#decision) * Safely interact with request-throttled endpoints - for example APIs with restricted number of requests per minute. * Reduce likelihood of issues interacting with asynchronous APIs where data is not ready on time. * External endpoint is down; retry the request with a delay until service comes back online. Delaying an Action is *easy to do*, you just pass in a number (in milliseconds) to the [Return Statement](https://support.attackforge.com/attackforge-enterprise/modules/flows#the-return-statement). You can delay anywhere `from 1 millisecond to 24-hours`. ***Example 1: Throttle requests to API endpoint*** Say you are working with an API which accepts 100 requests per minute. However you have 200 requests you need to make. You can add a `1-second delay` between each repeated Action:

***Example 2: Delay requests until system is back online*** Say you are working with an API, however that API returns an error indicating it's currently not available. You can add a `30-second delay` between each repeated Action until (hopefully) the service is back up and running again:

> Keep an eye out 👀 *even more amazing new features coming to Flows soon*! ### HTML Tables in Rich-Text Fields and Reports We've finally added support for HTML tables in rich-text fields! 🥳 You can now `create or paste tables` in your rich-text fields, and make them look beautiful in your reports 😍 You can even adjust column widths and row heights, or create lists and inline code in your tables!

You can also scroll and expand the tables when viewing the data, in case you have lots of columns or rows. And best of all - the tables will show in your reports, including the custom column widths and row heights! You can even add [Custom Styling](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-styles#table-styling) for your HTML tables in your reports 😎 ### Text Highlighting in Rich-Text Fields and Reports We didn't just stop at HTML tables - we've also added text highlighting for rich-text fields! ✍️ You can pick from different colors to really make your text pop! 🟡🔵🔴

The text highlights will show when you view the data in the portal and within the reports.

### Review Notes Improvements In the persuit of making *QA reviews faster and easier using AttackForge* - we've made major user experience improvements to Review Notes: * Review Notes in the *Reporting tab* on the project have been extended to include all custom fields * Threads are now displayed as an overlay * A preview of a note being replied to is now shown above the input * Clicking on a reply note will scroll the note in to view and show a highlight * Note actions (reply and delete) only appear on hover * Notes which are a reply to another note will only show a one line preview of the reference note with a tooltip

> Stay tuned for many more improvements coming to review features and workflows in AttackForge! ### New OWASP Test Suites AttackForge Test Suites play an *important role* in measuring the **success**, **transparency** and **impact** for any security audit. If *you're a pentester* - you can measure and improve the performance of your testing methodology; demonstrate the depth of manual testing coverage; and collaborate efficiently with others to save you time and effort - whilst avoiding night terrors thinking you forgot to test something! If *you're a customer* - knowing what, when, where, who, why and how your assets were tested is crucial to measuring visibility, impact, standardization and return of investment in your security program. In this release, we have included even more security checklists and benchmarks from OWASP: * [**OWASP Desktop App Security Top 10 2021**](https://github.com/AttackForge/TestSuites?tab=readme-ov-file#desktop-applications) * [**OWASP Operational Technology (OT) Top 10 2025**](https://github.com/AttackForge/TestSuites?tab=readme-ov-file#operational-technology-ot) * [**OWASP Web Application Security Top 10 2021**](https://github.com/AttackForge/TestSuites?tab=readme-ov-file#web-application--api) * [**OWASP API Security Top 10 2023**](https://github.com/AttackForge/TestSuites?tab=readme-ov-file#web-application--api) * [**OWASP Mobile Application Security Testing Guide (MASTG) Version 2 2025**](https://github.com/AttackForge/TestSuites?tab=readme-ov-file#mobile-application) * [**OWASP Mobile Top 10 2024**](https://github.com/AttackForge/TestSuites?tab=readme-ov-file#mobile-application) * [**OWASP Top 10 CI/CD Security Risks 2023**](https://github.com/AttackForge/TestSuites?tab=readme-ov-file#cicd) * [**OWASP Low Code/No Code Top 10 2024**](https://github.com/AttackForge/TestSuites?tab=readme-ov-file#low-codeno-code) You can import these in to your existing or new test suites. > You can also create your own custom testing methodologies in the Test Suites module!

### New JIRA and ServiceNow Flows We've added new Flows to help you with **bi-directional custom integrations and workflows** in Atlassian JIRA and ServiceNow. You can use our [Flows Templates](https://github.com/AttackForge/Flows) to get up and running fast! [***JIRA Issue Retest -> Update Vuln to Ready for Retest***](https://support.attackforge.com/attackforge-enterprise/modules/flows#jira-issue-retest-greater-than-update-vuln-to-ready-for-retest)

[***Close JIRA Issue***](https://support.attackforge.com/attackforge-enterprise/modules/flows#close-jira-issue)

[***Re-Open JIRA Issue***](https://support.attackforge.com/attackforge-enterprise/modules/flows#re-open-jira-issue)

[***ServiceNow Incident Retest -> Update Vuln to Ready for Retest***](https://support.attackforge.com/attackforge-enterprise/modules/flows#servicenow-incident-retest-greater-than-update-vuln-to-ready-for-retest)

[***Close ServiceNow Incident***](https://support.attackforge.com/attackforge-enterprise/modules/flows#close-servicenow-incident)

[***Re-Open ServiceNow Incident***](https://support.attackforge.com/attackforge-enterprise/modules/flows#re-open-servicenow-incident)

