OpenBAS-Platform/openbas 1.0.0 on GitHub

OpenBAS is finally out! 🎊 It is the first iteration of our new Breach and Attack simulation platform based on a profound improvement and restructuring of our previous Exercise planning platform, OpenEx. With OpenBAS, generate and manage your attack and crisis simulations, incorporate technical and contextual events together, and evaluate your security posture against real-world threats. 🛡️

OpenBAS is part of our eXtended Threats Management suite, and offer a strong integration with OpenCTI 🤝. Based on your qualified knowledge on threats in OpenCTI, you can generate OpenBAS’s simulations directly from OpenCTI and know if you are at risk facing them.

With OpenBAS, we want to include people skills into the equation. You can evaluate how your teams are responding to specific events, not only technical ones. It means you can include non-technical teams, like legal, crisis communication and so on into your security posture evaluation. 👥

Like OpenCTI, OpenBAS propose a python framework to help the Community to develop integrations with their own ecosystems. Executors (responsible for executing attacks), Injectors (responsible for injecting commands) and Collectors (responsible for collecting results and environment topography) helps you interact with your security environment and users. 🌐

OpenBAS simulations can be generated from templates, called Scenarios. Scenarios can be imported, created directly in the interface or even created automatically from OpenCTI. From them, you can scheduled recurring simulations to see the evolution of your security posture’s efficiency against a specific threat context. ⏰

Scenarios, thus Simulations, are composed of Injects: events simulating attacker actions and contextual situations. Each inject targets players or endpoints and you can define what is expected from them. From these expectations’ successes is calculated how your security posture is performing. 💯

In OpenBAS, results are broken down into three main metrics: Prevention, Detection, and Human response. It helps you quickly understand where are your strengths, and your weaknesses. 💪

You will find much more in OpenBAS, like atomic testing, media pressure simulations, technical Challenges, etc. We are eager to see you play with it and give us feedback! This iteration is a first of many! Stay tuned! 👋

Enhancements:

#292 Massive operations and filters in injects list
#703 Change expectations validation strategy with alert types in injectors/collectors
#508 Implement list numbers and change the export style button
#571 Design rework for major release and integration with OpenCTI
#562 OpenCTI integration for injecting case & incident
#642 Atomic testing
#646 Rework the Home screen
#771 [platform] Implement Ask IA capability
#561 New workflow for selecting Injects, based on ATT&CK matrices
#644 Concatenate results from recurring simulations and display Results in Scenario
#643 Rework of the Simulations list screen
#565 Rework of the Overview screen of a Simulation
#711 Rework of the Validation screen in Simulations
#620 Ability to launch recurring Simulations based on a Scenario
#622 Rename map server to map.openbas.io in config and in production
#505 Implement a global search across the platform
#510 Dynamic Asset Groups
#559 Enhance the load time of thousand of Objects in list
#507 Be able to customize theme in OpenEx
#482 Remove ckeditor mentions
#560 Rework of the left menu to correspond to new workflows
#231 Be able to customize sender email address of system messages (lost password, registration, etc.)
#563 Collector for Sentinel for catching inject and feeding expectations
#566 Modelize inject types / contract in the database
#569 Handle 404 properly within admin
#566 Modelize inject types / contract in the database
#513 Implement status for Caldera Agent
#555 Implement Scenarios
#511 Add technical expectations for Caldera injects
#268 Be able to modelize asset and group in the platform

Bug Fixes:

#270 Add a constraint on tag name uniqueness
#654 [Lessons Learned] for players the survey page does not load
#637 Migration to scenario and simulation break my exercise
#626 Disable / enable player in a team is not correctly handled
#614 Fix vite hmr on .js files
#576 Ensure uniqueness of email field when creating a user account
#573 I forgot my password display not look like a cliquable link
#515 No check on landline phone numbers in the players edition form

Pull Requests:

[backend] Changed unavailable variable in injects (#462) by @RomuDeuxfois in #470
Add manual expectations list for an inject by @RomuDeuxfois in #456
[backend] Handle empty content in inject migration by @RomuDeuxfois in #471
[migration] Handle media content in inject by @RomuDeuxfois in #472
[backend/frontend] Migrate audiences to teams (#475) by @SamuelHassine in #476
Update dependency vitest to v1 by @renovate in #486
Update actions/setup-java action to v4 by @renovate in #489
Update github/codeql-action action to v3 by @renovate in #487
Update dependency @hookform/resolvers to v3.3.4 by @renovate in #491
Update dependency @emotion/react to v11.11.3 by @renovate in #490
[backend/frontend] Migrate medias to channels by @SamuelHassine in #503
Update dependency typescript to v5.3.3 by @renovate in #501
Update dependency pdfmake to v0.2.9 - autoclosed by @renovate in #500
Update dependency moment-timezone to v0.5.44 by @renovate in #498
Update dependency html-react-parser to v5.0.11 by @renovate in #497
Migration to Spring Boot v3 by @RomuDeuxfois in #467
[backend] Fix default spring security http authorization by @RomuDeuxfois in #514
Update dependency vite to v5.0.11 by @renovate in #493
Update react monorepo by @renovate in #494
Update dependency @eslint/eslintrc to v3 by @renovate in #483
Update dependency date-fns to v3 by @renovate in #484
Update dependency vite to v5.0.12 [SECURITY] by @renovate in #517
Bump vite from 5.0.11 to 5.0.12 in /openex-front by @dependabot in #516
Update Node.js to v20.11.0 by @renovate in #518
Update dependency apexcharts to v3.45.1 by @renovate in #523
Update dependency classnames to v2.5.1 by @renovate in #524
Update dependency @vitejs/plugin-react to v4.2.1 by @renovate in #522
Update dependency @eslint/js to v8.56.0 by @renovate in #519
Update dependency @redux-devtools/extension to v3.3.0 by @renovate in #520
Update dependency @testing-library/react to v14.1.2 by @renovate in #521
Update dependency date-fns to v3.3.0 by @renovate in #525
Update dependency mdi-material-ui to v7.8.0 by @renovate in #527
Update dependency jsdom to v23.2.0 by @renovate in #526
Update material-ui monorepo by @renovate in #529
Update eclipse-temurin Docker tag to v21.0.1_12-jre by @renovate in #532
Update dependency eslint-plugin-import to v2.29.1 by @renovate in #530
Update dependency mini-css-extract-plugin to v2.7.7 by @renovate in #531
Update dependency moment to v2.30.1 by @renovate in #528
Update dependency globals to v13.24.0 by @renovate in #535
Update dependency eslint to v8.56.0 by @renovate in #534
Update dependency react-intl to v6.6.1 by @renovate in #536
Update dependency react-router-dom to v6.21.3 by @renovate in #537
Update dependency react-hook-form to v7.49.3 by @renovate in #541
Update dependency html-react-parser to v5.1.1 by @renovate in #539
Update dependency @uiw/react-md-editor to v4.0.3 by @renovate in #547
Update dependency axios to v1.6.5 by @renovate in #548
Update dependency dompurify to v3.0.8 by @renovate in #549
Update dependency vitest to v1.2.1 by @renovate in #543
Update typescript-eslint monorepo to v6.19.0 by @renovate in #545
Update dependency @stylistic/eslint-plugin to v1.5.4 by @renovate in #546
Update dependency esbuild to v0.19.11 by @renovate in #550
Update dependency redux-first-history to v5.2.0 by @renovate in #542
Update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.12.1 by @renovate in #540
Update dependency commons-validator:commons-validator to v1.8.0 by @renovate in #538
Add Assets & AssetGroups by @RomuDeuxfois in #481
[injectors/collectors] Update submodules by @RomuDeuxfois in #552
[backend/frontend] Modelize killchains and attack patterns (#506) by @SamuelHassine in #553
[collector-caldera] Fix connection leak by @RomuDeuxfois in #554
Add technical expectations for Caldera injects by @RomuDeuxfois in #557
[backend/frontend] OpenCTI integration and design rework by @SamuelHassine in #570
[backend] Add ignore case for findByEmail and add int tests by @savacano28 in #572
[frontend] use a FormTextHelper to fix style of text editor when requ… by @guillaumejparis in #574
[frontend] adding check on landline phone in player form (#515) by @guillaumejparis in #575
Update dependency date-fns to v3.3.1 by @renovate in #587
Update dependency react-intl to v6.6.2 - autoclosed by @renovate in #591
Update dependency moment-timezone to v0.5.45 by @renovate in #590
Update dependency html-react-parser to v5.1.2 by @renovate in #588
