LogoLogo
  • AttackForge Support
  • Release Notes
    • 2025
    • 2024
    • 2023
    • 2022
    • 2021
    • 2020
    • 2019
  • Core & Enterprise
    • Getting Started
      • How It Works
      • Requesting A Project
      • Creating & Updating Projects
      • Invite User To Project
      • View Project Team
      • Project Scope
      • Project Workspace
      • Project Notes
      • Project Pages
      • Test Cases
      • Creating Vulnerabilities
      • Updating Vulnerabilities
      • Review & QA
      • Attack Chains
      • Reporting
      • Retesting & Remediation
      • Notifications
      • Custom Fields & Forms
      • Advanced Filtering
      • Vulnerability SLAs
      • User Settings
      • Login Redirects
    • Modules
      • Dashboard
      • Analytics
      • Vulnerabilities
      • Projects
      • Scheduling
      • Portfolios
      • Groups
      • Attack Chains
      • Assets
      • Writeups
      • Test Suites
      • Report Templates
        • Overview
        • Tutorial
        • Tips & Tricks
        • Troubleshooting
        • Template - Report Templates
        • Template - Tags
        • Template - Options
        • Template - Functions
        • Template - Filters
        • Template - Styles
        • Template - Tables
        • Template - Charts
        • Template - Conditions
        • ReportGen CLI
        • ReportGen Library
      • Users
      • Administration
      • Flows
      • Self-Service RESTful API
        • GETTING STARTED
        • EXPORTING TO CSV
        • ADVANCED QUERY FILTER
        • ActivateUser
        • AddProjectMembershipAdministrators
        • AddTestcaseToTestsuite
        • AddTestcasesToTestsuite
        • AddUserToGroup
        • ApproveProjectRequestById
        • ArchivePortfolio
        • ArchiveProject
        • CancelProjectRetestRound
        • CloneProject
        • CompleteProjectRetestRound
        • CreateAssetInLibrary
        • CreateGroup
        • CreatePortfolio
        • CreateProject
        • CreateProjectNote
        • CreateProjectRequest
        • CreateProjectTestCase
        • CreateProjectWorkspaceNote
        • CreateRemediationNote
        • CreateScope
        • CreateTestcaseNote
        • CreateTestsuite
        • CreateUser
        • CreateUsers
        • CreateVulnerability
        • CreateVulnerabilityBulk
        • CreateVulnerabilityLibraryIssue
        • CreateVulnerabilityWithLibrary
        • DeactivateUser
        • DownloadProjectTestCaseFile
        • DownloadProjectTestCaseNoteFile
        • DownloadProjectTestCaseWorkspaceNoteFile
        • DownloadVulnerabilityEvidence
        • DownloadVulnerabilityLibraryFile
        • DownloadWorkspaceFile
        • GetApplicationAuditLogs
        • GetAssets
        • GetAssetsByGroup
        • GetAssetInLibrary
        • GetAssetsInLibrary
        • GetCustomFieldsConfig
        • GetFormConfig
        • GetGroup
        • GetGroups
        • GetMostCommonVulnerabilities
        • GetMostFailedTestcases
        • GetMostVulnerableAssets
        • GetPortfolio
        • GetPortfolios
        • GetPortfolioStream
        • GetProjectAuditLogs
        • GetProjectById
        • GetProjects
        • GetProjectsAndVulnerabilities
        • GetProjectsByGroup
        • GetProjectMembershipAdministrators
        • GetProjectNotes
        • GetProjectReport
        • GetProjectReportData
        • GetProjectRequests
        • GetProjectRequestById
        • GetProjectTestcasesById
        • GetProjectVulnerabilitiesById
        • GetProjectWorkspace
        • GetTestsuiteById
        • GetTestsuites
        • GetUserByEmail
        • GetUserById
        • GetUserByUsername
        • GetUserAuditLogs
        • GetUserGroups
        • GetUserLoginHistory
        • GetUserProjects
        • GetUsers
        • GetVulnerabilityById
        • GetVulnerabilities
        • GetVulnerabilitiesByAssetName
        • GetVulnerabilitiesByGroup
        • GetVulnerabilityLibraryIssues
        • GetVulnerabilityRevisionHistory
        • InviteUserToProject
        • InviteUsersToProjectTeam
        • RejectProjectRequestById
        • RegenerateAPIKey
        • RemoveProjectMembershipAdministrators
        • RemoveProjectTeamMembers
        • RequestNewProjectRetest
        • RestoreProject
        • SendEmail
        • SendDailyCommencementEmail
        • SendDailyCompletionEmail
        • UpdateAssetInLibrary
        • UpdateCustomFieldsConfig
        • UpdateExecSummaryNotes
        • UpdateFormConfig
        • UpdateGroup
        • UpdatePortfolio
        • UpdateProjectById
        • UpdateProjectMembershipAdministrators
        • UpdateProjectNote
        • UpdateProjectRequestById
        • UpdateProjectRetestRound
        • UpdateProjectWorkspaceNote
        • UpdateScope
        • UpdateTestcase
        • UpdateTestcaseOnTestsuite
        • UpdateTestsuite
        • UpdateUserAccessOnGroup
        • UpdateUserAccessOnProject
        • UpdateUser
        • UpdateVulnerabilityById
        • UpdateVulnerabilityLibraryIssue
        • UpdateVulnerabilitySLAs
        • UpdateVulnerabilityWithLibrary
        • UploadTestcaseFile
        • UploadVulnerabilityEvidence
        • UploadVulnerabilityLibraryFile
        • UploadWorkspaceFile
      • Self-Service Events API
        • GETTING STARTED
        • Project Created
        • Project Updated
        • Project Request Created
        • Project Request Updated
        • Project Retest Requested
        • Project Retest Completed
        • Project Retest Cancelled
        • Vulnerability Created
        • Vulnerability Updated
        • Vulnerability Evidence Created
        • Vulnerability Evidence Updated
        • Vulnerability Remediation Note Created
        • Vulnerability Remediation Note Updated
    • AFScript
    • Access Control Matrix
    • Raising Support Tickets
    • Security
  • Contact
Powered by GitBook

