diff --git a/README.md b/README.md index a030246f..0e7497a4 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ -# OpenBAS Documentation Space +# OpenAEV Documentation Space -[![Website](https://img.shields.io/badge/website-openbas.io-blue.svg)](https://openbas.io) +[![Website](https://img.shields.io/badge/website-openaev.io-blue.svg)](https://openaev.io) [![Slack Status](https://img.shields.io/badge/slack-3K%2B%20members-4A154B)](https://community.filigran.io) ## Introduction -This is the main repository of the OpenBAS Documentation space. The online version is available directly on [docs.openbas.io](https://docs.openbas.io). +This is the main repository of the OpenAEV Documentation space. The online version is available directly on [docs.openaev.io](https://docs.openaev.io). ## Development (local setup) ### Prerequisites @@ -28,7 +28,7 @@ Please follow the Manual instructions below. ### Alternative: manual local build and serve Clone the repository: ```shell -$ git clone git@github.com:OpenBAS-Platform/docs.git +$ git clone git@github.com:OpenAEV-Platform/docs.git ``` Install dependencies; consider a virtual environment for doing so diff --git a/docs/administration/assets/agent_assets_status.png b/docs/administration/assets/agent_assets_status.png deleted file mode 100644 index a48a3ad1..00000000 Binary files a/docs/administration/assets/agent_assets_status.png and /dev/null differ diff --git a/docs/administration/assets/enterprise-activate.png b/docs/administration/assets/enterprise-activate.png index fbe80b21..a95a9a0d 100644 Binary files a/docs/administration/assets/enterprise-activate.png and b/docs/administration/assets/enterprise-activate.png differ diff --git a/docs/administration/assets/enterprise-license-agreement.png b/docs/administration/assets/enterprise-license-agreement.png index 1be0480a..739c9638 100644 Binary files a/docs/administration/assets/enterprise-license-agreement.png and b/docs/administration/assets/enterprise-license-agreement.png differ diff --git a/docs/administration/assets/login.png b/docs/administration/assets/login.png index 220f90ba..cc529608 100644 Binary files a/docs/administration/assets/login.png and b/docs/administration/assets/login.png differ diff --git a/docs/administration/enterprise.md b/docs/administration/enterprise.md index 8eb8bc92..f07d4d55 100644 --- a/docs/administration/enterprise.md +++ b/docs/administration/enterprise.md @@ -1,15 +1,15 @@ !!! tip "Filigran" - [Filigran](https://filigran.io) is providing an [Enterprise Edition](https://filigran.io/offerings/openbas-enterprise-edition) of the platform, whether [on-premise](https://filigran.io/offerings/professional-support-packages) or in the [SaaS](https://filigran.io/offerings/software-as-a-service). + [Filigran](https://filigran.io) is providing an [Enterprise Edition](https://filigran.io/offerings/openaev-enterprise-edition) of the platform, whether [on-premise](https://filigran.io/offerings/professional-support-packages) or in the [SaaS](https://filigran.io/offerings/software-as-a-service). -## What is OpenBAS EE? +## What is OpenAEV EE? -OpenBAS Enterprise Edition is based on the open core concept. This means that the source code of OBAS EE remains open +OpenAEV Enterprise Edition is based on the open core concept. This means that the source code of OBAS EE remains open source and included in the main GitHub repository of the platform but is published under a specific license. As specified in the GitHub license file: -- The OpenBAS Community Edition is licensed under the Apache License, Version 2.0 (the “Apache License”). -- The OpenBAS Enterprise Edition is licensed under the OpenBAS Enterprise Edition License (the “Enterprise Edition +- The OpenAEV Community Edition is licensed under the Apache License, Version 2.0 (the “Apache License”). +- The OpenAEV Enterprise Edition is licensed under the OpenAEV Enterprise Edition License (the “Enterprise Edition Licensee”). The source files in this repository have a header indicating which license they are under. If no such header is @@ -20,18 +20,18 @@ provided, this means that the file belongs to the Community Edition under the Ap Enterprise edition is easy to activate. You need to go the platform settings and click on the "Manage your Enterprise Edition License" button. -![OpenBAS