Version 1.2.1

Bug Fixes:

• #1180 Inject is marked ready even if assets are not set
• #1170 Assets group are not selectable in Scenario, Simulation, Atomic Testing
• #1055 Assets from a group of assets are not indented anymore
• #898 OBAS performances are too slow to be used

Pull Requests:

• [backend] Apply dynamic asset groups filter just on assets type endpoint (#1170) by @savacano28 in #1169
• [backend] Add dynamic assets as children in group asset if applicable (#1055) by @savacano28 in #1154

Full Changelog: 1.2.0...1.2.1

Version 1.2.0

Hi dear community! It is release time for OpenBAS! We’re happy to introduce new great functionalities, some of them suggested by community members! 🤜🤛

As always, your feedbacks & requests will be very valuable to help us shape this exciting new product. Please let us know how you would see the product evolve and what feature would be game changing for your industry! ✨

OpenBAS Implant

We celebrated the introduction of our own OpenBAS Agent in 1.1. To fulfill the workflow and as promised, we are proud to introduce our own Implant. A quick reminder: The Agent ensures the completion of the whole simulation by spawning temporary Implants responsible for executing payloads and ultimately being caught by your security systems! The new OpenBAS implant will allow us an enhanced malicious actions’ execution and less likeliness to be detected than the Caldera one, improving our overall capacity to test evaluate your systems’ response! 🚀

Security platforms

Integrating OpenBAS with security platforms will be a long road. We’ve already integrated with some of the most popular, but what if your integration is not there yet? You may want to assess manually if they catch your payloads… With OpenBAS 1.2, you now can define security platforms through the UI and add manual expectations for them in your injects, while we keep working on more integration and automatization of your favorite tools. 🥳

Verified Payloads

OpenBAS 1.2 also introduces the Unverified/Verified custom Payloads. Integrations, like the one with Atomic Red Team, can generate a lot of custom payloads to be used into your Simulations. Such integrations are a really great way to get immediate value through OpenBAS. But some payloads imported through integration might not be up-to-date. Filigran team is dedicated to bring the most value possible and will work on verifying payloads imported through official integrations! ✅

Duplicate Payloads

Having a library of Payloads through integration is great, but editing them to fit your exact use cases is better ! With the duplication of payloads, you can now create custom payload based on our existing one to customize them following your needs, and not to have to reinvent the wheel. 😎

Enhancements:

• #1173 Be able to duplicate payloads
• #1165 Implement security platform assets associated to collectors
• #1105 Create dummy collectors placeholder and be able to validate manually its technical expectation
• #1087 Introducing OpenBAS Implant (Injector)
• #1065 Sort simulation by updated date
• #1058 Creating an Scenario, simulation or atomic testing should redirect you to the page of the element created
• #1056 UI - In the navigation group scenario with simulation and atomic testing

Bug Fixes:

• #1141 After deleting a payload, atomic testing is throwing an error when accessing
• #1132 Be able to filter users on admin property
• #1130 Import simulation error 500 - Not working
• #1129 When exporting then importing a scenario, all expectations are lost
• #1126 Using change tone for an existing email is displaying wrong options
• #1121 the select inject panel can make a scenario page crash
• #1110 When editing an endpoint without description, form cannot be validated
• #1091 Scenario scores go up to 200% when they have no result to show
• #1045 Team score over time in % of expectations is not correctly computed
• #1040 When scheduling a scenario once, then simulation is done, scenario is still marked as "scheduled"
• #1021 Expectations cumulating in front in the validations screen
• #950 Inject: Broken filter for the ATT&CK matrix
• #883 [Inject] The layout of the image in an email body doesn't seem to work

Pull Requests:

• [backend/frontend] Add pagination in exercise list and improv performance by @RomuDeuxfois in #1090
• Update test-feature-branch workflow to use new AWX endpoint by @sbocahu in #1114
• [backend] fix accumulation score of expectations by @savacano28 in #1108
• [backend] fix null pointer by @savacano28 in #1134
• [backend] filter data null by @savacano28 in #1136
• [backend] Add last seen when asset is registered through agent by @RomuDeuxfois in #1120
• [backend] Make the admin property filterable by @Dimfacion in #1133
• [backend] fix null pointer exc by @savacano28 in #1144
• Issue/950 inject broken filter for the attck matrix by @Christian-DONGMO in #1082
• [Frontend] 1058 - Creating an Scenario, simulation or atomic testing … by @Christian-DONGMO in #1124
• [backend] fix export tags in scenarios and show expectations by @savacano28 in #1146
• [frontend] Move scenarios with simulations and AT in the menu by @Dimfacion in #1152
• [backend/frontend] Sort simulation by updated date by @RomuDeuxfois in #1153
• [frontend] Fix on layout of the image no working by @Dimfacion in #1149
• [backend] Fix recurring scenario not cleaned by @RomuDeuxfois in #1116
• [Frontend]Scenario scores display by @johanah29 in #1115
• [backend] Improv performance on atomic testing pagination list by @RomuDeuxfois in #1084
• When editing an endpoint without description, form cannot be validated by @RomuDeuxfois in #1148
• Update dependency dompurify to v3.1.5 by @renovate in #1162
• Update dependency esbuild to v0.21.5 by @renovate in #1163
• [backend] Fix on count in atomic testing search by @Dimfacion in #1168
• [backend] Validate contracts undefined, null or empty (#1121) by @savacano28 in #1156
• [frontend] fix crash page atomic testing after deleting a payload by @savacano28 in #1160
• [frontend] Fix options for tone in message (#1126) by @savacano28 in #1155
• [backend/frontend] Implement the OpenBAS Implant (injector) for custom payloads (#1087) by @SamuelHassine in #1172