Check YouTube for more tutorials: https://youtube.com/@attackforge

On this page
  • 28 May 2025
  • Advanced Filtering in Tables
  • Vulnerability Drafts
  • Groups Now Support Custom Fields
  • Writeups Now Support Form Configuration
  • Custom Views Now Supported Across Application
  • New Red Team Reporting Template
  • New Powerpoint-Style Template
  • MITRE ATLAS Framework Now Available
  • New Flows Videos
  • Flows - User Secrets Now Available
  • Flows - Transfer of Ownership Now Available
  • Project Request Scope Now Supports Asset Selection
  • Custom Email Distribution Lists
  • Skip Access Control in Custom Time-Based Emails
  • Pending Vulns Now Supported in Custom Time-Based Emails
  • Create Projects Without Scope or Test Suites
  • Retest Rounds Now Support All Vulns
  • Linked Project Keys Now Supports All Project Fields
  • Updates to ReportGen
  • Enhancements to Self-Service APIs
  • 28 February 2025
  • Introducing Flows - Automation Module for AttackForge
  • Custom Domains for AttackForge Core
  • Updates to AFScript
  • Updates to Groups
  • Updates to Custom Time-Based Notifications
  • Updates to ReportGen
  • Updates to Writeups Libraries and Test Suites
  • UX Improvements
  • Enhancements to Self-Service APIs
  1. Release Notes

2025

PreviousRelease NotesNext2024

Last updated 3 days ago

28 May 2025

Advanced Filtering in Tables

You can now do in tables! 🤩

Advanced filtering can help you quickly and easily find the information you need.

You can combine Advanced Filtering with to save your search filters and effortlessly repeat your custom search time-and-time again.

So what makes it advanced? 🧐 Let's take a look:

    • Does not contain

    • Match whole word

    • Match case

    • Does not contain

    • Match whole word

    • Match case

    • Does not contain

    • Match whole word

    • Match case

    • Does not

    • Match case

    • Does not

    • Match case

Advanced Filtering is available in the Filters section of your table, or when selecting an individual column filter.

