
AttackForge
Penetration Testing- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The AttackForge connector integrates with the AttackForge Enterprise penetration testing management platform. It synchronizes assets, pentest projects, vulnerability findings, and vulnerability writeup definitions from the AttackForge Self-Service RESTful API into the Brinqa platform.
Data retrieved from AttackForge
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Host | Yes | Host |
| CloudResource | Yes | Cloud Resource |
| Project (Assessment) | Yes | Assessment |
| PentestFinding | Yes | Pentest Finding |
| PentestFindingDefinition | Yes | Pentest Finding Definition |
Model relationships
For detailed steps on how to view the data retrieved from AttackForge in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select AttackForge from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| API URL | Yes | https://your-tenant.attackforge.dev | AttackForge tenant URL (e.g. https://your-tenant.attackforge.dev) |
| API Key | Yes | — | AttackForge Self-Service API key (X-SSAPI-KEY) |
| Page size | No | 500 | Maximum number of records to get per API request (max 500) |
| Max retries | No | 5 | Maximum number of retry attempts for failed API requests |
Authentication
Method
API Key authentication via the X-SSAPI-KEY HTTP header.
Endpoint
| Method | URL |
|---|---|
GET | https://{tenant}.attackforge.dev/api/ss/library/assets?limit=1 |
Request Headers
| Header | Value |
|---|---|
X-SSAPI-KEY | {your-api-key} |
Content-Type | application/json |
Sample Request
GET /api/ss/library/assets?limit=1 HTTP/1.1
Host: {tenant}.attackforge.dev
X-SSAPI-KEY: {your-api-key}
Content-Type: application/json
Sample Response
{
"count": 1284,
"results": [
{
"id": "6627a1f0e3b4c20012abcd34",
"name": "10.0.0.15",
"type": "Infrastructure",
"external_id": "CMDB-00921",
"details": "Primary application server",
"created": "2024-04-23T10:14:08.000Z",
"created_by": "Jane Tester",
"modified": "2024-05-01T09:22:41.000Z"
}
]
}
Response Fields
| Field | Description |
|---|---|
count | Total number of records matching the query (used for offset-based pagination) |
results | Array of records for the requested page |
A successful response (HTTP 200) confirms the API key is valid and the tenant URL is reachable.
Usage
This connector uses static API-key authentication: there is no token-exchange or session flow. The API key is supplied once in configuration and sent on every subsequent request in the X-SSAPI-KEY header. The key does not expire; a new key can be requested at any time from the AttackForge UI. The connection test issues a GET /api/ss/library/assets?limit=1 call and treats any non-2xx status as a failed connection.
How to obtain AttackForge credentials
Obtain the required credentials (url, apiKey) from your AttackForge administrator or the AttackForge admin console, then enter them in the connection settings above.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Host
| Source Field Name | SDM Attribute |
|---|---|
AssetResource.assetLibraryIds[].name | ASSET_LIBRARIES |
AssetResource.created | SOURCE_CREATED_DATE |
AssetResource.createdBy | CREATED_BY |
AssetResource.customFields[] | TAGS |
AssetResource.customFields[af_sys_hostnames] | HOSTNAMES |
AssetResource.customFields[af_sys_ports] | PORTS |
AssetResource.customFields[source_code_repos] | SOURCE_CODE_REPOS |
AssetResource.customFields[subnets] | IPV4_RANGES |
AssetResource.customFields[urls] | URLS |
AssetResource.details | DETAILS |
AssetResource.externalId | EXTERNAL_ID |
AssetResource.groups[].name | GROUPS |
AssetResource.id | UID |
AssetResource.modified | SOURCE_LAST_MODIFIED |
AssetResource.name | NAME |
AssetResource.projects[].id | PROJECTS |
AssetResource.type | TYPE |
AssetResource.type | CATEGORIES |
| — | STATUS |
| — | LAST_CAPTURED |
CloudResource
| Source Field Name | SDM Attribute |
|---|---|
AssetResource.assetLibraryIds[].name | ASSET_LIBRARIES |
AssetResource.created | SOURCE_CREATED_DATE |
AssetResource.createdBy | CREATED_BY |
AssetResource.customFields[] | TAGS |
AssetResource.customFields[af_sys_hostnames] | HOSTNAMES |
AssetResource.customFields[af_sys_ports] | PORTS |
AssetResource.customFields[source_code_repos] | SOURCE_CODE_REPOS |
AssetResource.customFields[subnets] | IPV4_RANGES |
AssetResource.customFields[urls] | URLS |
AssetResource.details | DETAILS |
AssetResource.externalId | EXTERNAL_ID |
AssetResource.groups[].name | GROUPS |
AssetResource.id | UID |