New Contributors:

• @sbocahu made their first contribution in #1114

Full Changelog: 1.1.1...1.2.0

Version 1.1.1

Bug Fixes:

• #1104 Caldera injector not working anymore
• #1102 Endpoints are not cleared properly
• #1101 Caldera executor not registering capabilities anymore
• #1044 When modifying an injector contract, the attack pattern field "+" is not in the right position
• #647 Login error after token expired

Pull Requests:

• Bump braces from 3.0.2 to 3.0.3 in /openbas-front by @dependabot in #1094
• Bump ws from 8.17.0 to 8.17.1 in /openbas-front by @dependabot in #1093
• [Frontend] Adjust plus sign on attack pattern field by @johanah29 in #1073
• Update dependency swagger-typescript-api to v13.0.6 by @renovate in #1098
• Update material-ui monorepo by @renovate in #1099
• Update dependency ramda to v0.30.1 by @renovate in #1097
• Update Yarn to v4.3.0 by @renovate in #1096
• Update Node.js to v20.14.0 by @renovate in #1095
• [backend] fix caldera by @RomuDeuxfois in #1103
• [backend] Fixing random login errors by @Dimfacion in #1085

Full Changelog: 1.1.0...1.1.1

Version 1.1.0

Hi dear community! Today we are proud to introduce the first upgrade of OpenBAS 🎉 leading the way to many other quick iterations we planned in order to provide you with the most complete Breach & Attack simulation solution to evaluate and validate your Security Posture! 🔥

Your feedbacks & requests will be very valuable to help us to shape this exciting new product. Please don’t hesitate to reach out. 🙂

OpenBAS Agent

With OpenBAS 1.1, we are introducing our own Agent in addition to Caldera and Tanium ones. The Agent is responsible for running your attack simulation on your endpoints. It aims to remain as neutral as possible, never directly executing malicious commands in order to stay operational and ensure the simulation flow, leaving that task to “injectors”. Until the 1.1, you could rely on a Caldera or a Tanium to be your Agent, both coming with inherent downsides, as they are not “real” BAS Agents. For example, Caldera is a well known implant, and is spotted and terminated by OS defenses right away, impacting your simulation flow.

We are planning to also provide a native OpenBAS injector, responsible for an enhanced malicious actions’ execution! 🚀

Breaking change: OpenBAS Agent is now the default Agent in platforms. If you previously used Caldera and want to continue to use it, you need to re-enabling it in the platform configuration file (documentation).

Custom payloads
We have introduced in OpenBAS 1.0.8 a key feature for our platform, and we wanted to celebrate this achievement in this major release ! 🎊 You can now create your own custom payloads inside OpenBAS and use them in your scenario, simulations and atomic testing. With this, you can integrate your carefully crafted scripts or even ones know to be used by threats meaningful to you! 🔥

Injects timeline in scenario

Until OpenBAS 1.1, it was not possible to easily see the injects’ time flow of your Scenario when defining it. We have brought the timeline to the inject page of your Scenario and simulations to let you see better when they will be played. The timeline is interactive and you can directly click on injects to edit them. 🧩

We will continue to facilitate Scenario creation, a tedious but really important phase for a relevant evaluation of your Security Posture!

Improvement of the time pickers and scheduling tool

Overall, the time picker was too clunky for efficient use. We have redesigned the UI to simplify and clarify the setup, providing you with a seamless scheduling experience.