### Updates to Tenable Security Center and Invicti Netsparker Vulnerability Import Parsers Importing vulnerabilities from Tenable and Invicti is now even better! We've updated the `Tenable Security Center` vulnerability import parser to support even more fields from Tenable. We've also updated the `Invicti Netsparker` vulnerability import parser to support Invicti Netsparker Enterprise. ### Advanced Filtering Now Available In More Places! Previously we introduced [Advanced Filtering](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering) - a way to quickly and easily find the *exact information that you need*. You can combine Advanced Filtering with [Custom Views](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#custom-views) to save your search filters and effortlessly repeat your custom search time-and-time again. In this release, we rolled out Advanced Filtering even wider: * Groups * Portfolios * Test Suites and Test Cases * Project Test Cases * Project Retesting * Project Scope * Import Vulnerabilities * Users We've also added a *copy* button on the table row to make it easier to copy the system id for a record, without having to view it first.

### Updates to ReportGen We're always improving on our kick-ass reporting engine - **ReportGen** 🥋 #### Configure Image Downscaling in Reports AttackForge utilizes image downscaling for dynamic reporting images to help improve performance and speed for report generation. Dynamic images are images that are uploaded to AttackForge, not statically input into your report template. Images are downscaled by default to `975 pixels`. This is an ideal balance for most images for reporting purposes. However, you can increase or decrease this threshold. Increasing the Max Image Width will ***improve image quality***, however may increase report generation time. Decreasing the Max Image Width may ***speed up report generation time***, however image quality will also be decreased. Images can be downscaled to any value between `100 pixels and 2000 pixels`.

#### Table Styling Options With this release now supporting HTML tables in rich-text fields, we've also added the ability to override the style of your tables, per-field, in your report templates. This gives you full control over how your tables look and feel in your reports! {% code overflow="wrap" %} ``` {@_styled(“table_alignment”:”center”,”table_columns_width”:”5000”,”table_rows_split_across_pages”:”true”,”table_borders_thickness”:”30”,”table_borders_color”:”ff5733”,”table_cells_margin_top”:”1”,”table_cells_margin_bottom”:”1”,”table_cells_margin_left”:”1”,”table_cells_margin_right”:”1”,”table_cells_borders_thickness”:”10”,”table_cells_borders_color”:”6c3483”,”table_rows_header_style”:”CustomTableHeader”,”table_rows_header_background_color”:”00B050”,”table_rows_header_height”:”600”,”table_rows_header_vertical_alignment”:”center”,”table_rows_body_style”:”CustomTableBody”,”table_rows_body_vertical_alignment”:”center”,”table_rows_body_background_color”:”c7fcc5”,”table_rows_body_height”:”1000”)} ``` {% endcode %} * table\_alignment - left/center/right * table\_columns\_width - pixels e.g. 5000 * table\_rows\_split\_across\_pages - true/false * table\_borders\_thickness - pixels e.g. 30 * table\_borders\_color - hex color code e.g. 000000 * table\_cells\_margin\_top - pixels e.g. 1 * table\_cells\_margin\_bottom - pixels e.g. 1 * table\_cells\_margin\_left - pixels e.g. 1 * table\_cells\_margin\_right - pixels e.g. 1 * table\_cells\_borders\_thickness - pixels e.g. 10 * table\_cells\_borders\_color - hex color code e.g. 000000 * table\_rows\_header\_style - maps to a Word style (don't put whitespace in the style name) * table\_rows\_header\_background\_color - hex color code e.g. 000000 * table\_rows\_header\_height - pixels e.g. 600 * table\_rows\_header\_vertical\_alignment - top/center/bottom * table\_rows\_body\_style - maps to a Word style (don't put whitespace in the style name) * table\_rows\_body\_vertical\_alignment - top/center/bottom * table\_rows\_body\_background\_color - hex color code e.g. 000000 * table\_rows\_body\_height - pixels e.g. 1000 #### New Filter: Array\_Chunk If you've ever found yourself adding a list of data in your report, and thinking *there's way too much whitespace. It would look so much better in a table with multiple columns... but how to make the columns adjust to the length of my data?* Well now you're in luck 🍀 We've added a new filter [Array\_Chunk](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#array_chunk) which can be used to create an array of elements split into groups the length of `size`. If the array can't be split evenly, the final chunk will be the remaining elements. Each array is then accessible inside the parent loop via `chunk[index]`. ``` array_chunk(['a', 'b', 'c', 'd'], 2); // => [['a', 'b'], ['c', 'd']] array_chunk(['a', 'b', 'c', 'd'], 3); // => [['a', 'b', 'c'], ['d']] {#tag | array_chunk:}{chunk[0]}{chunk[1]}{chunk[...]}{/} ``` For example, say you wanted to distribute your project scope assets across three (3) columns to help save whitespace in the report - you could do the following:

The result will be the distribution of each asset across three columns:

#### Ignore Labels with 0 Value We've added a new chart option which helps to remove labels from charts which have a `0` value. For example - the following chart has 0 Critical, 0 High and 0 Medium findings:

By specifying `"ignore_falsy_values": true,` inside the `"data": {...}"` object of your chart settings (e.g. `"data": {"ignore_falsy_values": true,...}"`) the chart will then ignore labels with a 0 value.