Update dependency commons-io:commons-io to v2.15.1 by @renovate in #586
Update slack orb to v4.12.6 by @renovate in #582
Update dependency axios to v1.6.7 by @renovate in #585
Update dependency jsdom to v24 by @renovate in #583
Update material-ui monorepo by @renovate in #580
Update dependency apexcharts to v3.45.2 by @renovate in #584
Update dependency vitest to v1.2.2 by @renovate in #578
Update react monorepo by @renovate in #581
Update eclipse-temurin Docker tag to v21.0.2_13-jre by @renovate in #579
Update Yarn to v3.8.0 by @renovate in #592
Update dependency @stylistic/eslint-plugin to v1.6.1 by @renovate in #593
Update dependency chokidar to v3.6.0 by @renovate in #595
Update dependency esbuild to v0.20.0 by @renovate in #596
Update dependency mini-css-extract-plugin to v2.8.0 by @renovate in #597
Update dependency react-hook-form to v7.50.1 by @renovate in #598
Update dependency vite to v5.1.1 by @renovate in #600
Update dependency react-router-dom to v6.22.0 by @renovate in #599
Update dependency @eslint/eslintrc to v3.0.1 by @renovate in #602
Update dependency @types/node to v20.11.17 by @renovate in #603
Update dependency globals to v14 by @renovate in #604
Update dependency @testing-library/react to v14.2.1 by @renovate in #594
Update typescript-eslint monorepo to v6.21.0 - autoclosed by @renovate in #601
Update Yarn to v4 by @renovate in #495
Add playwright by @RomuDeuxfois in #556
[front] Changing mouse cursor to a pointer for 'I forgot my password' and 'back to login'(#573) by @johanah29 in #612
[frontend] Fix channel edition by @RomuDeuxfois in #608
[frontend] fix vite hmr on .js files (#614) by @guillaumejparis in #615
[frontend] activate lint for playwright files and fix errors by @guillaumejparis in #616
#555 by @guillaumejparis in #613
Openex featurebranch actions by @troll-os in #606
[front] Implement status for Caldera agents (#513) by @johanah29 in #618
[frontend] Hide not implemented menu by @RomuDeuxfois in #609
Ensure uniqueness of email field when creating a user account by @RomuDeuxfois in #611
OpenEX to OpenBAS by @RomuDeuxfois in #624
[e2e] Assets CRUD by @RomuDeuxfois in #617
[frontend] Exercise to Simulation I18n by @RomuDeuxfois in #625
[all] add a schedule to renovate by @guillaumejparis in #630
[frontend] Handle 404 properly within admin (#569) by @RomuDeuxfois in #635
[frontend/backend] handle correctly the enable/disable player in team at the … by @guillaumejparis in #627
[backend/frontend] Issue/566 pagination : Retrieving contracts using pagination, filtering, and sorting parameters #607 by @savacano28 in #632
[frontend] Fix additional query params lead to error display (#633) by @RomuDeuxfois in #634
[backend] Differentiate sender email address per scenario and simulation (#231) by @savacano28 in #640
[backend] Fix migration issue for inject expectation group by @RomuDeuxfois in #639
[frontend] fix mui/styles imports and add rule to eslint by @guillaumejparis in #645
[frontend] fix errors and warnings in js console by @guillaumejparis in #648
Collector for Sentinel for catching inject and feeding expectations by @RomuDeuxfois in #631
[backend/frontend] - Fix survey page access - master by @RomuDeuxfois in #655
[backend/frontend] Add replyTo (#231) by @savacano28 in #641
Update Yarn to v4.1.1 by @renovate in #673
Update Node.js to v20.11.1 by @renovate in #672
Update dependency apexcharts to v3.48.0 by @renovate in #666
Update springdoc.version to v2.4.0 by @renovate in #671
Update slack orb to v4.13.1 by @renovate in #670
Update dependency date-fns to v3.6.0 by @renovate in #667
Update dependency eslint to v8.57.0 by @renovate in #668
Update dependency @babel/plugin-transform-modules-commonjs to v7.24.1 by @renovate in #662
Update dependency @eslint/js to v8.57.0 by @renovate in #663
Update dependency @stylistic/eslint-plugin to v1.7.0 by @renovate in #665
Update dependency @playwright/test to v1.42.1 by @renovate in #664
Update dependency eslint-plugin-import-newlines to v1.4.0 - autoclosed by @renovate in #674
Update dependency express to v4.19.1 by @renovate in #677
[backend] - sync submodules by @savacano28 in #700
Update dependency vite to v5.2.4 by @renovate in #681
Update dependency pdfmake to v0.2.10 by @renovate in #692
Update dependency html-react-parser to v5.1.9 by @renovate in #689
Update dependency react-router-dom to v6.22.3 by @renovate in #693
Update dependency axios to v1.6.8 by @renovate in #686
Update react monorepo by @renovate in #695
Update material-ui monorepo by @renovate in #694