activation](assets/enterprise-activate.png) +![OpenAEV activation](assets/enterprise-activate.png) -Then you will need to put a valid OpenBAS EE license. If you don't have it, you +Then you will need to put a valid OpenAEV EE license. If you don't have it, you can [generate a trial license](https://filigran.io/enterprise-editions-trial/). -![OpenBAS EE EULA](assets/enterprise-license-agreement.png) +![OpenAEV EE EULA](assets/enterprise-license-agreement.png) As a reminder: -- OpenBAS EE is free-to-use for development, testing and research purposes as well as for non-profit organizations. -- OpenBAS EE is included for all Filigran SaaS customers without additional fee. -- **For all other usages, OpenBAS EE is reserved to organizations that have signed a Filigran Enterprise agreement.** +- OpenAEV EE is free-to-use for development, testing and research purposes as well as for non-profit organizations. +- OpenAEV EE is included for all Filigran SaaS customers without additional fee. +- **For all other usages, OpenAEV EE is reserved to organizations that have signed a Filigran Enterprise agreement.** ## Available features @@ -42,12 +42,12 @@ Be able to use AI for content generation including emails, media pressure articl ### CrowdStrike Falcon Agent The CrowdStrike Falcon Agent can be leveraged to execute implants as detached processes that will then execute payloads -according to the [OpenBas architecture](../../deployment/overview/#architecture) +according to the [OpenAEV architecture](../deployment/platform/overview.md#architecture) ### Tanium Agent The Tanium Agent can be leveraged to execute implants as detached processes that will then execute payloads -according to the [OpenBas architecture](../../deployment/overview/#architecture) +according to the [OpenAEV architecture](../deployment/platform/overview.md#architecture) ## Remediations in CVES @@ -61,7 +61,7 @@ and [Atomic testing remediations](../usage/atomic.md). ## More to come -More features will be available in OpenBAS in the future. Features like: +More features will be available in OpenAEV in the future. Features like: - Security posture automatic evaluation. - Premium mitigations and recommendation for configuration changes. diff --git a/docs/administration/introduction.md b/docs/administration/introduction.md index f3825a06..3e7fdee3 100644 --- a/docs/administration/introduction.md +++ b/docs/administration/introduction.md @@ -2,4 +2,4 @@ !!! tip "Under construction" - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). + We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenAEV-Platform/docs). diff --git a/docs/administration/parameters.md b/docs/administration/parameters.md index ef596030..9cade54f 100644 --- a/docs/administration/parameters.md +++ b/docs/administration/parameters.md @@ -2,4 +2,4 @@ !!! tip "Under construction" - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). + We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenAEV-Platform/docs). diff --git a/docs/administration/taxonomies.md b/docs/administration/taxonomies.md index 5104041d..0aed23ff 100644 --- a/docs/administration/taxonomies.md +++ b/docs/administration/taxonomies.md @@ -1,23 +1,23 @@ # Taxonomies -Taxonomies in OpenBAS refer to the structured classification systems that help in organizing and categorizing platform +Taxonomies in OpenAEV refer to the structured classification systems that help in organizing and categorizing platform data. They are essential to the platform, enabling users to systematically tag and retrieve information based on predefined categories and terms. ## Tags -Tags in OpenBAS serve as a powerful tool for organizing, categorizing, and prioritizing data. +Tags in OpenAEV serve as a powerful tool for organizing, categorizing, and prioritizing data. Tags can be used to tag assets or teams with specific categories, making it easier to filter and search through large datasets. ## Kill chain phases -Kill chain phases are used in OpenBAS to structure and analyze the data related to cyber threats and attacks. They +Kill chain phases are used in OpenAEV to structure and analyze the data related to cyber threats and attacks. They describe the stages of an attack from the perspective of the attacker and provide a framework for identifying, analysing and responding to