Enhancements:

• #1089 Add timeline to the inject tab of scenario and simulation
• #919 Introducing OpenBAS Agent (Executor)
• #877 Empower the injects timeline with new interactions
• #860 Improvement of select date widget

Bug Fixes:

• #1067 Importing a simulation creates an error message or create the simulation completely empty
• #1022 Validation of manual expectation displayed in Validation screen even if the inject has failed at execution
• #1017 Full text search wrong indicators
• #1014 Error on Inject simulated emails
• #1005 Because of the sorting of simulation, it is impossible to find the recently created simulation
• #979 "Reply to" function doesn't send messages
• #944 Alignement issue in the MITRE results matrix
• #917 Inject Result for media pressure: image broken link
• #903 Imported scenario keeps the status / scheduling
• #868 Media Pressure articles are dissappearing

Pull Requests:

• [frontend] fix channels filter in definition by @guillaumejparis in #1049
• [backend/frontend] Fix reply to function in animation>mail section by @RomuDeuxfois in #1054
• [frontend]Updating the filters document by @johanah29 in #1063
• Issue/917 inject result for media pressure image broken link by @Christian-DONGMO in #1060
• Imported scenario keeps the status / scheduling by @RomuDeuxfois in #1050
• [backend] Improv performance on challenges by @RomuDeuxfois in #1066
• [backend] Improv performance on articles by @RomuDeuxfois in #1064
• [Backend] 1022 - Validation of manual expectation displayed in Valida… by @Christian-DONGMO in #1068
• [frontend] Refact timeline composant by @savacano28 in #1051
• [backend] Fix on get exercise details to have better performance by @Dimfacion in #1059
• [backend/frontend] Improv injects perf by @RomuDeuxfois in #1061
• [frontend] add timeline component into scenarios and exercise injects… by @savacano28 in #1072
• [frontend] fix by @savacano28 in #1076
• [Frontend]Improve select date widgets by @johanah29 in #1062
• [backend/frontend] Fix import by @RomuDeuxfois in #1069
• [frontend] Fix broken image by @RomuDeuxfois in #1077
• [frontend/backend] Fixing full text search wrong indicators by @Dimfacion in #1075
• [backend/frontend] Fix duplicate inject results by @RomuDeuxfois in #1074
• [backend/frontend] Adding feature flag by @Dimfacion in #1070
• [backend/frontend] Introduce the OpenBAS agent (#919) by @SamuelHassine in #1086
• Update V3_22__Endpoints.java by @RomuDeuxfois in #1088
• [frontend] Last fix before release by @johanah29 in #1083
• Issue/877 final improvements by @savacano28 in #1079

Full Changelog: 1.0.9...1.1.0

Version 1.0.9

Enhancements:

• #391 Be able to have a login message

Bug Fixes:

• #1047 Security Posture on OpenCTI
• #904 Not possible to import simulation anymore

Pull Requests:

• [frontend] adding import button on exercises list page by @Christian-DONGMO in #1027
• [backend] Fix on get teams to have better performance by @Dimfacion in #1046
• [frontend] add a no translated string eslint check and add missing translations by @guillaumejparis in #1029
• [backend] add index by @savacano28 in #1001
• [frontend] Fix theme update twice by @RomuDeuxfois in #1052
• [backend/frontend] add policies page by @savacano28 in #1015
• [backend] Change external reference resolution for OpenCTI integration by @RomuDeuxfois in #1048

Full Changelog: 1.0.8...1.0.9

Version 1.0.8

Enhancements:

• #743 Ability to create custom payload for injects

Bug Fixes:

• #1041 Atomic testing can be launched even if mandatory fields are missing in the contract

Pull Requests:

• [backend/frontend] Improv scenario pagination by @RomuDeuxfois in #1042

Full Changelog: 1.0.7...1.0.8

Version 1.0.7

Enhancements:

• #1039 Introduce statuses maybe prevented / maybe partially prevented
• #1035 Expectation expiration manager should also fail human response expectation

Bug Fixes:

• #1038 Collection of alerts is not working properly due to API failures
• #1032 Caldera injector incoherent error logging / success logging

Full Changelog: 1.0.6...1.0.7

Version 1.0.6

Bug Fixes:

• #1028 In some cases, IMAP store of sent message can fail
• #1026 Asset groups not correctly updated when add/delete assets
• #1025 Caldera get killed by ATP, need to fix the Caldera build and provide with whitelist hashes
• #1018 In some cases, the Definition screen is broken
• #1004 When removing Filigran logos, login logo is broken

Pull Requests:

• [frontend] Fix warnings and fix linter by @guillaumejparis in #915
• [frontend] Fix error on definition screen by @RomuDeuxfois in #1020
• [frontend] fix assets group list update when add/delete asset by @guillaumejparis in #1023

Full Changelog: 1.0.5...1.0.6

Version 1.0.5

Bug Fixes:

• #1008 After upgrading to 1.0.4, simulations screen is broken
• #1007 Linux / MacOS installation snippet in copy / paste have incorrect paths
• #1006 Filter on assets group are not displayed at edit / cannot be edited
• #920 Translation of parameters is not correct
• #905 Assets and dynamic assets in groups are always 0
• #841 RabbitMQ version is not correct.

