|
| 1 | +--- |
| 2 | +tags: [Reporting, Customize, Variables, User-Defined Content] |
| 3 | +date: 2024-02-12 |
| 4 | +--- |
| 5 | + |
| 6 | +You can use custom or user-defined variables to add additional features to Faction that are not supported out of the box. These variables can be used to add additional information to vulnerabilities, like an Affected URL or CWE Number, or to populate additional data in reports, like "product owner", "cost center", etc. |
| 7 | + |
| 8 | +### Step 1 : Add Custom Fields in Admin |
| 9 | +Navigate to Admin -> Settings. Add a Custom Variable for "Affected URL" and lets apply this to Vulnerabilities. |
| 10 | + |
| 11 | + |
| 12 | + |
| 13 | + |
| 14 | +The **Name** will be what is displayed in the UI and the **variable** name will be used in the report template. We want to apply this to **Vulnerability** so that it will be available when we add vulnerabilities to the assessment. |
| 15 | + |
| 16 | + |
| 17 | + |
| 18 | +### Step 2: Update the Report Template |
| 19 | + |
| 20 | +We need to change our report template to include the new variables in the vulnerability section of the template. In this case, we already have a section defined with vulnerability information. We just need to add our new variable. In this case, we also want it to be a hyperlink. We apply the `link` parameter to our custom variable to make this work. [You can find more information about hyperlinking in custom fields here.](/Reporting/Using%20Docx%20Report%20Templates/#Hyperlinks) |
| 21 | + |
| 22 | + |
| 23 | + |
| 24 | +Notice that all custom variables are pre-populated with `cf`. If we defined a custom variable with a variable name of `AffectedURL`, then the reporting template variable will be `${cfAffectedURL}`. |
| 25 | + |
| 26 | + |
| 27 | +### Step 3: Add a New Vulnerability to the Assessment |
| 28 | + |
| 29 | +When you add a vulnerability to the assessment, the custom field will be available in the form as shown below: |
| 30 | + |
| 31 | + |
| 32 | + |
| 33 | +Once you generate the report, it will correctly populate your new custom variables. |
| 34 | + |
| 35 | + |
| 36 | +## Custom Font Colors for User Defined Variables |
| 37 | +This allows you to add additional context to data that is presented in your reports. You can find more information here on how to customize these variables [here](/Reports/Using%20Docx%20Report%20Templates/#Setting%20Custom%20Variable%20Colors) |
| 38 | + |
| 39 | +## Enterprise Custom Variables |
| 40 | +In Faction Enterprise and paid versions, you can assign custom variables to specific assessment types. This allows you to support very different variables for assessments or vulnerabilities that might only apply to certain assessment types. For example, Web Application assessments might need an "Affected URL" as described above, but a Network Security assessment might need "Affected Network Range". |
| 41 | + |
| 42 | +When entering Custom Fields in Faction Enterprise, you will see this section at the bottom that allows you to apply this custom variable to only certain types of assessments. |
| 43 | + |
| 44 | + |
| 45 | + |
| 46 | + |
| 47 | + |
| 48 | + |
| 49 | + |
| 50 | + |
| 51 | + |
| 52 | + |
| 53 | + |
| 54 | + |
| 55 | + |
0 commit comments