### Enhancements to Self-Service APIs We're always improving our Self-Service APIs to make automations and integrations even easier! 💪 * **New** RESTful endpoints: * [Update Linked Projects on Vulnerabilities](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updatelinkedprojectsonvulnerabilities) - link or unlink projects to vulnerabilities. * [Get Asset Library Assets](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getassetsinlibrary) - search assets in the library using POST in case you have hundreds/thousands of assets in your custom filter * [Destroy Projects](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/destroyproject) - destroy all data on a project. Spare logs - or don't - i'm a release note, not a cop. * **Updates** to REST endpoints: * [Get Test Suites](http://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/gettestsuites) - we've added support for the test suite code and sort order. * [Get Test Suite](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/gettestsuite) - we've added support for the test suite code and sort order, as well as for every individual test case. ## 11 July 2025 ### Build Your Own Custom APIs! We're super pumped to release **HTTP Triggers** for [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows) which means you can now ***build your own custom APIs*** in AttackForge! 🤩💪 Why would you want to build your own custom APIs you might ask? 🤔 Well, for starters: * Your external systems can push data directly to AttackForge in real-time, whenever you need it! * You can run an automation in AttackForge on your own terms * You can create custom integrations which are triggered on-demand * You can create modularized Flows (trigger them from other Flows!) Still not quite sure where to start with this superpower? 🦸 We've got you covered! We created an example video demonstrating how *a security researcher can submit a new vulnerability in* [*HackerOne*](https://www.hackerone.com/) *and it's in AttackForge instantly!* > No delays = No unnecessary risk exposure! {% embed url="" %} You can create your own custom workflows, for example: * Fetch information about the affected asset from an external CMDB or from within the AttackForge [Assets Library](https://support.attackforge.com/attackforge-enterprise/modules/assets), and use this information for *contextualized prioritization and risk scoring* * Custom score the vulnerability using *threat and vulnerability intelligence data* from external databases like Flashpoint's [VulnDB](https://flashpoint.io/ignite/vulnerability-intelligence/) * *Enrich the vulnerability* with [CWE](https://cwe.mitre.org/) data using the [MITRE CWE API](https://github.com/CWE-CAPEC/REST-API-wg) - descriptions, remediation advice, references, etc. * *Create tickets in external tools* like [Atlassian JIRA](https://www.atlassian.com/software/jira), [ServiceNow](https://www.servicenow.com/), [Azure DevOps](https://azure.microsoft.com/en-us/products/devops) and others * Trigger conditional email notifications for *automatic escalations* * *Post a message* to [Slack](https://slack.com/), [Teams](https://teams.live.com/) or other collaboration tools > This is just a taste for what powered-up Flows can now do!

Every [HTTP Triggered Flow](https://support.attackforge.com/attackforge-enterprise/modules/flows#external-events) comes with the following: * A [dedicated URL](https://support.attackforge.com/attackforge-enterprise/modules/flows#http-trigger-url) to receive your instructions and launch your Flow (you can even rotate it too!) * Configurable [HTTP Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods) * Option to [enable and control Authentication and Authorization](https://support.attackforge.com/attackforge-enterprise/modules/flows#http-trigger-authentication) * Ability to control input into the Flow, and output from the Flow * Unlimited number of [Actions](https://support.attackforge.com/attackforge-enterprise/modules/flows#actions) performed by your Flow * Support for custom scripting using [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript)! * Support for [Secrets](https://support.attackforge.com/attackforge-enterprise/modules/flows#secrets) * Whitelist or blacklist [HTTP Headers](https://support.attackforge.com/attackforge-enterprise/modules/flows#trigger-configuration) We've also added a README section for each Flow, so now you can document how your Flow works - and make that documentation available to others!

We've also added [new Flows access controls](https://support.attackforge.com/attackforge-enterprise/modules/flows#getting-access-to-flows) for even more granular access on how your users can use different types of Flows.

And we didn't stop there - we extended the [Flow permissions](https://support.attackforge.com/attackforge-enterprise/modules/flows#sharing-flows-with-teams) so you have even more granular control for how each individual Flow can be used by every authorized user.

We also improved the user experience with [Secrets](https://support.attackforge.com/attackforge-enterprise/modules/flows#secrets) to make them even easier to use, and more accessible where you need them! And we are not done with Flows just yet 😉 stay tuned for even more exciting Flows updates coming in the next release! ### Portfolios and Stream Analytics Now Available [Portfolios](https://support.attackforge.com/attackforge-enterprise/modules/portfolios) has been instrumental for many security teams and organizations - helping them to track and monitor security for their: * Business Units, Subsidiaries and Functional Teams * Applications, Systems and Technologies * Geographies * Compliance obligations * Security Programs * Mergers and Acquisitions We've now added Analytics for every Portfolio and Stream - providing *even better tracking, monitoring, reporting and coverage!* Answer the tough questions easily: * *What are the most common vulnerabilities?* * *Which assets need the most attention?* * *What are the root causes for these vulnerabilities?* * *Are we getter better, or are we getting worse?*

### DRAFTS Now Available for Writeups, Project Requests, Assets and Test Cases In the last release, we introduced DRAFTS - a game-changer for being more *effective and efficient* with how you create data, putting you *in control* of when to publish. DRAFTS ensure you *never lose your data* with the real-time autosave feature - so you always have peace of mind knowing that we got you covered. Stash your data, come back to it when you need it (or dont!). Work on multiple concurrent DRAFTS. In this release, we rolled out DRAFTS even wider: * Writeups * Assets * Test Cases * Project Requests

DRAFTS are coming to even more places soon, including a central location where you can find all of your DRAFTS for everything in one place! ### Review Notes Improvements We've improved [Review Notes](https://support.attackforge.com/attackforge-enterprise/getting-started/reviewing-and-qa-vulnerabilities)! They now support *every system and custom field* - you can even start a thread on multiple topics!

