Custom User Defined Variables
You can use custom or user-defined variables to add additional features to Faction that are not supported out of the box. These variables can be used to add additional information to vulnerabilities, like an Affected URL or CWE Number, or to populate additional data in reports, like "product owner", "cost center", etc.
Step 1 : Add Custom Fields in Admin
Navigate to Admin -> Settings. Add a Custom Variable for "Affected URL" and lets apply this to Vulnerabilities.
The Name will be what is displayed in the UI and the variable name will be used in the report template. We want to apply this to Vulnerability so that it will be available when we add vulnerabilities to the assessment.
Step 2: Update the Report Template
We need to change our report template to include the new variables in the vulnerability section of the template. In this case, we already have a section defined with vulnerability information. We just need to add our new variable. In this case, we also want it to be a hyperlink. We apply the link
parameter to our custom variable to make this work. You can find more information about hyperlinking in custom fields here.
Notice that all custom variables are pre-populated with cf
. If we defined a custom variable with a variable name of AffectedURL
, then the reporting template variable will be ${cfAffectedURL}
.
Step 3: Add a New Vulnerability to the Assessment
When you add a vulnerability to the assessment, the custom field will be available in the form as shown below:
Once you generate the report, it will correctly populate your new custom variables.
Custom Font Colors for User Defined Variables
This allows you to add additional context to data that is presented in your reports. You can find more information here on how to customize these variables here
Enterprise Custom Variables
In Faction Enterprise and paid versions, you can assign custom variables to specific assessment types. This allows you to support very different variables for assessments or vulnerabilities that might only apply to certain assessment types. For example, Web Application assessments might need an "Affected URL" as described above, but a Network Security assessment might need "Affected Network Range".
When entering Custom Fields in Faction Enterprise, you will see this section at the bottom that allows you to apply this custom variable to only certain types of assessments.