You can now apply a filter which will return the exact data you need in your table! Advanced filters can be applied across multiple fields. You can also set multiple filters on the same field!

The following globs are supported:

  • Wildcards (**, *.js)

  • Negation ('!a/*.js', '*!(b).js')

  • POSIX character classes ([[:alpha:][:digit:]])

  • regex logical "or" (foo/(abc|xyz).js)

Examples using Wildcards:

1. Filtering for xss OR cross site scripting anywhere in the Vulnerability title

*xss*|*cross site scripting*

2. Filtering for NOT 'HTTP' AND NOT 'MIME' anywhere in the Vulnerability title

!(*HTTP*|*MIME*)

When a Wildcard just isn't enough, Regular Expressions (RegEx) unlock a new level of possibilities!

Regular Expressions are widely used due to their ability to perform powerful text manipulation and pattern matching. When using Regular Expressions, you're only limited by your creativity!

If you're unfamiliar with RegEx, there's hundreds of online tools to help you build and test your regular expressions to ensure they work exactly how you expect them to.

Advanced Filtering is now supported on Vulnerabilities and is coming to more tables very soon!

Vulnerability Drafts

Sick and tired of working long and hard on writing vulnerabilities, only to lose them because your session timed out?

What about when you need to stash a vulnerability and come back to it later?

Or you're simply not ready to share it for others to see?

Vulnerability drafts solve these painful problems - plus more!

When working on a new vulnerability, every change you make is autosaved. Any field you enter in data or change, any file you upload - is now saved against your draft.

You can see all of your drafts by clicking on Draft Vulnerabilities when filtering your vulnerability views.

You can click on any of your drafts to resume from exactly where you left off.

Drafts are currently only on Vulnerabilities, however will be supported wider very soon!

Groups Now Support Custom Fields

We've added Custom Fields to Groups! 🥳

This means you can now capture information about your clients, teams, business units, platforms, technologies and more - store that information in a centralized location with field-level access controls, and use that information in:

You can also create custom sections and re-order your form to exactly how you want it!

Writeups Now Support Form Configuration

We've powered-up the Writeups form! 🔋

  • Re-order the entire form - have full control over where the fields are shown

  • Create custom sections - group your fields in to relevant sections

  • Rename the default sections, or remove them entirely

Custom Views Now Supported Across Application

Custom Views help to easily configure and switch between different views of your data, providing flexibility in how you want to see and use your data.

We've extended Custom Views across the application, so you can benefit from them in even more places!

  • Vulnerability tables

  • Project tables

  • Scheduling calendar and tables

  • Project Request tables

  • Project Test Cases table

  • Project Scope tables

  • Assets tables

  • Portfolio and Stream tables

  • Groups table

  • Writeups tables

  • Test Suites tables

  • Test Cases tables

  • Users table

New Red Team Reporting Template

We've released a new Red Team Reporting Template to help you bootstrap a red-team report, fast! 🏃‍♂️‍➡️

Red Team reports != Pentest reports. They're structured differently. They tell a different story. This is why they need to be built to handle the unique needs of red teams.

You can download ReportGen locally from Report Templates > ReportGen > Offline Browser Tool

New Powerpoint-Style Template

We've also released a new Powerpoint-styled Executive Summary Presentation Template to help you create a slick presentation to wow your clients! 😎

You can download ReportGen locally from Report Templates > ReportGen > Offline Browser Tool

MITRE ATLAS Framework Now Available

This gives you an out-of-the-box testing methodology and vulnerability language for assessing AI Systems.

New Flows Videos

Flows opened up a world of automation and integration possibilities!

Some examples we have seen implemented so far:

  • Exporting vulnerabilities into enterprise ticketing systems such as ServiceNow, JIRA, Azure DevOps

  • Real-time AttackForge data feeds into visualization tools like PowerBi

  • Custom prioritization of vulnerabilities

  • Leverage threat and vulnerability intelligence feeds to augment vulnerability data

  • Integrations to schedule and kick-off automated scanning activities Tenable and Qualys

  • Posting chat messages in Slack and Teams

  • Email notifications on custom QA reviews and workflows

  • Allow selected clients to self risk-accept their vulnerabilities

  • Email notifications on custom criteria for vulnerabilities

  • Create custom webhooks

We've added tutorial videos for some of the most common Flows to help you get started fast!