Stay tuned for other exciting updates coming soon for QA and Reviews! ### Advanced Filtering Now Available for Writeups, Assets and Project Requests In the last release, we introduced [Advanced Filtering](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering) - a way to quickly and easily find the *exact information that you need*. You can combine Advanced Filtering with [Custom Views](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#custom-views) to save your search filters and effortlessly repeat your custom search time-and-time again. In this release, we rolled out Advanced Filtering even wider: * Writeups * Assets * Projects * Project Requests We also extended Advanced Filtering to even more field types!

### User Session Improvements We know this is long overdue, but it's *finally* here! We've overhauled how we manage user interactivity - to give you the best possible user experience when it comes to your active session! We now *detect mouse clicks and keyboard strokes* to help keep your session alive. This means you will no longer timeout when writing detailed vulnerability writeups, or interacting with any part of the application! We've also included a configurable session inactivity timeout warning. By default, this message will show when you have 1 minute left on your session.

When your session times out, you will see a pop up message in the center of the screen.

If you click on the `X` - you will be able to copy any data already loaded or entered into your page.

You can configure when the timeout warning pops up, and also whether you want users to be automatically redirected to login after session timeout or not.

### User Invitation Improvements Now when you invite a new user to AttackForge, you can include their first name and last name to make the invitation more personal, and save them the hassle filling it in later! ### AFScript Improvements We've added support for [HMAC](https://en.wikipedia.org/wiki/HMAC) signature verification in [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript)! HMAC can provide authentication using a shared secret. This can be used to help verify both the data integrity and authenticity of a message. This is ideal for use cases where you might want to verify a payload in [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows) and cannot rely on using [HTTP Trigger Authentication](https://support.attackforge.com/attackforge-enterprise/modules/flows#http-trigger-authentication). ### Enhancements to Self-Service APIs We're always improving our Self-Service APIs to make automations and integrations even easier! 💪 * **New** RESTful endpoints: * [Delete Vulnerability Evidence](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/downloadvulnerabilityevidence) - delete a file uploaded to a vulnerability * **Updates** to REST endpoints: * [Update Project](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updateproject) - we've added support for updating [Reporting Custom Fields](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#reporting-custom-fields) and [Summary Page Custom Fields](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#summary-page-custom-fields) ## 28 May 2025 ### Advanced Filtering in Tables You can now do [Advanced Filtering](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering) in tables! 🤩 Advanced filtering can help you *quickly and easily find the information you need*. You can combine Advanced Filtering with [Custom Views](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#custom-views) to save your search filters and effortlessly repeat your custom search time-and-time again.

So what makes it **advanced**? 🧐 Let's take a look: * [Contains](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#contains) * Does not contain * Match whole word * Match case * [Starts With](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#starts-with) * Does not contain * Match whole word * Match case * [Ends With](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#ends-with) * Does not contain * Match whole word * Match case * [Wildcard / Globbing](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#wildcard) 💪 * Does not * Match case * [Regular Expressions (RegEx)](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#regex) 🚀 * Does not * Match case > Advanced Filtering is available in the *Filters* section of your table, or when selecting an individual column filter. You can now apply a filter which will return the **exact data** you need in your table! Advanced filters can be applied across multiple fields. You can also set multiple filters on the same field! When you need the extra power or flexibility - [Wildcards / Globbing](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#wildcard) and [Regular Expressions](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#regex) come to the rescue! The Wildcard filter is used to perform Glob matching or [globbing](https://en.wikipedia.org/wiki/Glob_$programming$#Syntax) using wildcards (like `*` and `?`) to match values based on patterns. The following globs are supported: * Wildcards (`**`, `*.js`) * Negation (`'!a/*.js'`, `'*!(b).js'`) * [extglobs](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#extglobs) (`+(x|y)`, `!(a|b)`) * POSIX character classes (`[[:alpha:][:digit:]]`) * [brace expansion](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#brace-expansion) (`foo/{1..5}.md`, `bar/{a,b,c}.js`) * [regex character classes](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Character_class) (`foo-[1-5].js`) * regex logical "or" (`foo/(abc|xyz).js`) Examples using Wildcards: ``` 1. Filtering for xss OR cross site scripting anywhere in the Vulnerability title ``` `*xss*|*cross site scripting*` ``` 2. Filtering for NOT 'HTTP' AND NOT 'MIME' anywhere in the Vulnerability title ``` `!(*HTTP*|*MIME*)` When a Wildcard just isn't enough, Regular Expressions (RegEx) unlock a new level of possibilities!

Regular Expressions are widely used due to their ability to perform powerful text manipulation and pattern matching. When using Regular Expressions, you're only limited by your creativity! If you're unfamiliar with RegEx, there's hundreds of online tools to help you build and test your regular expressions to ensure they work exactly how you expect them to. > Advanced Filters can be saved in your [Custom Views](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#custom-views). Advanced Filtering is now supported on Vulnerabilities and is coming to more tables very soon! ### Vulnerability Drafts Sick and tired of working long and hard on writing vulnerabilities, only to lose them because your session timed out? What about when you need to stash a vulnerability and come back to it later? Or you're simply *not ready to share it* for others to see? Vulnerability drafts solve these painful problems - plus more! When working on a new vulnerability, **every change you make is autosaved**. Any field you enter in data or change, any file you upload - is now saved against your draft.

