February 2025 Release – Absolutely stunning release – check it out!

2025-02-28
Written By Stas Filshtinskiy

Our engineers worked hard – to give you great features!

  • First and foremost, this release introduces new major capability – AttackForge Flows!

AttackForge Flows allows you to automate and integrate into your systems – without running a separate server or middleware! Ticketing tools, GRC tools, scanning tools, even messaging and data visualization tools – all integrated without deploying another piece of infrastructure!

  • Custom domains for your AttackForge Core tenants.

  • New capabilities added to AFScript.

  • Updates to Groups and Notifications

  • A whole new set of Industry best Write-up libraries and Test Suites!

  • Updates to AttackForge ReportGen (making your reports even prettier)

And as always – Updates to UX, Write-Up libraries, Test Suites and Self-Service API!

AttackForge Flows

Every customer we have has asked to integrate AttackForge with their own ecosystem. And our engineers built extensive Self-Service APIs for that. That was great. And that was what every self-respecting software should have – a dedicated set of API endpoints to be used for integration. And our customers used it intensely. However using APIs means a need for a separate server to run the code that calls APIs.

Fast forward to today… Now AttackForge integration is getting simpler and easier.

We are extremely happy to introduce the new gem in AttackForge modules – AttackForge Flows!

A comprehensive, end-to-end automation engine - powered by AFScript.

Flows is purpose is to enable customers to integrate AttackForge with nearly unlimited systems.

Here are some examples you can do with Flows:

Flows are included in AttackForge Enterprise (as every new feature!) plans, and in the AttackForge Core SME plan. For all others plans, Flows can be added-on from the Administration -> Subscriptions page.

AttackForge Flows Samples

We've made quite a few samples of Flows – and you can access them on our GitHub.  Import them into your AttackForge – and started using them fast! Here they are:

Create JIRA Issue

AttackForge Flows Highlights

  • Flows can be shared!  Here is support page on how to share your Flows with multiple team members

  • Flows can be Imported and Exported to get you using them fast!

  • Flows include various Triggers to handle all sorts of use cases.

  • Support for Secrets to protect your passwords, API tokens and keys from everyone!

  • Powerful Actions. Enabling your custom logic and decision paths using our great custom programming language AFScript!

  • You would want to test your Flows! So we have Run History for that. It includes tracking and monitoring. Detailed logs are available to know exactly what your Flows are doing at any time.

  • And one of the things that our customers do appreciate - Unlimited Flows and Flow Actions! Build as many automations and integrations as you need, start with simple Flows and level up to complex sequences and chains. AttackForge team encourages you to use our great product to the full extent! This is what we built it for!

Updates to AttackForge Script

AFScript is expanding constantly – as we promised!

Now AFScript can be used to set up suggested values across all of your custom fields, everywhere. That will make users work much easier!

And our engineers also added String.replace() and String.replaceAll() functions.

AttackForge Core Custom Domains

We know that our Core customers would love this feature, that only Enterprise customers enjoyed! Core customers can now have their custom domains as well!

Use your personal domains!

It is available for AttackForge Core SME plans now.

Updates to Groups, Notifications and built in Libraries

Groups

Groups now support AttackForge Custom Fields and Forms – like other widely used AttackForge forms.

You can build a custom set of fields and forms for different Groups such as customers, security teams, technology and engineering teams, risk teams, subsidiaries and divisions, platforms and other ways in which you use groups.

All configurable in the expected place - Administration -> Groups.

This one will be appreciated by AttackForge Admins!

We added support for mapping AttackForge Groups to SSO Identity Provider Groups to include support for assigning no access to the groups projects, as well as support for assigning access to Project Requests.

Custom Time-Based Notifications

AttackForge has customers on every continent, except maybe – Antarctica. It means that our customers are used to different date formats. Now AttackForge custom time-based emails support dateFormat filter to adjust the way the date and time is displayed in your notifications!

Libraries

Whole new set of Writeups – ready for you out of the box! We've added MITRE ATT&CK Framework - Including Enterprise v16.1, ICS v16.1, Mobile v16.1. You can now leverage MITRE ATT&CK directly in your Writeups. No cut-and-paste. Those write-ups are included in AttackForge from the moment you deploy it! Or you can add it at any time from our GitHub!

We've also updated to MITRE CWE v4.16 and MITRE CAPEC v3.9 including new tags to cross-reference between CWE and CAPEC.

And Test Suites - MITRE ATT&CK Framework methodologies - Enterprise v16.1, ICS v16.1, Mobile v16.1.

Other great updates

ReportGen

AttackForge ReportGen is updated with new filters.

We also added a Retry button in the Offline Browser Tool. That makes building reports even faster! 🥳 You no longer need to re-select the template file or JSON data.

And – as always - updates to UX and new endpoints for Self-Service APIs!

Stas Filshtinskiy
Next

November 2024 Release – keeping AttackForge the best (as always)!