Update dependency @uiw/react-md-editor to v4.0.4 by @renovate in #685
Update dependency typescript to v5.4.3 by @renovate in #680
Update dependency @testing-library/react to v14.2.2 by @renovate in #684
Update dependency vite-plugin-istanbul to v6 by @renovate in #698
Update dependency eslint-config-airbnb-typescript to v18 by @renovate in #697
Update dependency esbuild to v0.20.2 by @renovate in #688
Update dependency dompurify to v3.0.11 by @renovate in #687
Update dependency @eslint/eslintrc to v3.0.2 by @renovate in #683
Update dependency vitest to v1.4.0 - autoclosed by @renovate in #682
Update dependency io.minio:minio to v8.5.9 by @renovate in #690
Update dependency eslint-plugin-playwright to v1.5.4 by @renovate in #675
Update opensaml.version to v4.3.1 by @renovate in #669
Update typescript-eslint monorepo to v7 (major) by @renovate in #699
Update dependency react-hook-form to v7.51.1 by @renovate in #679
Update dependency eslint-plugin-react to v7.34.1 - autoclosed by @renovate in #676
Update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.13.0 by @renovate in #678
Update dependency mini-css-extract-plugin to v2.8.1 by @renovate in #691
Customize OpenBAS by @johanah29 in #652
[backend/frontend] Search API for Contract, Attack Pattern, Kill Chain Phases and Dynamic Asset Group by @RomuDeuxfois in #653
[backend] Add a constraint on tag name uniqueness by @RomuDeuxfois in #649
[Frontend] Fix for undefined params by @johanah29 in #709
[platform] Adapt framework to support external injectors and collectors (#638) by @richard-julien in #712
[backend/frontend] Fix adding contextual team leads to element already exists by @RomuDeuxfois in #708
Bump vite from 5.2.4 to 5.2.6 in /openbas-front by @dependabot in #716
Update dependency express to v4.19.2 [SECURITY] by @renovate in #714
Issue/620 by @guillaumejparis in #715
Update springdoc.version to v2.5.0 by @renovate in #719
Update material-ui monorepo by @renovate in #727
Update slack orb to v4.13.2 by @renovate in #729
Update react monorepo by @renovate in #728
Update dependency react-intl to v6.6.4 by @renovate in #725
Update dependency vite to v5.2.8 by @renovate in #726
Update dependency globals to v15 by @renovate in #730
Update dependency @emotion/styled to v11.11.5 by @renovate in #721
Update dependency react-hook-form to v7.51.2 by @renovate in #724
Update dependency org.jacoco:jacoco-maven-plugin to v0.8.12 by @renovate in #723
Update dependency html-react-parser to v5.1.10 by @renovate in #722
Update dependency commons-io:commons-io to v2.16.0 by @renovate in #718
Update Node.js to v20.12.0 by @renovate in #717
[frontend] fix cron-time-generator import with esbuild by @guillaumejparis in #732
Update typescript-eslint monorepo to v7.5.0 by @renovate in #720
[frontend] fix initial values for recurring scenario form by @guillaumejparis in #734
[frontend] only display manual expectations to validate by @guillaumejparis in #735
Issue/620 by @guillaumejparis in #739
[backend/frontend] Global search by @RomuDeuxfois in #733
Bugfix - migration full text search by @RomuDeuxfois in #744
[backend/frontend] add atomic testings by @savacano28 in #702
[front] Fix for the creation process of atomic tests by @johanah29 in #747
Page all view and results by @savacano28 in #748
[frontend] Add info message on reply to changes by @RomuDeuxfois in #745
Update dependency zod to v3.23.0 by @renovate in #756
Update dependency typescript to v5.4.5 by @renovate in #755
Update dependency react-intl to v6.6.5 by @renovate in #754
Update dependency dompurify to v3.1.0 by @renovate in #752
Update dependency @mui/x-date-pickers to v6.19.9 by @renovate in #753
Atomic testing update fix (#642) by @johanah29 in #749
Rework of the Results screen of a Simulation by @RomuDeuxfois in #737
Display atomic testing details (#642) by @johanah29 in #757
[backend/frontend] Fix settings values and optimistic update in taxonomies section by @RomuDeuxfois in #759
Update dependency com.rabbitmq:amqp-client to v5.21.0 by @renovate in #751
[frontend] fix injector contracts by @guillaumejparis in #761
[backend/frontend] Add target in simulation list by @RomuDeuxfois in #762
[backend] Remove test - default sort is not consistent in JPA by @RomuDeuxfois in #763
[front] Adding translations for atomic testing (#642) by @johanah29 in #760
[backend/frontend] Minor improvment by @RomuDeuxfois in #764
Bugfix/minor by @RomuDeuxfois in #766
Bugfix/injector contract by @RomuDeuxfois in #768
Bugfix/minor by @RomuDeuxfois in #767