You can see all of your drafts by clicking on *Draft Vulnerabilities* when filtering your vulnerability views. You can click on any of your drafts to resume from exactly where you left off.

Drafts are currently only on Vulnerabilities, however will be supported wider very soon! ### Groups Now Support Custom Fields We've added Custom Fields to Groups! 🥳 This means you can now capture information about your **clients, teams, business units, platforms, technologies and more** - store that information in a centralized location with *field-level access controls*, and use that information in: * [Reports](https://support.attackforge.com/attackforge-enterprise/modules/reporting) * [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows) * [APIs](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api) * [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript) * [Advanced Filters](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering) * [Notifications](https://support.attackforge.com/attackforge-enterprise/getting-started/notifications) * [SLAs](https://support.attackforge.com/attackforge-enterprise/getting-started/vulnerability-slas)

> You can also create custom sections and re-order your form to exactly how you want it! ### Writeups Now Support Form Configuration We've powered-up the Writeups form! 🔋 * Re-order the entire form - have full control over where the fields are shown * Create custom sections - group your fields in to relevant sections * Rename the default sections, or remove them entirely * Apply [Hide Expressions](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#hide-expressions-conditions) against sections to hide entire sets of fields when they are not relevant, or show them when they are!

### Custom Views Now Supported Across Application Previously we brought you [Custom Views](https://support.attackforge.com/attackforge-enterprise/getting-started/advanced-filtering#custom-views) - a way to make it easy to save your favourite and frequently used table views. Custom Views help to *easily configure and switch between different views of your data*, providing flexibility in how you want to see and use your data. We've extended Custom Views across the application, so you can benefit from them in even more places! * Vulnerability tables * Project tables * Scheduling calendar and tables * Project Request tables * Project Test Cases table * Project Scope tables * Assets tables * Portfolio and Stream tables * Groups table * Writeups tables * Test Suites tables * Test Cases tables * Users table

### New Red Team Reporting Template We've released a new **Red Team Reporting Template** to help you bootstrap a red-team report, fast! 🏃‍♂️‍➡️ Red Team reports != Pentest reports. They're structured differently. They tell a different story. This is why they need to be built to handle the unique needs of red teams. To get started - download the *AttackForge Red Team Report* [Example](https://attackforge.com/attackforge-core-enterprise/report-templates/af-red-team-report-v3-0-example.docx), [Template](https://attackforge.com/attackforge-core-enterprise/report-templates/af-red-team-report-v3-0-template.docx) and [Test Data](https://attackforge.com/attackforge-core-enterprise/report-templates/af-red-team-report-test-data.json). You can build the report and experiment with the template in [ReportGen](https://www.attackforge.com/reportgen.html). > You can download ReportGen locally from **Report Templates > ReportGen > Offline Browser Tool**

### New Powerpoint-Style Template We've also released a new **Powerpoint-styled Executive Summary Presentation Template** to help you create a slick presentation to wow your clients! 😎 To get started - download the *AttackForge Exec Summary Slide Deck* [Example](https://attackforge.com/attackforge-core-enterprise/report-templates/af-pentest-exec-summary-slide-deck-example.pdf), [Template](https://attackforge.com/attackforge-core-enterprise/report-templates/af-pentest-exec-summary-slide-deck-template.docx) and [Test Data](https://attackforge.com/attackforge-core-enterprise/report-templates/af-pentest-exec-summary-slide-deck-test-data.json). You can build the presentation and experiment with the template in [ReportGen](https://www.attackforge.com/reportgen.html). > You can download ReportGen locally from **Report Templates > ReportGen > Offline Browser Tool**

### MITRE ATLAS Framework Now Available If you're testing AI Systems, you can now import the [MITRE ATLAS](https://atlas.mitre.org/) framework into your AttackForge as either [Test Suites](https://github.com/AttackForge/TestSuites) or [Writeups](https://github.com/AttackForge/Writeups)! This gives you an out-of-the-box testing methodology and vulnerability language for assessing AI Systems. > Download the MITRE ATLAS framework from our [GitHub](https://github.com/AttackForge) and conveniently import what you need via the UI

### New Flows Videos [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows) has been a game changer 🚀🌝 since its release in February. Flows opened up a **world of automation and integration possibilities!** Some examples we have seen implemented so far: * Exporting vulnerabilities into enterprise ticketing systems such as ServiceNow, JIRA, Azure DevOps * Real-time AttackForge data feeds into visualization tools like PowerBi * Custom prioritization of vulnerabilities * Leverage threat and vulnerability intelligence feeds to augment vulnerability data * Integrations to schedule and kick-off automated scanning activities Tenable and Qualys * Posting chat messages in Slack and Teams * Email notifications on custom QA reviews and workflows * Allow selected clients to self risk-accept their vulnerabilities * Email notifications on custom criteria for vulnerabilities * Create custom webhooks We've added tutorial videos for some of the most common Flows to help you get started fast! {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} ### Flows - User Secrets Now Available If you're building Flows and thinking *...geez it would be awesome to have a centralized secret, that way I can update it in one place and all my flows will be updated*, or you might be thinking *...geez it would be awesome if I had a way to prevent other people from seeing my secrets even if they have access to my flow* - then you're in luck 😉 We just added [User Secrets](https://support.attackforge.com/attackforge-enterprise/getting-started/manage-user#secrets) - a place where you can create secrets which belong to you and not your individual Flow. That way you can share your secret across multiple Flows, and you can protect it from other users seeing your secrets' value. You can also choose to share your secret with other users if you would need to.

