How to build a Template

---

We use Jinja2 to create Report Templates. Here are listed the main variables available when creating a Template.

General Variables

These are the variables loaded when creating a report

• date - the date when the Report was created, as the name of the month and four digits for the year

• title

• enterprise

• summary

• conclusions

• recommendations

• scope

• objectives

---

Workspace

• workspace.scope - a list containing the different scopes of the workspace.
• workspace - a dictionary with all workspace information.
  • name
  • description
  • id
  • duration.start_date
  • duration.end_date
  • users
  • update_date
  • stats.total_vulns
  • stats.std_vulns
  • stats.web_vulns
  • stats.code_vulns
  • stats.hosts
  • stats.services
  • stats.credentials
  • public
  • readonly
  • active
  • create_date
  • _id

Date Format

start_date and end_date are displayed in timestamp format. If you want to change their format, you can use datetimeformat() function and pass the desired format as parameter. E.g.:

   workspace.duration.start_date|datetimeformat('%m-%d-%Y')

   workspace.duration.end_date|datetimeformat('%B %Y')

For more information about date format check Python docs.

Host

• hosts_amount - an int containing the amount of hosts in the Workspace
• hosts - a dictionary with all the hosts in the Workspace
  • type
  • description
  • default_gateway
  • ip
  • owned
  • tags
  • name
  • services
  • versions
  • mac
  • hostnames
  • vulns
  • owner
  • credentials
  • service_summaries
  • id
  • os
  • metadata

Service

• services_amount - an int containing the amount of services in the Workspace
• services - a dictionary with all the services in the Workspace
  • status
  • protocol
  • description
  • parent
  • tags
  • vulns
  • metadata
  • owned
  • summary
  • port
  • owner
  • version
  • host_id
  • id
  • credentials
  • type
  • ports
  • name

Vulnerability

• counter_severity - a dictionary with all the severities and the amount of vulns for each one vulnerability pie charts
• vulns_amount - an int containing the amount of vulnerabilities in the Workspace except for vulns with severity unclassified, which are not included

• vulns - a dictionary with all the vulnerabilities in the Workspace except for vulns with severity unclassified, which are not included

  • update_user
  • parent_type
  • owned
  • owner
  • id
  • impact
  • confirmed
  • severity
  • service
  • data
  • policyviolations
  • evidence_subdoc
  • type
  • refs
  • metadata
  • status
  • issuetracker
  • description
  • parent
  • tags
  • easeofresolution
  • hostnames
  • data
  • host_os
  • desc
  • name
  • obj_id
  • target
  • resolution
  • severity_numbers
  • method
  • params
  • website
  • query
  • path
  • request
  • response

Grouped reports will have an additional field: vulns_grouped_amount - an int containing the total amount of vulnerabilities after grouping

---

Custom Fields in Executive Report

You can access your Custom Fields on the docx templates like a dictionary and by the field name:

vuln.custom_fields["cvss"] 

Jinja2 Context

For more technical information, here is the Jinja2 context, where you can find all the DataTypes and structures implemented with Jinja.

Template Examples

Here are some basic templates.

Default Templates

Generic	Grouped
Generic_Template	Grouped_Template

Markdown

Generic	Grouped
Markdown_Generic	Markdown_Grouped

Assets Examples

Assets	Light	Dark
Assets	Assets_Light	Assets_Dark