Flows - User Secrets Now Available

If you're building Flows and thinking ...geez it would be awesome to have a centralized secret, that way I can update it in one place and all my flows will be updated, or you might be thinking ...geez it would be awesome if I had a way to prevent other people from seeing my secrets even if they have access to my flow - then you're in luck 😉

You can also choose to share your secret with other users if you would need to.

Flows - Transfer of Ownership Now Available

Transferring is easy. Open the Flow settings page and click on Transfer. Enter in the user to recieve your Flow then approve. That's it!

The user will receive ownership of your Flow immediately, however it will be disabled until they have reviewed the Flow (to make sure it's not dodgy 😉) and decide to enable it themselves.

Project Request Scope Now Supports Asset Selection

You can now switch the Scope field on the Project Request to an Asset selector.

This can be toggled from Administration > Project Requests > Form > Scope > Field Type (Text/Asset)

Users can only select from their assets, or create a new asset (if permitted to do so).

We've also improved the user experience when approving the project request, so that it's easier to reconcile requested project scope against similarly named assets in different libraries. We also now highlight any differences and have an easy option to create new assets when needed.

Custom Email Distribution Lists

  • Remind people about vulnerabilities about to breach their Remediation SLA and/or Remediation Plan

  • Escalate to people about vulnerabilities which have breached their Remediation SLA and/or Remediation Plan

  • Remind people about overrunning projects

  • Remind people about unactioned project requests

  • Remind people their account will lock out if they don't log in soon

  • Get a digest of all vulnerabilities or writeups that need to be reviewed

  • Plus many more use cases you can think of!

We've now extended these emails to also support custom distribution lists! 🤩

For example, if you have Vulnerability Owner or Teams Responsible custom fields configured on your vulnerabilities, you can now include those recipients within these emails.

You can leverage any User Select, User Multi-Select, Group Select or Group Multi-Select custom fields

Skip Access Control in Custom Time-Based Emails

This is ideal for scenarios where you have generic mailboxes which need to have all information in one place; or you need users to be made aware of authorized information in AttackForge for which they would not normally have access to within the application.

Pending Vulns Now Supported in Custom Time-Based Emails

You can now create emails which contain a list of pending vulnerabilities which need to be reviewed or subjected to quality assurance reviews - making it way easier to know when you need to do QA!

Create Projects Without Scope or Test Suites

We've made it possible to now create projects without any scope or test suites selected.

This makes it easier to set up new projects and complete the information later on once it's known.

Retest Rounds Now Support All Vulns

This makes it far easier for your teams to request retests, and saves on the extra steps needed to first mark those vulnerabilities as Ready for Retest.

Linked Project Keys Now Supports All Project Fields

When building your custom project request and intake form, you can now easily map all of your desired Project Request fields to Project fields.

We've extended the Linked Project Key feature to now show all fields which you can map to. This includes System and Custom fields.

Updates to ReportGen

Charts now support modifying the base chart color, for example you can make the lines and labels white if you have a dark background in your reporting template.

Enhancements to Self-Service APIs

We're always improving our Self-Service APIs to make automations and integrations even easier! 💪

  • New RESTful endpoints:

  • Updates to REST endpoints:

28 February 2025

Introducing Flows - Automation Module for AttackForge

Flows can help you to automate AttackForge with nearly unlimited systems. You can streamline processes across your organization to save time and focus on what's most important.

Some examples you can do with Flows:

  • Create custom webhooks

  • Send custom email notifications on events

Flows is included in all AttackForge Enterprise plans and in the AttackForge Core SME plan. For all others plans, Flows can be added-on from the Administration -> Subscriptions page.

Some of the great features of Flows include:

  • Unlimited Flows and Flow Actions! Build as many automations and integrations as you need, start with simple Flows and level up to complex sequences and chains.

We will be releasing even more capabilities and examples for Flows in the coming months so stay tuned!

