Report Designer Tags V2

Match and Replace Variables

The Faction Report Designer supports the below variables. Entering these into your DOCX reports will auto replace assessment and vulnerability text when the report is generated. You can even add the same variables into many of the user input fields and will auto populate the fields when the report is generated.

General Variables

These can be used any where in the report

  • ${asmtId} – Internal Database ID
  • ${asmtAppid} – The assigned Application ID
  • ${asmtName} – The Assessment Name
  • ${asmtAssessor} – The first assessor assigned to the assessment
  • ${asmtAssessor_Email} – The first assessor email address
  • ${asmtAssessor_Lines} – All Assessors split into lines
  • ${asmtAssessor_Comma} – All Assessors split into a comma delimited list
  • ${asmtAssessor_Bullets} – All Assessors split into a bulleted list
  • ${remediation} – The Remediation Person assigned to the assessment
  • ${riskcount*} – The number of findings at the RiskLevel 0-9
  • ${risktotal} – The total number of findings at all RiskLevels
  • ${asmtTeam} – The Assessor Team Name
  • ${asmtType} – The Type of the Assessment
  • ${asmtStart} – The Start date of the assessment
  • ${asmtEnd} – The End date of the assessment
  • ${asmtAccessKey} – Guid to access the client retest queue.
  • ${today} – Day the report is generated

Vulnerability Summary Table Variables

  • ${vulntable} – This defines a table to be a vulnerability listing table.
  • ${vulnname} – The Vulnerability name
  • ${rec} – Vulnerability Recommendation
  • ${desc} – Vulnerability Description
  • ${category} – Category of the vulnerability
  • ${severity} – Severity of each vulnerability.
  • ${likelihood} – Likelyhood of the vulnerability
  • ${impact} – Impact of the vulnerability
  • ${cvss} – cvss score of the vulnerability
  • ${status} – CVSS Score of the vulnerability
  • ${count} – Row Count of the vulnerability
  • ${tracking} – Tracking number of the vulnerability
  • ${vid} – Vulnerability internal database id
  • ${color  key=value,key=value} – The color of the text based on key value pairs. If you want all text with the string Critical to be red and High’s to be blue then the variable will be ${color Critical=FF0000,High=0000FF}
  • ${cells key=value,key=value} – The color of the table cell based on key value pairs. If you want all background of the cell  containing the string Critical to be red and High’s to be blue then the variable will be ${color Critical=FF0000,High=0000FF}
  • ${loop} – This variable tells the report generator which row will be repeated.
  • ${loop-*} – This allows muliple rows to be repeated. Example ${loop-1} will repeat the row but the one below it.
  • ${exBegin} / ${exEnd} – These create a section to add the exploit steps/screenshots/technical findings. This area will be repeated for each technical finding added to the vulnerability
  • ${exploit} – This variable only exists between the exBegin and exEnd tags. This will insert screenshots and exploit steps for each vulnerability.

Example Table:

${vulntable} ${color Critical=C00000,High=FFC000}
ID Finding Name Impact Severity
${loop} ${count} ${vulnname} ${impact} ${severity}

 

Example Table with Technical findings:

${vulntable} ${color Critical=C00000,High=FFC000}
ID Finding Name Impact Severity
${loop-1} ${count} ${vulnname} ${impact} ${severity}
 ${exBegin}

Example ${count}:
${exploit}

${exEnd}

 

Vulnerability Findings Variables –
For when you you do not want to use tables to display your vulnerability information. You can use the following variables for inserting vulnerability information outside of a table

  • ${fiBegin} / ${fiEnd} – Block to repeat against all findings.
  • ${vulnname} – The Vulnerability name
  • ${rec} – Vulnerability Recommendation
  • ${desc} – Vulnerability Description
  • ${category} – Category of the vulnerability
  • ${severity} – Severity of each vulnerability.
  • ${likelihood} – Likelyhood of the vulnerability
  • ${impact} – Impact of the vulnerability
  • ${cvss} – cvss score of the vulnerability
  • ${status} – CVSS Score of the vulnerability
  • ${count} – Row Count of the vulnerability
  • ${tracking} – Tracking number of the vulnerability
  • ${vid} – Vulnerability internal database id
  • ${exBegin} / ${exEnd} – These create a section to add the exploit steps/screenshots/technical findings. This area will be repeated for each technical finding added to the vulnerability
  • ${exploit} – This variable only exists between the exBegin and exEnd tags. This will insert screenshots and exploit steps for each vulnerability.

CSS Formating

All of the text generate from Faction is HTML. You can control how it is rendered in the DOCX format using the CSS editor in the Report Designer. You will need to set the css to match your report templates. Things like font and size will need to match. Images will need to forced to resize to the correct dimensions to fit in your reports.