Pull Requests:

• [backend] Fix exercises list by @RomuDeuxfois in #1011
• [frontend/backend] improve asset groups table with new column rules a… by @guillaumejparis in #1012
• [backend/frontend] Little fix by @RomuDeuxfois in #1016

Full Changelog: 1.0.4...1.0.5

Version 1.0.4

Enhancements:

• #1000 Rename fake detector to Expectation Expiration Manager
• #999 Migrate Microsoft Sentinel collector in Python
• #976 Implement all necessary helpers and methods for Python collectors

Bug Fixes:

• #981 "Create player" form doesn't have all the field of "Update player" form
• #960 Connection error with Imap/Smtp server
• #957 Cannot Use AI to simulate attack from OCTI

Pull Requests:

• Update fontsource monorepo by @renovate in #949
• Update dependency react-hook-form to v7.51.5 by @renovate in #948
• Update dependency @testing-library/react to v14.3.1 by @renovate in #943
• [backend] fix rabbit env variables by @guillaumejparis in #952
• Update react monorepo by @renovate in #946
• Update dependency @eslint/eslintrc to v3.1.0 by @renovate in #940
• Update material-ui monorepo by @renovate in #930
• Update typescript-eslint monorepo to v7.10.0 by @renovate in #947
• [backend] add query to fecth users by @savacano28 in #951
• [backend] fix connection at rabbitmq to publish by @guillaumejparis in #959
• [backend] Fix scenario import by @RomuDeuxfois in #961
• Issue/performance native queries by @Dimfacion in #968
• [backend/frontend] add search exercises capability by @guillaumejparis in #966
• [backend/frontend] Add trace on email and fix document error on atomic by @RomuDeuxfois in #964
• [frontend] remove some useless duplicate requests calls by @guillaumejparis in #965
• Update dependency esbuild to v0.21.4 by @renovate in #975
• Update dependency @mui/x-date-pickers to v6.20.0 by @renovate in #971
• Update dependency @vitejs/plugin-react to v4.3.0 - autoclosed by @renovate in #972
• Update dependency cronstrue to v2.50.0 by @renovate in #974
• [backend] add query to fetch documents by @Christian-DONGMO in #962
• [backend] Add more info for openbas admin email misconfiguration by @RomuDeuxfois in #956
• [Frontend]Updating platform translations by @johanah29 in #963
• [backend] remove duplicated targets in simulations by @savacano28 in #918
• Update Node.js to v20.13.1 by @renovate in #923
• Update Yarn to v4.2.2 by @renovate in #924
• Update dependency apexcharts to v3.49.1 by @renovate in #925
• Update dependency axios to v1.7.2 by @renovate in #926
• Update dependency mdi-material-ui to v7.9.1 by @renovate in #928
• Update dependency vite-plugin-istanbul to v6.0.2 by @renovate in #937
• Update dependency @stylistic/eslint-plugin to v1.8.1 by @renovate in #942
• Update dependency @hookform/resolvers to v3.4.2 by @renovate in #941
• Update opensaml.version to v4.3.2 by @renovate in #931
• [backend/frontend] get rabbitmq version and fix value in frontend by @guillaumejparis in #980
• Issue/players by @Christian-DONGMO in #982
• Update eclipse-temurin Docker tag to v21.0.3_9-jre by @renovate in #985
• Update dependency @playwright/test to v1.44.1 by @renovate in #987
• Update dependency @types/react to v18.3.3 by @renovate in #988
• Update dependency @babel/plugin-transform-modules-commonjs to v7.24.6 by @renovate in #986
• Update dependency commons-io:commons-io to v2.16.1 - autoclosed by @renovate in #989
• Update dependency react-intl to v6.6.8 by @renovate in #994
• Update dependency jsdom to v24.1.0 by @renovate in #995
• Update dependency vitest to v1.6.0 by @renovate in #996
• Update dependency react-router-dom to v6.23.1 by @renovate in #992
• Update dependency dompurify to v3.1.4 - autoclosed by @renovate in #990
• [frontend] Limit retries when sse in error by @guillaumejparis in #914
• [backend/frontend] Fix tests by @RomuDeuxfois in #998
• [Frontend|Backend]Align 'create player' form with 'update player' form by @johanah29 in #983
• Issue/performance native queries by @Dimfacion in #997
• Improvment : pagination perf by @RomuDeuxfois in #984
• [backend] Adding a timeout on the call to rabbitMQ by @Dimfacion in #1002
• Update dependency mini-css-extract-plugin to v2.9.0 by @renovate in #991

New Contributors:

• @Christian-DONGMO made their first contribution in #962

Full Changelog: 1.0.3...1.0.4