threats. -OpenBAS supports the following kill chain models: +OpenAEV supports the following kill chain models: - **MITRE ATT&CK Framework (Entreprise, PRE, Mobile and ICS)** @@ -28,10 +28,10 @@ injects, simulations or scenarios. ## Attack Patterns Attack patterns are structured representations of the tactics, techniques, and procedures (TTPs) used by adversaries to -compromise systems. In OpenBAS, attack patterns help analyze and classify threats, providing a standardized approach to +compromise systems. In OpenAEV, attack patterns help analyze and classify threats, providing a standardized approach to identifying and mitigating cyber risks. -OpenBAS supports the following attack pattern models: +OpenAEV supports the following attack pattern models: - **MITRE ATT&CK Framework (Enterprise, PRE, Mobile, and ICS)** @@ -43,7 +43,7 @@ CVEs (Common Vulnerabilities and Exposures) are standardized identifiers for pub vulnerabilities. Each CVE provides a unique reference, enabling consistent communication and tracking across tools and teams. -In OpenBAS, CVEs are used to associate known vulnerabilities with assets, payloads, and injects. This allows users to +In OpenAEV, CVEs are used to associate known vulnerabilities with assets, payloads, and injects. This allows users to simulate attacks based on real-world flaws, enhancing the relevance and precision of security testing. You can add, edit, or delete CVEs. diff --git a/docs/administration/users_and_rbac.md b/docs/administration/users_and_rbac.md index 99a3cbfb..90489671 100644 --- a/docs/administration/users_and_rbac.md +++ b/docs/administration/users_and_rbac.md @@ -1,6 +1,6 @@ # Users -You can manage users in `Settings > Security > Users`. If you are using Single Sign-On (SSO), user accounts in OpenBAS are automatically created upon login. +You can manage users in `Settings > Security > Users`. If you are using Single Sign-On (SSO), user accounts in OpenAEV are automatically created upon login. ![User list](assets/user-list.png) diff --git a/docs/assets/logo.png b/docs/assets/logo.png index b50609b7..4410516c 100644 Binary files a/docs/assets/logo.png and b/docs/assets/logo.png differ diff --git a/docs/deployment/assets/agents.png b/docs/deployment/assets/agents.png index 056453d2..353a42bf 100644 Binary files a/docs/deployment/assets/agents.png and b/docs/deployment/assets/agents.png differ diff --git a/docs/deployment/assets/crowdstrike-available-agent.png b/docs/deployment/assets/crowdstrike-available-agent.png deleted file mode 100644 index 6f0561e6..00000000 Binary files a/docs/deployment/assets/crowdstrike-available-agent.png and /dev/null differ diff --git a/docs/deployment/authentication.md b/docs/deployment/authentication.md index 65a088af..9fef2ec5 100644 --- a/docs/deployment/authentication.md +++ b/docs/deployment/authentication.md @@ -2,29 +2,29 @@ ## Introduction -Welcome to the authentication documentation for OpenBAS. This documentation provides details on setting up and utilizing the authentication system, which supports multiple authentication methods to cater to different user needs and security requirements. +This documentation provides details on setting up and utilizing the authentication system, which supports multiple authentication methods to cater to different user needs and security requirements. ## Supported authentication methods -### Local users +!!! tip "Production deployment" -OpenBAS use this strategy as the default, but it's not the one we recommend for security reasons. + Please use the LDAP/Auth0/OpenID/SAML strategy for production deployment. -| Parameter | Environment variable | Default value | Description | -|:-------------------------------|:-------------------------------|:----------------------|:--------------------------------------------------------------| -| openbas.auth-local-enable | OPENBAS_AUTH-LOCAL-ENABLE | true | Set this to `true` to enable username/password authentication. | +### Local users -!!! tip "Production deployment" +OpenAEV use this strategy as the default, but it's not the one we recommend for security reasons. - Please use the LDAP/Auth0/OpenID/SAML strategy for production deployment. +| Parameter | Environment variable | Default value | Description | +|:--------------------------|:--------------------------|:----------------------|:--------------------------------------------------------------| +| openaev.auth-local-enable | OPENAEV_AUTH-LOCAL-ENABLE | true | Set this to `true` to enable username/password authentication. | ### OpenID This method allows to use the [OpenID Connect Protocol](https://openid.net/connect) to handle the authentication. -| Parameter | Environment variable | Default value | Description | -|:-------------------------------|:-------------------------------|:----------------------|:--------------------------------------------------------------| -| openbas.auth-openid-enable | OPENBAS_AUTH-OPENID-ENABLE | false | Set this to `true` to enable OAuth (OpenID) authentication. | +| Parameter | Environment variable | Default value | Description | +|:-------------------------------|:---------------------------|:----------------------|:--------------------------------------------------------------| +| openaev.auth-openid-enable | OPENAEV_AUTH-OPENID-ENABLE | false | Set this to `true` to enable OAuth (OpenID) authentication. | Example for Auth0: @@ -33,7 +33,7 @@ SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_{registrationId}_ISSUER-URI=https://auth. SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_{registrationId}_CLIENT-NAME=Login with auth0 SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_{registrationId}_CLIENT-ID= SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_{registrationId}_CLIENT-SECRET= -SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_{registrationId}_REDIRECT-URI=${openbas.base-url}/login/oauth2/code/{registrationId} +SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_{registrationId}_REDIRECT-URI=${openaev.base-url}/login/oauth2/code/{registrationId} SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_{registrationId}_SCOPE=openid,profile,email ``` @@ -55,14 +55,14 @@ This strategy can be used to authenticate your user with your company SAML. | Parameter | Environment variable | Default value | Description | |:-------------------------------|:-------------------------------|:----------------------|:--------------------------------------------------------------| -| openbas.auth-saml2-enable | OPENBAS_AUTH-SAML2-ENABLE | false | Set this to `true` to enable SAML2 authentication. | +| openaev.auth-saml2-enable | OPENAEV_AUTH-SAML2-ENABLE | false | Set this to `true` to enable SAML2 authentication. | Example for Microsoft : ```properties SPRING_SECURITY_SAML2_RELYINGPARTY_REGISTRATION_{registrationId}_ENTITY-ID= SPRING_SECURITY_SAML2_RELYINGPARTY_REGISTRATION_{registrationId}_ASSERTINGPARTY_METADATA-URI= -OPENBAS_PROVIDER_{registrationId}_FIRSTNAME_ATTRIBUTE_KEY= -OPENBAS_PROVIDER_{registrationId}_LASTNAME_ATTRIBUTE_KEY= +OPENAEV_PROVIDER_{registrationId}_FIRSTNAME_ATTRIBUTE_KEY= +OPENAEV_PROVIDER_{registrationId}_LASTNAME_ATTRIBUTE_KEY= ``` !!! tip "Tips" @@ -76,7 +76,7 @@ OPENBAS_PROVIDER_{registrationId}_LASTNAME_ATTRIBUTE_KEY= Url for the config of your sso provider ``` -${openbas.base-url}/login/saml2/sso/{registrationId} +${openaev.base-url}/login/saml2/sso/{registrationId} ``` ### Map administrators to specific roles (OpenID and SAML 2) @@ -84,17 +84,8 @@ ${openbas.base-url}/login/saml2/sso/{registrationId} To grant administrative roles, you can utilize OAuth and SAML2 integration. If you opt for this approach, you'll need to include the following variables: ```properties -OPENBAS_PROVIDER_{registrationId}_ROLES_PATH=http://schemas.microsoft.com/ws/2008/06/identity/claims/role -OPENBAS_PROVIDER_{registrationId}_ROLES_ADMIN= +OPENAEV_PROVIDER_{registrationId}_ROLES_PATH=http://schemas.microsoft.com/ws/2008/06/identity/claims/role +OPENAEV_PROVIDER_{registrationId}_ROLES_ADMIN= ``` -However, if you intend to manage administrative roles within the OpenBAS platform itself, there's no need to provide these variables. - - -## Error Handling - -!!! tip "Under construction" - - We are doing our best to complete this page. - If you want to participae, dont hesitate to join the [Filigran Community on Slack](https://community.filigran.io) - or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). +However, if you intend to manage administrative roles within the OpenAEV platform itself, there's no need to provide these variables. diff --git a/docs/deployment/clustering.md b/docs/deployment/clustering.md