How to build a Template¶
We use Jinja2 to create Report Templates. Here are listed the main variables available when creating a Template.
General Variables¶
These are the variables loaded when creating a report
-
date - the date when the Report was created, as the name of the month and four digits for the year
-
title
-
enterprise
-
summary
-
conclusions
-
recommendations
-
scope
-
objectives
- workspace.scope - a list containing the different scopes of the workspace.
- workspace - a dictionary with all workspace information.
- name
- description
- id
- duration.start_date
- duration.end_date
- users
- update_date
- stats.total_vulns
- stats.std_vulns
- stats.web_vulns
- stats.code_vulns
- stats.hosts
- stats.services
- stats.credentials
- public
- readonly
- active
- create_date
- _id
Date Format
start_date and end_date are displayed in timestamp format. If you want to change their format, you can use datetimeformat() function and pass the desired format as parameter. E.g.:
workspace.duration.start_date|datetimeformat('%m-%d-%Y')
workspace.duration.end_date|datetimeformat('%B %Y')
- hosts_amount - an int containing the amount of hosts in the Workspace
- hosts - a dictionary with all the hosts in the Workspace
- type
- description
- default_gateway
- ip
- owned
- tags
- name
- services
- versions
- mac
- hostnames
- vulns
- owner
- credentials
- service_summaries
- id
- os
- metadata
- services_amount - an int containing the amount of services in the Workspace
- services - a dictionary with all the services in the Workspace
- status
- protocol
- description
- parent
- tags
- vulns
- metadata
- owned
- summary
- port
- owner
- version
- host_id
- id
- credentials
- type
- ports
- name
- counter_severity - a dictionary with all the severities and the amount of vulns for each one vulnerability pie charts
- vulns_amount - an int containing the amount of vulnerabilities in the Workspace except for vulns with severity unclassified, which are not included
-
vulns - a dictionary with all the vulnerabilities in the Workspace except for vulns with severity unclassified, which are not included
- update_user
- parent_type
- owned
- owner
- id
- impact
- confirmed
- severity
- service
- data
- policyviolations
- evidence_subdoc
- type
- refs
- metadata
- status
- issuetracker
- description
- parent
- tags
- easeofresolution
- hostnames
- data
- host_os
- desc
- name
- obj_id
- target
- resolution
- severity_numbers
- method
- params
- website
- query
- path
- request
- response
Grouped reports will have an additional field: vulns_grouped_amount - an int containing the total amount of vulnerabilities after grouping
Custom Fields in Executive Report¶
You can access your Custom Fields on the docx templates like a dictionary and by the field name:
vuln.custom_fields["cvss"]
Jinja2 Context¶
For more technical information, here is the Jinja2 context, where you can find all the DataTypes and structures implemented with Jinja.
Template Examples¶
Here are some basic templates.
Default Templates¶
| Generic | Grouped |
|---|---|
| Generic_Template | Grouped_Template |
Markdown¶
| Generic | Grouped |
|---|---|
| Markdown_Generic | Markdown_Grouped |
Assets Examples¶
| Assets | Light | Dark |
|---|---|---|
| Assets | Assets_Light | Assets_Dark |