AssetResource.modified | SOURCE_LAST_MODIFIED |
AssetResource.name | NAME |
AssetResource.projects[].id | PROJECTS |
AssetResource.type | TYPE |
AssetResource.type | CATEGORIES |
| — | STATUS |
| — | LAST_CAPTURED |
Project (Assessment)
| Source Field Name | SDM Attribute |
|---|---|
ProjectResource.projectAdminNotifications[] | ADMIN_NOTIFICATIONS |
ProjectResource.projectClosedVulnerabilities | CLOSED_VULNERABILITIES |
ProjectResource.projectCode | PROJECT_CODE |
ProjectResource.projectCreated | SOURCE_CREATED_DATE |
ProjectResource.projectCriticalVulnerabilities | CRITICAL_VULNERABILITIES |
ProjectResource.projectCustomFields[] + projectReportingCustomFields[] + projectSummaryCustomFields[] | TAGS |
ProjectResource.projectCweTop25Vulnerabilities | CWE_TOP_25_VULNERABILITIES |
ProjectResource.projectEasilyExploitableVulnerabilities | EASILY_EXPLOITABLE_VULNERABILITIES |
ProjectResource.projectEndDate | END_DATE |
ProjectResource.projectExecutiveSummary | DESCRIPTION |
ProjectResource.projectExtendedStatus | EXTENDED_STATUS |
ProjectResource.projectGroups[].name | GROUPS |
ProjectResource.projectHighVulnerabilities | HIGH_VULNERABILITIES |
ProjectResource.projectId | UID |
ProjectResource.projectInfoVulnerabilities | INFO_VULNERABILITIES |
ProjectResource.projectInProgressTestcases | IN_PROGRESS_TESTCASES |
ProjectResource.projectLastModified | SOURCE_LAST_MODIFIED |
ProjectResource.projectLowVulnerabilities | LOW_VULNERABILITIES |
ProjectResource.projectMediumVulnerabilities | MEDIUM_VULNERABILITIES |
ProjectResource.projectName | NAME |
ProjectResource.projectNotApplicableTestcases | NOT_APPLICABLE_TESTCASES |
ProjectResource.projectNotTestedTestcases | NOT_TESTED_TESTCASES |
ProjectResource.projectOnHold | ON_HOLD |
ProjectResource.projectOpenVulnerabilities | OPEN_VULNERABILITIES |
ProjectResource.projectOrganizationCode | ORGANIZATION_CODE |
ProjectResource.projectOwaspTop10Vulnerabilities | OWASP_TOP_10_VULNERABILITIES |
ProjectResource.projectPendingVulnerabilities | PENDING_VULNERABILITIES |
ProjectResource.projectRetestsCompleted | RETESTS_COMPLETED |
ProjectResource.projectRetestsRequested | RETESTS_REQUESTED |
ProjectResource.projectRetestVulnerabilities | RETEST_VULNERABILITIES |
ProjectResource.projectScope[] | SCOPE |
ProjectResource.projectScopeDetails[].assetId | SCOPE_ASSET_IDS |
ProjectResource.projectScoring | SCORING |
ProjectResource.projectStartDate | START_DATE |
ProjectResource.projectStatus | STATUS |
ProjectResource.projectStreams[].name | STREAMS |
ProjectResource.projectTeam[].firstName + lastName | TEAM_MEMBERS |
ProjectResource.projectTeamNotifications[] | TEAM_NOTIFICATIONS |
ProjectResource.projectTestedTestcases | TESTED_TESTCASES |
ProjectResource.projectTestingProgress | TESTING_PROGRESS |
ProjectResource.projectTestsuites[].name | TEST_SUITES |
ProjectResource.projectTotalAssets | TOTAL_ASSETS |
ProjectResource.projectTotalTestcases | TOTAL_TESTCASES |
ProjectResource.projectTotalVulnerabilities | TOTAL_VULNERABILITIES |
ProjectResource.projectVulnerabilityCode | VULNERABILITY_CODE |
ProjectResource.projectZerodayVulnerabilities | ZERODAY_VULNERABILITIES |
| — | CATEGORIES |
| — | LAST_CAPTURED |
PentestFinding
| Source Field Name | SDM Attribute |
|---|---|
VulnerabilityResource.vulnerabilityAffectedAssets[].asset.libraryId | TARGETS |
VulnerabilityResource.vulnerabilityAffectedAssets[].components[].name | AFFECTED_COMPONENTS |
VulnerabilityResource.vulnerabilityAlternateId | ALTERNATE_ID |
VulnerabilityResource.vulnerabilityCreated | FIRST_FOUND |
VulnerabilityResource.vulnerabilityCvssv3BaseScore | CVSS_V3_BASE_SCORE |
VulnerabilityResource.vulnerabilityCvssv3EnvironmentalScore | CVSS_V3_ENVIRONMENTAL_SCORE |
VulnerabilityResource.vulnerabilityCvssv3TemporalScore | CVSS_V3_TEMPORAL_SCORE |
VulnerabilityResource.vulnerabilityCvssv3Vector | CVSS_V3_VECTOR |
VulnerabilityResource.vulnerabilityCvssv4Score | CVSS_V4_BASE_SCORE |
VulnerabilityResource.vulnerabilityCvssv4Vector | CVSS_V4_VECTOR |
VulnerabilityResource.vulnerabilityDiscoveredBy | DISCOVERED_BY |
VulnerabilityResource.vulnerabilityEvidence[].fileName | EVIDENCE_FILES |
VulnerabilityResource.vulnerabilityId | UID |
VulnerabilityResource.vulnerabilityIsZeroday | ZERO_DAY |
VulnerabilityResource.vulnerabilityLibraryId | TYPE |
VulnerabilityResource.vulnerabilityLikelihoodOfExploitation | LIKELIHOOD_OF_EXPLOITATION |
VulnerabilityResource.vulnerabilityModified | LAST_FOUND |