[frontend] Add new workflow for inject creation/edition based on atom… by @guillaumejparis in #769
Bugfix/caldera assets by @RomuDeuxfois in #770
[backend/frontend] Improvement for performances by @SamuelHassine in #772
[frontend/backend] Fix injector contract related problems and fix Tim… by @guillaumejparis in #775
[backend/frontend] New home page by @RomuDeuxfois in #776
[backend/frontend] Little improvement by @RomuDeuxfois in #777
[backend] Fix cron test by @RomuDeuxfois in #781
[frontend] Improv simulation label btn by @RomuDeuxfois in #780
[frontend/backend] Redesign of the atomic testings details screen (#642) by @johanah29 in #774
[frontend] fix upload document in scenario and simulation by @guillaumejparis in #783
[frontend] fix build warning by @guillaumejparis in #786
Bugfix/fix recurring fields by @johanah29 in #784
[backend/frontend] Improv search document API by @RomuDeuxfois in #782
[backend/frontend] add piechart by default in gray by @savacano28 in #785
[backend/frontend] Add pagination to players by @RomuDeuxfois in #787
[backend] fix cast user to OpenBasPrincipal by @savacano28 in #789
Issue/style atomic response page by @savacano28 in #773
[backend/frontend] Add pagination to teams by @RomuDeuxfois in #790
[frontend] fixes in inject creation and scenario distribution by @guillaumejparis in #791
[frontend] add translations by @savacano28 in #792
[backend/frontend] Scenario category filtering by @RomuDeuxfois in #778
[frontend] fix groups grants by @guillaumejparis in #795
Bugfix/fix document update inject by @guillaumejparis in #794
[frontend] disable reports menu by @guillaumejparis in #798
[frontend] remove try the inject in injects list popover by @guillaumejparis in #797
[frontend] fix managing group grants by @guillaumejparis in #796
[frontend] Style by @savacano28 in #793
[frontend] Add clickable breadcrumbs by @RomuDeuxfois in #800
Bugfix/remove filigran logos by @RomuDeuxfois in #799
[backend/frontend] Show all children in target results by @savacano28 in #801
[backend/frontend] Add import scenario by @RomuDeuxfois in #788
[frontend] remove trigger after when creating/updating atomic testing by @guillaumejparis in #802
[frontend/backend]Add validation of manual expectations in atomic testing by @johanah29 in #803
Bugfix/minor by @RomuDeuxfois in #804
[frontend/backend]Fix atomic testing configuration display by @johanah29 in #806
[backend/frontend] Fix teams in injects by @RomuDeuxfois in #807
[backend/frontend] Asset group pagination by @RomuDeuxfois in #805
[frontend/backend] fixes in simulation & home screens by @guillaumejparis in #808
[backend/frontend] Improv manual validation in atomic testing by @RomuDeuxfois in #809
[backend/frontend] Fix inject creation with assets & asset groups by @RomuDeuxfois in #810
[frontend] Fix channel deletion by @RomuDeuxfois in #811
[frontend] Fix channel creation in inject by @RomuDeuxfois in #812
[frontend] Fix preview of an article in Scenario/Definition screen by @RomuDeuxfois in #813
[backend] fix lazy load by @savacano28 in #814
[frontend]Sort scenarios list with 'updated at' column by @johanah29 in #815
[backend/frontend] Add inject details in simulation by @RomuDeuxfois in #818
[frontend] fix manage players in teams and fix a dashboard chart by @guillaumejparis in #817
[frontend/backend]Renaiming for atomic testing and display 'updated' by @johanah29 in #816
[frontend] ignore expectations without teams for teams graphs by @savacano28 in #826
[frontend] fix all search fields by adding a default debounce by @guillaumejparis in #825
[front]Sort on lists by @johanah29 in #827
[backend/frontend] Fix atomic testing by @RomuDeuxfois in #828
[backend] Fix scores from teams by @savacano28 in #829
[frontend]Fix platform lists icons by @johanah29 in #830
[frontend]List format by @johanah29 in #833
[frontend] fix y axis for simulation results by @savacano28 in #832
[frontend]Cursor atomic testing type by @johanah29 in #835
[Backend] Payload content is not considered by @rguignard in #838

New Contributors:

@guillaumejparis made their first contribution in #293
@lndrtrbn made their first contribution in #469
@savacano28 made their first contribution in #572
@johanah29 made their first contribution in #612

Full Changelog: https://github.com/OpenBAS-Platform/openbas/commits/1.0.0

OpenBAS-Platform/openbas 1.0.0 Version 1.0.0 on GitHub

Enhancements:

Bug Fixes:

Pull Requests:

New Contributors:

OpenBAS-Platform/openbas 1.0.0
Version 1.0.0

on GitHub