### Flows - Transfer of Ownership Now Available If you've just went through all of the effort for building a Flow, and now you need to hand it over to someone else so it runs under their context (not yours) - you can now [Transfer Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows). Transferring is easy. Open the Flow settings page and click on *Transfer*. Enter in the user to recieve your Flow then approve. That's it! The user will receive ownership of your Flow immediately, however it will be *disabled* until they have reviewed the Flow (to make sure it's not dodgy 😉) and decide to enable it themselves. ### Project Request Scope Now Supports Asset Selection When a user requests a new project, previously the only option was to allow them to enter in any arbitrary scope they can think of. This makes it hard for security teams to link that information to *real assets* in your [Assets](https://support.attackforge.com/attackforge-enterprise/modules/assets) module. You can now switch the Scope field on the Project Request to an Asset selector. This can be toggled from `Administration > Project Requests > Form > Scope > Field Type (Text/Asset)` The user will only see assets which they already have access to via the [Assets](https://support.attackforge.com/attackforge-enterprise/modules/assets) module. This means that any [Asset Libraries](https://support.attackforge.com/attackforge-enterprise/modules/assets#grouping-and-managing-access-to-assets) and access controls on those libraries will be enforced. Users can only select from *their assets*, or create a new asset (if permitted to do so).

We've also improved the user experience when approving the project request, so that it's easier to reconcile requested project scope against similarly named assets in different libraries. We also now highlight any differences and have an easy option to create new assets when needed. ### Custom Email Distribution Lists The [Custom Time-Based Email Notification Engine](https://support.attackforge.com/attackforge-enterprise/getting-started/notifications#custom-time-based-emails) is a god-send for use cases where you might need AttackForge to: * Remind people about vulnerabilities about to breach their Remediation SLA and/or Remediation Plan * Escalate to people about vulnerabilities which have breached their Remediation SLA and/or Remediation Plan * Remind people about overrunning projects * Remind people about unactioned project requests * Remind people their account will lock out if they don't log in soon * Get a digest of all vulnerabilities or writeups that need to be reviewed * Plus many more use cases you can think of! We've now extended these emails to also support custom distribution lists! 🤩 This means you can now use any **user(s) or group(s)** [Custom Fields](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) as distribution lists for these emails. For example, if you have **Vulnerability Owner** or **Teams Responsible** custom fields configured on your vulnerabilities, you can now include those recipients within these emails.

> You can leverage **any** *User Select*, *User Multi-Select*, *Group Select* or *Group Multi-Select* custom fields ### Skip Access Control in Custom Time-Based Emails We've also added the option to *Skip Access Control Checks* in [Custom Time-Based Emails](https://support.attackforge.com/attackforge-enterprise/getting-started/notifications#custom-time-based-emails). This means that if the user doesn't have access to the data record, for example the project or the vulnerability, then it will still include that record in the email. This is ideal for scenarios where you have generic mailboxes which need to have all information in one place; or you need users to be made aware of authorized information in AttackForge for which they would not normally have access to within the application. ### Pending Vulns Now Supported in Custom Time-Based Emails The [Custom Time-Based Emails](https://support.attackforge.com/attackforge-enterprise/getting-started/notifications#custom-time-based-emails) also now support **Pending** vulnerabilities. You can now create emails which contain a list of pending vulnerabilities which need to be reviewed or subjected to quality assurance reviews - *making it way easier to know when you need to do QA*! ### Create Projects Without Scope or Test Suites We've made it possible to now create projects *without any scope or test suites* selected. This makes it easier to set up new projects and complete the information later on once it's known. ### Retest Rounds Now Support All Vulns When [Requesting a Retest Round](https://support.attackforge.com/attackforge-enterprise/getting-started/retesting#request-a-retest), you can now select *any* of the vulnerabilities on the project to be considered in-scope for the retest, not just the vulnerabilities which are marked as *Ready for Retest*. This makes it far easier for your teams to request retests, and saves on the extra steps needed to first mark those vulnerabilities as Ready for Retest. ### Linked Project Keys Now Supports All Project Fields When building your custom project request and intake form, you can now easily map all of your desired *Project Request fields* to *Project fields*. We've extended the **Linked Project Key** feature to now show all fields which you can map to. This includes *System* and *Custom* fields.

