February 2025 Release – Absolutely stunning release – check it out!
Our engineers worked hard – to give you great features!
First and foremost, this release introduces new major capability – AttackForge Flows!
AttackForge Flows allows you to automate and integrate into your systems – without running a separate server or middleware! Ticketing tools, GRC tools, scanning tools, even messaging and data visualization tools – all integrated without deploying another piece of infrastructure!
Custom domains for your AttackForge Core tenants.
New capabilities added to AFScript.
Updates to Groups and Notifications
A whole new set of Industry best Write-up libraries and Test Suites!
Updates to AttackForge ReportGen (making your reports even prettier)
And as always – Updates to UX, Write-Up libraries, Test Suites and Self-Service API!
AttackForge Flows
Every customer we have has asked to integrate AttackForge with their own ecosystem. And our engineers built extensive Self-Service APIs for that. That was great. And that was what every self-respecting software should have – a dedicated set of API endpoints to be used for integration. And our customers used it intensely. However using APIs means a need for a separate server to run the code that calls APIs.
Fast forward to today… Now AttackForge integration is getting simpler and easier.
We are extremely happy to introduce the new gem in AttackForge modules – AttackForge Flows!
A comprehensive, end-to-end automation engine - powered by AFScript.
Flows is purpose is to enable customers to integrate AttackForge with nearly unlimited systems.
Here are some examples you can do with Flows:
Custom integration with ticketing tools like Atlassian JIRA, ServiceNow, Azure DevOps, BMC Helix and others.
Visualize your pentesting data in powerful tools like Power BI and Tableau. No “export data”, no “import data”…
Get you vulnerability data to your GRC team and their tools - RSA Archer, MetricStream, OneTrust, LogicGate, etc..
Trigger automated scanning activities in your security toolset like Rapid7, Tenable and Qualys
Create messages on collaboration platforms like Slack and Teams
Prioritize vulnerabilities with threat-intelligence like VulnDB
Call AttackForge Self-Service APIs from inside AttackForge Flows
Create custom webhooks for your AttackForge activities – and trigger actions based on that.
Send custom notifications on events and deliver them using any platform at your disposal.
Flows are included in AttackForge Enterprise (as every new feature!) plans, and in the AttackForge Core SME plan. For all others plans, Flows can be added-on from the Administration -> Subscriptions page.
AttackForge Flows Samples
We've made quite a few samples of Flows – and you can access them on our GitHub. Import them into your AttackForge – and started using them fast! Here they are:
AttackForge Flows Highlights
Flows can be shared! Here is support page on how to share your Flows with multiple team members
Flows can be Imported and Exported to get you using them fast!
Flows include various Triggers to handle all sorts of use cases.
Support for Secrets to protect your passwords, API tokens and keys from everyone!
Powerful Actions. Enabling your custom logic and decision paths using our great custom programming language AFScript!
You would want to test your Flows! So we have Run History for that. It includes tracking and monitoring. Detailed logs are available to know exactly what your Flows are doing at any time.
And one of the things that our customers do appreciate - Unlimited Flows and Flow Actions! Build as many automations and integrations as you need, start with simple Flows and level up to complex sequences and chains. AttackForge team encourages you to use our great product to the full extent! This is what we built it for!
Updates to AttackForge Script
AFScript is expanding constantly – as we promised!
Now AFScript can be used to set up suggested values across all of your custom fields, everywhere. That will make users work much easier!
And our engineers also added String.replace() and String.replaceAll() functions.
AttackForge Core Custom Domains
We know that our Core customers would love this feature, that only Enterprise customers enjoyed! Core customers can now have their custom domains as well!
Use your personal domains!
It is available for AttackForge Core SME plans now.
Updates to Groups, Notifications and built in Libraries
Groups
Groups now support AttackForge Custom Fields and Forms – like other widely used AttackForge forms.
You can build a custom set of fields and forms for different Groups such as customers, security teams, technology and engineering teams, risk teams, subsidiaries and divisions, platforms and other ways in which you use groups.
All configurable in the expected place - Administration -> Groups.
This one will be appreciated by AttackForge Admins!
We added support for mapping AttackForge Groups to SSO Identity Provider Groups to include support for assigning no access to the groups projects, as well as support for assigning access to Project Requests.
Custom Time-Based Notifications
AttackForge has customers on every continent, except maybe – Antarctica. It means that our customers are used to different date formats. Now AttackForge custom time-based emails support dateFormat filter to adjust the way the date and time is displayed in your notifications!
Libraries
Whole new set of Writeups – ready for you out of the box! We've added MITRE ATT&CK Framework - Including Enterprise v16.1, ICS v16.1, Mobile v16.1. You can now leverage MITRE ATT&CK directly in your Writeups. No cut-and-paste. Those write-ups are included in AttackForge from the moment you deploy it! Or you can add it at any time from our GitHub!
We've also updated to MITRE CWE v4.16 and MITRE CAPEC v3.9 including new tags to cross-reference between CWE and CAPEC.
And Test Suites - MITRE ATT&CK Framework methodologies - Enterprise v16.1, ICS v16.1, Mobile v16.1.
Other great updates
ReportGen
AttackForge ReportGen is updated with new filters.
We also added a Retry button in the Offline Browser Tool. That makes building reports even faster! 🥳 You no longer need to re-select the template file or JSON data.
And – as always - updates to UX and new endpoints for Self-Service APIs!