Custom Domains for AttackForge Core

We have released fully custom domain names for AttackForge Core!

You can now have your own personal domain for hosting and accessing your AttackForge tenant.

Currently only available on AttackForge Core SME plans

Updates to AFScript

You can now suggest values across all of your custom fields, everywhere, using AFScript.

We've also added String.replace() and String.replaceAll() functions.

Updates to Groups

This makes to possible to have a custom set of fields and forms for different Groups such as customers, security teams, technology and engineering teams, risk teams, subsidiaries and divisions, platforms and other ways in which you use groups.

You can configure Group custom fields and forms from Administration -> Groups.

Updates to Custom Time-Based Notifications

For example, you can now do this:

{project.start_date | dateFormat:["fullDate"]}

Updates to ReportGen

Updates to Writeups Libraries and Test Suites

UX Improvements

Now when creating a new Writeup in the Project Library from the Vulnerability form, the current project will be auto-selected.

Also after completing an Abuse Case, there is now a button to Create Another.

Enhancements to Self-Service APIs

We're always improving our Self-Service APIs to make automations and integrations even easier!

  • New RESTful endpoints:

  • Updates to REST endpoints:

💪

🚀

When you need the extra power or flexibility - and come to the rescue!

The Wildcard filter is used to perform Glob matching or using wildcards (like * and ?) to match values based on patterns.

(+(x|y), !(a|b))

(foo/{1..5}.md, bar/{a,b,c}.js)

(foo-[1-5].js)

Advanced Filters can be saved in your .

Apply against sections to hide entire sets of fields when they are not relevant, or show them when they are!

Previously we brought you - a way to make it easy to save your favourite and frequently used table views.

To get started - download the AttackForge Red Team Report , and .

You can build the report and experiment with the template in .

To get started - download the AttackForge Exec Summary Slide Deck , and .

You can build the presentation and experiment with the template in .

If you're testing AI Systems, you can now import the framework into your AttackForge as either or !

Download the MITRE ATLAS framework from our and conveniently import what you need via the UI

has been a game changer 🚀🌝 since its release in February.

We just added - a place where you can create secrets which belong to you and not your individual Flow. That way you can share your secret across multiple Flows, and you can protect it from other users seeing your secrets' value.

If you've just went through all of the effort for building a Flow, and now you need to hand it over to someone else so it runs under their context (not yours) - you can now .

When a user requests a new project, previously the only option was to allow them to enter in any arbitrary scope they can think of. This makes it hard for security teams to link that information to real assets in your module.

The user will only see assets which they already have access to via the module.

This means that any and access controls on those libraries will be enforced.

The is a god-send for use cases where you might need AttackForge to:

This means you can now use any user(s) or group(s) as distribution lists for these emails.

We've also added the option to Skip Access Control Checks in . This means that if the user doesn't have access to the data record, for example the project or the vulnerability, then it will still include that record in the email.

The also now support Pending vulnerabilities.

When , you can now select any of the vulnerabilities on the project to be considered in-scope for the retest, not just the vulnerabilities which are marked as Ready for Retest.

- new & improved API to request a retest on a project

- new & improved API to complete a retest on a project

- new & improved API to cancel a retest on a project

- new API to update a retest round on a project

- new API to get all project membership administrators on a project

- new API to update project membership administrators on a project

- new API to add project membership administrators on a project

- new API to remove project membership administrators on a project

- new API to download a file on a project test case

- new API to download a file on note created on a project test case

- new API to download a file on workspace note created on a project test case

- now supports custom fields

- now supports custom fields

- now supports archived=true query parameter to search archived assets

- now supports is_archived: true body parameter to archive/unarchive assets

- now returns "uploaded_files" on notes, workspace notes and the test case itself.

We're super excited 🤩 to finally reveal - AttackForge's comprehensive, end-to-end automation engine - powered by .

Integrate your vulnerability data with ticketing tools like , , , and others.