### Updates to ReportGen Charts now support modifying the base chart color, for example you can make the lines and labels white if you have a dark background in your reporting template. ### Enhancements to Self-Service APIs We're always improving our Self-Service APIs to make automations and integrations even easier! 💪 * **New** RESTful endpoints: * [Request New Project Retest](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/requestnewprojectretest) - new & improved API to request a retest on a project * [Complete Project Retest](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/completeprojectretestround) - new & improved API to complete a retest on a project * [Cancel Project Retest](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/cancelprojectretestround) - new & improved API to cancel a retest on a project * [Update Project Retest Round](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updateprojectretestround) - new API to update a retest round on a project * [Get Project Membership Administrators](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getprojectmembershipadministrators) - new API to get all project membership administrators on a project * [Update Project Membership Administrators](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updateprojectmembershipadministrators-1) - new API to update project membership administrators on a project * [Add Project Membership Administrators](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/addprojectmembershipadministrators) - new API to add project membership administrators on a project * [Remove Project Membership Administrators](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updateprojectmembershipadministrators) - new API to remove project membership administrators on a project * [Download Project Test Case File](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/downloadprojecttestcasefile) - new API to download a file on a project test case * [Download Project Test Case Note File](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/downloadprojecttestcasenotefile) - new API to download a file on note created on a project test case * [Download Project Test Case Workspace Note File](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/downloadprojecttestcaseworkspacenotefile) - new API to download a file on workspace note created on a project test case * **Updates** to REST endpoints: * [Get Groups](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getgroups) - now supports custom fields * [Get Group](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getgroup) - now supports custom fields * [Get Assets In Library](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getassetsinlibrary) - now supports `archived=true` query parameter to search archived assets * [Update Asset In Library](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updateassetinlibrary) - now supports `is_archived: true` body parameter to archive/unarchive assets * [Get Project Test Cases](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getprojecttestcases) - now returns "uploaded\_files" on notes, workspace notes and the test case itself. ## 28 February 2025 ### Introducing Flows - Automation Module for AttackForge We're super excited 🤩 to finally reveal [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows) - AttackForge's comprehensive, end-to-end **automation engine** - powered by [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript). {% embed url="" %} Flows can help you to automate AttackForge with *nearly unlimited systems*. You can streamline processes across your organization to save time and focus on what's most important. Some examples you can do with Flows: * **Integrate your vulnerability data** with ticketing tools like [Atlassian JIRA](https://www.atlassian.com/software/jira), [ServiceNow](https://www.servicenow.com/), [Azure DevOps](https://azure.microsoft.com/en-us/products/devops), [BMC Helix](https://www.bmc.com/it-solutions/bmc-helix.html) and others. * **Visualize your pentesting data** in powerful tools like [Power BI](https://www.microsoft.com/en-us/power-platform/products/power-bi) and [Tableau](https://www.tableau.com/) * Help make **better risk decisions** by sending your vulnerability data to GRC platforms like [RSA Archer](https://www.archerirm.com/), [MetricStream](https://www.metricstream.com/), [OneTrust](https://www.onetrust.com/) and [LogicGate](https://www.logicgate.com/) * Create **workflow automations** by chaining together [AttackForge Self-Service APIs](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api) * Trigger **automated scanning** activities in your security toolset like [Rapid7](https://www.rapid7.com/), [Tenable](https://www.tenable.com/) and [Qualys](https://www.qualys.com/) * Create **messages** on collaboration platforms like [Slack](https://slack.com/intl/en-au/) and [Teams](https://www.microsoft.com/en-au/microsoft-teams/group-chat-software) * **Prioritize vulnerabilities with threat-intelligence** like [VulnDB](https://flashpoint.io/ignite/vulnerability-intelligence/) * Create **custom webhooks** * Send **custom email notifications** on events > Flows can interact with any HTTP interface, including your own tools as well as the [AttackForge Self-Service APIs](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api)

Flows is included in all AttackForge Enterprise plans and in the AttackForge Core SME plan. For all others plans, Flows can be added-on from the `Administration -> Subscriptions` page. We've made some Flows available on [our GitHub](https://github.com/AttackForge/Flows) which you can [import into your AttackForge](https://support.attackforge.com/attackforge-enterprise/modules/flows#importing-exporting-flows) to get started fast! Examples include: * [Create JIRA Issue](https://support.attackforge.com/attackforge-enterprise/modules/flows#create-jira-issue) * [Update JIRA Issue](https://support.attackforge.com/attackforge-enterprise/modules/flows#update-jira-issue) * [Create ServiceNow Incident](https://support.attackforge.com/attackforge-enterprise/modules/flows#create-servicenow-incident) * [Create Azure DevOps Work Item](https://support.attackforge.com/attackforge-enterprise/modules/flows#create-azure-devops-work-item) * [Prioritize Vulnerability with Threat Intelligence from VulnDB](https://support.attackforge.com/attackforge-enterprise/modules/flows#prioritize-vulnerability-with-threat-intelligence-from-vulndb) * [Trigger an Automated Scan in Tenable](https://support.attackforge.com/attackforge-enterprise/modules/flows#trigger-an-automated-scan-in-tenable) * [Create Slack Message](https://support.attackforge.com/attackforge-enterprise/modules/flows#create-slack-message) * [Create Teams Message](https://support.attackforge.com/attackforge-enterprise/modules/flows#create-teams-message) * [Send Vulnerability to PowerBI](https://support.attackforge.com/attackforge-enterprise/modules/flows#send-vulnerability-to-powerbi) * [Create a Salesforce Opportunity](https://support.attackforge.com/attackforge-enterprise/modules/flows#create-salesforce-opportunity) * [Create a WebHook](https://support.attackforge.com/attackforge-enterprise/modules/flows#create-a-webhook) * [Send a Custom Email](https://support.attackforge.com/attackforge-enterprise/modules/flows#send-custom-email)