VulnerabilityResource.vulnerabilityNotes[].note | NOTES |
VulnerabilityResource.vulnerabilityProjects[].code | PROJECT_CODES |
VulnerabilityResource.vulnerabilityProjects[].id | PROJECTS |
VulnerabilityResource.vulnerabilityProjects[].name | PROJECT_NAMES |
VulnerabilityResource.vulnerabilityReleaseDate | DISCLOSED_DATE |
VulnerabilityResource.vulnerabilityRemediationNotes[].note | REMEDIATION_NOTES |
VulnerabilityResource.vulnerabilityResolutionType | RESOLUTION_TYPE |
VulnerabilityResource.vulnerabilityRetest | RETEST |
VulnerabilityResource.vulnerabilitySla | SLA |
VulnerabilityResource.vulnerabilityStatus | PROVIDER_STATUS |
VulnerabilityResource.vulnerabilityStatusUpdated | STATUS_UPDATED |
VulnerabilityResource.vulnerabilityStepsToReproduce | STEPS_TO_REPRODUCE |
VulnerabilityResource.vulnerabilityTags[] + vulnerabilityCustomFields[] | TAGS |
VulnerabilityResource.vulnerabilityTargetRemediationDate | TARGET_REMEDIATION_DATE |
VulnerabilityResource.vulnerabilityTestcases[].id | TESTCASE_IDS |
VulnerabilityResource.vulnerabilityUser.userId | TESTER_ID |
| — | SOURCE_STATUS |
| — | LAST_CAPTURED |
PentestFindingDefinition
| Source Field Name | SDM Attribute |
|---|---|
WriteupResource.attackScenario | ATTACK_SCENARIO |
WriteupResource.belongsToLibrary | BELONGS_TO_LIBRARY |
WriteupResource.category | CATEGORIES |
WriteupResource.created | SOURCE_CREATED_DATE |
WriteupResource.createdBy | CREATED_BY |
WriteupResource.description | DESCRIPTION |
WriteupResource.files[].fileName | FILES |
WriteupResource.id | UID |
WriteupResource.impactOnAvailability | IMPACT_ON_AVAILABILITY |
WriteupResource.impactOnConfidentiality | IMPACT_ON_CONFIDENTIALITY |
WriteupResource.impactOnIntegrity | IMPACT_ON_INTEGRITY |
WriteupResource.importSource | IMPORT_SOURCE |
WriteupResource.importSourceId | IMPORT_SOURCE_ID |
WriteupResource.lastModified | SOURCE_LAST_MODIFIED |
WriteupResource.likelihoodOfExploitation | LIKELIHOOD_OF_EXPLOITATION |
WriteupResource.priority | SEVERITY |
WriteupResource.priority | SOURCE_SEVERITY |
WriteupResource.referenceId | REFERENCE_ID |
WriteupResource.remediationRecommendation | RECOMMENDATION |
WriteupResource.severity | SOURCE_SEVERITY_SCORE |
WriteupResource.tags[] + customFields[] as key=value | TAGS |
WriteupResource.title | NAME |
| — | SEVERITY_SCORE |
| — | LAST_CAPTURED |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Host
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
hostAssetTypes | String | Infrastructure,Network,Wifi,Hardware,Mobile | Comma-separated list of asset types to classify as Host |
assetType | String | — | Filter assets by type (passed to API type query parameter) |
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/ss/library/assets
CloudResource
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
hostAssetTypes | String | Infrastructure,Network,Wifi,Hardware,Mobile | Comma-separated list of asset types classified as Host (assets NOT matching these types are synced as CloudResource) |
assetType | String | — | Filter assets by type (passed to API type query parameter) |
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/ss/library/assets
Project (Assessment)
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
projectStatus | String | — | Filter by project status (passed to API status query parameter) |
projectName | String | — | Filter by project name (passed to API name query parameter) |
projectCode | String | — | Filter by project code (passed to API code query parameter) |
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/ss/projects
PentestFinding
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
priority | String | — | Filter by vulnerability priority (passed to API priority query parameter) |
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/ss/vulnerabilities
PentestFindingDefinition
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
belongsToLibrary | String | — | Filter by library name (passed to API belongs_to_library query parameter) |
writeupName | String | — | Filter by writeup name (passed to API name query parameter) |
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/ss/library
Changelog
The AttackForge connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.0 | Overview The AttackForge connector integrates with the AttackForge Enterprise penetration testing management platform to synchronize assets, pentest projects, vulnerability findings, and vulnerability writeup definitions. Category: Penetration Testing Models | N/A |