Visualize your pentesting data in powerful tools like and

Help make better risk decisions by sending your vulnerability data to GRC platforms like , , and

Create workflow automations by chaining together

Trigger automated scanning activities in your security toolset like , and

Create messages on collaboration platforms like and

Prioritize vulnerabilities with threat-intelligence like

Flows can interact with any HTTP interface, including your own tools as well as the

We've made some Flows available on which you can to get started fast! Examples include:

to help collaborate on your Flows together

to get started fast! You can also to share your Flows with other people using AttackForge

Various to handle a variety of use cases and bespoke needs

Support for to protect your passwords, API tokens and keys

Powerful . Create your own custom logic and decision paths using

for robust testing. Tracking and monitoring for peace of mind. Access detailed logs to know exactly what your Flows are doing at any time.

We've extended yet again!

We've updated to now support .

In addition, we added support for mapping AttackForge Groups to SSO Identity Provider Groups to include support for assigning no access to the groups projects, as well as support for assigning access to .

We've added support for ability to use the filter to adjust the way the date and time is displayed in your custom time-based emails.

We added new including , , , and .

We also updated the styling and layout for the out-of-the-box to showcase even more possibilities for custom reports in ReportGen!

We also added a Retry button in the from Chrome users which makes building reports even faster! 🥳 You no longer need to re-select the template file or JSON data.

We've added MITRE ATT&CK Framework for ! Including , , . You can now leverage MITRE ATT&CK directly in your Writeups.

We've also updated to and including new tags to cross-reference between CWE and CAPEC.

We've also updated MITRE ATT&CK Framework for to the latest versions - , , .

- now supports new query filters

- now supports new query filters

- now supports new query filters

Contains
Starts With
Ends With
Wildcard / Globbing
Regular Expressions (RegEx)
Wildcards / Globbing
Regular Expressions
globbing
extglobs
brace expansion
regex character classes
Custom Views
Reports
Flows
APIs
AFScript
Advanced Filters
Notifications
SLAs
Hide Expressions
Custom Views
Example
Template
Test Data
ReportGen
Example
Template
Test Data
ReportGen
MITRE ATLAS
Test Suites
Writeups
GitHub
Flows
User Secrets
Transfer Flows
Assets
Assets
Asset Libraries
Custom Time-Based Email Notification Engine
Custom Fields
Custom Time-Based Emails
Custom Time-Based Emails
Requesting a Retest Round
Request New Project Retest
Complete Project Retest
Cancel Project Retest
Update Project Retest Round
Get Project Membership Administrators
Update Project Membership Administrators
Add Project Membership Administrators
Remove Project Membership Administrators
Download Project Test Case File
Download Project Test Case Note File
Download Project Test Case Workspace Note File
Get Groups
Get Group
Get Assets In Library
Update Asset In Library
Get Project Test Cases
Flows
AFScript
Atlassian JIRA
ServiceNow
Azure DevOps
BMC Helix
Power BI
Tableau
RSA Archer
MetricStream
OneTrust
LogicGate
AttackForge Self-Service APIs
Rapid7
Tenable
Qualys
Slack
Teams
VulnDB
AttackForge Self-Service APIs
our GitHub
import into your AttackForge
Create JIRA Issue
Update JIRA Issue
Create ServiceNow Incident
Create Azure DevOps Work Item
Prioritize Vulnerability with Threat Intelligence from VulnDB
Trigger an Automated Scan in Tenable
Create Slack Message
Create Teams Message
Send Vulnerability to PowerBI
Create a Salesforce Opportunity
Create a WebHook
Send a Custom Email
Share your Flows with multiple team members
Import and Export Flows
Triggers
Secrets
Actions
AFScript
Run History
AFScript
Groups
Custom Fields and Forms
Project Requests
dateFormat
Filters
isArray
isBoolean
isInteger
isString
Pentest Report Template
Offline Browser Tool
Writeups
Enterprise v16.1
ICS v16.1
Mobile v16.1
MITRE CWE v4.16
MITRE CAPEC v3.9
Test Suites
Enterprise v16.1
ICS v16.1
Mobile v16.1
Upload Writeup File
Send Email
Update Project Retest Round
Get Application Audit Logs
Get Project Audit Logs
Get User Audit Logs
Advanced Filtering
Custom Views