Hi dear community! It is release time for OpenBAS! We’re happy to introduce new great functionalities, some of them suggested by community members! 🤜🤛
As always, your feedbacks & requests will be very valuable to help us shape this exciting new product. Please let us know how you would see the product evolve and what feature would be game changing for your industry! ✨
OpenBAS Implant
We celebrated the introduction of our own OpenBAS Agent in 1.1. To fulfill the workflow and as promised, we are proud to introduce our own Implant. A quick reminder: The Agent ensures the completion of the whole simulation by spawning temporary Implants responsible for executing payloads and ultimately being caught by your security systems! The new OpenBAS implant will allow us an enhanced malicious actions’ execution and less likeliness to be detected than the Caldera one, improving our overall capacity to test evaluate your systems’ response! 🚀
Security platforms
Integrating OpenBAS with security platforms will be a long road. We’ve already integrated with some of the most popular, but what if your integration is not there yet? You may want to assess manually if they catch your payloads… With OpenBAS 1.2, you now can define security platforms through the UI and add manual expectations for them in your injects, while we keep working on more integration and automatization of your favorite tools. 🥳
Verified Payloads
OpenBAS 1.2 also introduces the Unverified/Verified custom Payloads. Integrations, like the one with Atomic Red Team, can generate a lot of custom payloads to be used into your Simulations. Such integrations are a really great way to get immediate value through OpenBAS. But some payloads imported through integration might not be up-to-date. Filigran team is dedicated to bring the most value possible and will work on verifying payloads imported through official integrations! ✅
Duplicate Payloads
Having a library of Payloads through integration is great, but editing them to fit your exact use cases is better ! With the duplication of payloads, you can now create custom payload based on our existing one to customize them following your needs, and not to have to reinvent the wheel. 😎
Enhancements:
- #1173 Be able to duplicate payloads
- #1165 Implement security platform assets associated to collectors
- #1105 Create dummy collectors placeholder and be able to validate manually its technical expectation
- #1087 Introducing OpenBAS Implant (Injector)
- #1065 Sort simulation by updated date
- #1058 Creating an Scenario, simulation or atomic testing should redirect you to the page of the element created
- #1056 UI - In the navigation group scenario with simulation and atomic testing
Bug Fixes:
- #1141 After deleting a payload, atomic testing is throwing an error when accessing
- #1132 Be able to filter users on admin property
- #1130 Import simulation error 500 - Not working
- #1129 When exporting then importing a scenario, all expectations are lost
- #1126 Using change tone for an existing email is displaying wrong options
- #1121 the select inject panel can make a scenario page crash
- #1110 When editing an endpoint without description, form cannot be validated
- #1091 Scenario scores go up to 200% when they have no result to show
- #1045 Team score over time in % of expectations is not correctly computed
- #1040 When scheduling a scenario once, then simulation is done, scenario is still marked as "scheduled"
- #1021 Expectations cumulating in front in the validations screen
- #950 Inject: Broken filter for the ATT&CK matrix
- #883 [Inject] The layout of the image in an email body doesn't seem to work
Pull Requests:
- [backend/frontend] Add pagination in exercise list and improv performance by @RomuDeuxfois in #1090
- Update test-feature-branch workflow to use new AWX endpoint by @sbocahu in #1114
- [backend] fix accumulation score of expectations by @savacano28 in #1108
- [backend] fix null pointer by @savacano28 in #1134
- [backend] filter data null by @savacano28 in #1136
- [backend] Add last seen when asset is registered through agent by @RomuDeuxfois in #1120
- [backend] Make the admin property filterable by @Dimfacion in #1133
- [backend] fix null pointer exc by @savacano28 in #1144
- Issue/950 inject broken filter for the attck matrix by @Christian-DONGMO in #1082
- [Frontend] 1058 - Creating an Scenario, simulation or atomic testing … by @Christian-DONGMO in #1124
- [backend] fix export tags in scenarios and show expectations by @savacano28 in #1146
- [frontend] Move scenarios with simulations and AT in the menu by @Dimfacion in #1152
- [backend/frontend] Sort simulation by updated date by @RomuDeuxfois in #1153
- [frontend] Fix on layout of the image no working by @Dimfacion in #1149
- [backend] Fix recurring scenario not cleaned by @RomuDeuxfois in #1116
- [Frontend]Scenario scores display by @johanah29 in #1115
- [backend] Improv performance on atomic testing pagination list by @RomuDeuxfois in #1084
- When editing an endpoint without description, form cannot be validated by @RomuDeuxfois in #1148
- Update dependency dompurify to v3.1.5 by @renovate in #1162
- Update dependency esbuild to v0.21.5 by @renovate in #1163
- [backend] Fix on count in atomic testing search by @Dimfacion in #1168
- [backend] Validate contracts undefined, null or empty (#1121) by @savacano28 in #1156
- [frontend] fix crash page atomic testing after deleting a payload by @savacano28 in #1160
- [frontend] Fix options for tone in message (#1126) by @savacano28 in #1155
- [backend/frontend] Implement the OpenBAS Implant (injector) for custom payloads (#1087) by @SamuelHassine in #1172
New Contributors:
Full Changelog: 1.1.1...1.2.0