This guide explains how to use the attack chain table token in reports using a query string-like syntax.
Basic Structure
The token uses URL-style parameters separated by & characters. For example:
{AttackChain_Table?scenario=<scenario>&columns=title,description,timestamp}This will be replace by a table of Attack Chain steps, with the following columns: title, description and timestamp.
Configuration Sections
1. Required parameters
These are the required parameters and their options. You can find all the available fields here:
columns=[field1, field2]&
2. Filtering and Sorting (Optional)
Filter findings by various criteria:
setting.filter.type=attack&
setting.sort.direction=ascending&
3. Showing sequence (Optional)
There is also a parameter that can be used to select which scenario to include when you have multiple scenarios available and don't specify a name (starting from 1). This adds a scenario according to its order in the Attack Chains tab in the pentest. If you use the name of the scenario, this will be ignored
scenario_seq=1
Examples
Table with attack steps ordered by timestamp:
{AttackChain_Table?scenario=<scenario>&columns=title,description,timestamp&setting.sort.field=timestamp}Table with mitigations:
{AttackChain_Table?scenario=<scenario>&fields=title,mitre_attack_mitigation&setting.filter.type=mitigation}