Some of the great features of Flows include: * [Share your Flows with multiple team members](https://support.attackforge.com/attackforge-enterprise/modules/flows#sharing-flows-with-teams) to help collaborate on your Flows together * [Import and Export Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows#importing-exporting-flows) to get started fast! You can also to share your Flows with other people using AttackForge * Various [Triggers](https://support.attackforge.com/attackforge-enterprise/modules/flows#triggers) to handle a variety of use cases and bespoke needs * Support for [Secrets](https://support.attackforge.com/attackforge-enterprise/modules/flows#secrets) to protect your passwords, API tokens and keys * Powerful [Actions](https://support.attackforge.com/attackforge-enterprise/modules/flows#actions). Create your own custom logic and decision paths using [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript) * [Run History](https://support.attackforge.com/attackforge-enterprise/modules/flows#runs) for robust testing. Tracking and monitoring for peace of mind. Access detailed logs to know exactly what your Flows are doing at any time. * Unlimited Flows and Flow Actions! Build as many automations and integrations as you need, start with simple Flows and level up to complex sequences and chains.

We will be releasing even more capabilities and examples for Flows in the coming months so stay tuned! ### Custom Domains for AttackForge Core We have released fully custom domain names for AttackForge Core! You can now have your own personal domain for hosting and accessing your AttackForge tenant. > Currently only available on AttackForge Core SME plans ### Updates to AFScript We've extended [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript) yet again! You can now suggest values across all of your custom fields, everywhere, using AFScript. We've also added `String.replace()` and `String.replaceAll()` functions. ### Updates to Groups We've updated [Groups](https://support.attackforge.com/attackforge-enterprise/modules/groups) to now support [Custom Fields and Forms](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms). This makes to possible to have a custom set of fields and forms for different Groups such as customers, security teams, technology and engineering teams, risk teams, subsidiaries and divisions, platforms and other ways in which you use groups. You can configure Group custom fields and forms from `Administration -> Groups`. In addition, we added support for mapping AttackForge Groups to SSO Identity Provider Groups to include support for assigning no access to the groups projects, as well as support for assigning access to [Project Requests](https://support.attackforge.com/attackforge-enterprise/getting-started/requesting-a-project). ### Updates to Custom Time-Based Notifications We've added support for ability to use the [dateFormat](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#dateformat) filter to adjust the way the date and time is displayed in your custom time-based emails. For example, you can now do this: `{project.start_date | dateFormat:["fullDate"]}` ### Updates to ReportGen We added new [Filters](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters) including [isArray](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#isarray), [isBoolean](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#isboolean), [isInteger](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#isinteger), and [isString](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#isstring). We also updated the styling and layout for the out-of-the-box [Pentest Report Template](https://attackforge.com/attackforge-core-enterprise/report-templates/af-pentest-report-v3-4-example.docx) to showcase even more possibilities for custom reports in ReportGen! We also added a `Retry` button in the [Offline Browser Tool](https://www.attackforge.com/reportgen.html) from Chrome users which makes building reports even faster! 🥳 You no longer need to re-select the template file or JSON data.

### Updates to Writeups Libraries and Test Suites We've added MITRE ATT\&CK Framework for [Writeups](https://support.attackforge.com/attackforge-enterprise/modules/vulnerability-library)! Including [Enterprise v16.1](https://github.com/AttackForge/Writeups/blob/main/MITRE/ATT\&CK/Enterprise/mitre_attack_enterprise_16_1.json), [ICS v16.1](https://github.com/AttackForge/Writeups/blob/main/MITRE/ATT\&CK/ICS/mitre_attack_ics_16_1.json), [Mobile v16.1](https://github.com/AttackForge/Writeups/blob/main/MITRE/ATT\&CK/Mobile/mitre_attack_mobile_16_1.json). You can now leverage MITRE ATT\&CK directly in your Writeups. We've also updated to [MITRE CWE v4.16](https://github.com/AttackForge/Writeups/blob/main/MITRE/CWE/mitre_cwe_v4.16.json) and [MITRE CAPEC v3.9](https://github.com/AttackForge/Writeups/blob/main/MITRE/CAPEC/mitre_capec_v3.9.json) including new tags to cross-reference between CWE and CAPEC. We've also updated MITRE ATT\&CK Framework for [Test Suites](https://support.attackforge.com/attackforge-enterprise/modules/test-suite-builder) to the latest versions - [Enterprise v16.1](https://github.com/AttackForge/TestSuites/blob/main/MITRE/ATT%26CK/ENTERPRISE/mitre_attack_enterprise_16_1.json), [ICS v16.1](https://github.com/AttackForge/TestSuites/blob/main/MITRE/ATT%26CK/MOBILE/mitre_attack_mobile_16_1.json), [Mobile v16.1](https://github.com/AttackForge/TestSuites/blob/main/MITRE/ATT%26CK/ICS/mitre_attack_ics_16_1.json). ### UX Improvements Now when creating a new Writeup in the Project Library from the Vulnerability form, the current project will be auto-selected. Also after completing an Abuse Case, there is now a button to *Create Another*. ### Enhancements to Self-Service APIs We're always improving our Self-Service APIs to make automations and integrations even easier! * **New** RESTful endpoints: * [Upload Writeup File](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/uploadvulnerabilitylibraryfile) * [Send Email](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/sendemail) * [Update Project Retest Round](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updateprojectretestround) * **Updates** to REST endpoints: * [Get Application Audit Logs](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getapplicationauditlogs) - now supports new query filters * [Get Project Audit Logs](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getprojectauditlogs) - now supports new query filters * [Get User Audit Logs](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getuserauditlogs) - now supports new query filters