deleted file mode 100644 index fd260998..00000000 --- a/docs/deployment/clustering.md +++ /dev/null @@ -1,5 +0,0 @@ -# Clustering - -!!! tip "Under construction" - - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). diff --git a/docs/deployment/configuration.md b/docs/deployment/configuration.md index 90bce777..52ae84d6 100644 --- a/docs/deployment/configuration.md +++ b/docs/deployment/configuration.md @@ -1,8 +1,8 @@ # Configuration -The purpose of this section is to learn how to configure OpenBAS to have it tailored for your production and development +The purpose of this section is to learn how to configure OpenAEV to have it tailored for your production and development needs. It is possible to check all default parameters implemented in the platform in the [ -`application.properties` file](https://github.com/OpenBAS-Platform/openbas/blob/master/openbas-api/src/main/resources/application.properties). +`application.properties` file](https://github.com/OpenAEV-Platform/openaev/blob/master/openaev-api/src/main/resources/application.properties). Here are the configuration keys, for both containers (environment variables) and manual deployment. @@ -26,44 +26,44 @@ Here are the configuration keys, for both containers (environment variables) and #### Basic parameters -| Parameter | Environment variable | Default value | Description | -|:-------------------------------|:-----------------------------------|:----------------------|:-------------------------------------------------------------------------------------------------------------------------| -| server.address | SERVER_ADDRESS | 0.0.0.0 | Listen address of the application | -| server.port | SERVER_PORT | 8080 | Listen port of the application | -| openbas.base-url | OPENBAS_BASE-URL | http://localhost:8080 | Base URL of the application, will be used in some email links | -| server.servlet.session.timeout | SERVER_SERVLET_SESSION_TIMEOUT | 60m | Default duration of session (60 minutes) | -| openbas.cookie-secure | OPENBAS_COOKIE-SECURE | `false` | Turn on if the access is done in HTTPS | -| openbas.cookie-duration | OPENBAS_COOKIE-DURATION | P1D | Cookie duration (default 1 day) | -| openbas.admin.email | OPENBAS_ADMIN_EMAIL | admin@openbas.io | Default login email of the admin user | -| openbas.admin.password | OPENBAS_ADMIN_PASSWORD | ChangeMe | Default password of the admin user | -| openbas.admin.token | OPENBAS_ADMIN_TOKEN | ChangeMe | Default token (must be a valid UUIDv4) | -| openbas.healthcheck.key | OPENBAS_HEALTHCHECK_KEY | ChangeMe | The key to use in the health check endpoint (/api/health) | -| inject.execution.threshold.minutes | INJECT_EXECUTION_THRESHOLD_MINUTES | 10 | Inject execution threshold in minutes. If this time is exceeded, the inject will be moved to the MAYBE_PREVENTED status. | -| openbas.starterpack.enabled | OPENBAS_STARTERPACK_ENABLED | true | StarterPack feature, providing default endpoint, asset group, scenarios and dashboards | - +| Parameter | Environment variable | Default value | Description | +|:-----------------------------------|:-----------------------------------|:----------------------|:-------------------------------------------------------------------------------------------------------------------------| +| server.address | SERVER_ADDRESS | 0.0.0.0 | Listen address of the application | +| server.port | SERVER_PORT | 8080 | Listen port of the application | +| openaev.base-url | OPENAEV_BASE-URL | http://localhost:8080 | Base URL of the application, will be used in some email links | +| server.servlet.session.timeout | SERVER_SERVLET_SESSION_TIMEOUT | 60m | Default duration of session (60 minutes) | +| openaev.cookie-secure | OPENAEV_COOKIE-SECURE | `false` | Turn on if the access is done in HTTPS | +| openaev.cookie-duration | OPENAEV_COOKIE-DURATION | P1D | Cookie duration (default 1 day) | +| openaev.admin.email | OPENAEV_ADMIN_EMAIL | admin@openaev.io | Default login email of the admin user | +| openaev.admin.password | OPENAEV_ADMIN_PASSWORD | ChangeMe | Default password of the admin user | +| openaev.admin.token | OPENAEV_ADMIN_TOKEN | ChangeMe | Default token (must be a valid UUIDv4) | +| openaev.healthcheck.key | OPENAEV_HEALTHCHECK_KEY | ChangeMe | The key to use in the health check endpoint (/api/health) | +| inject.execution.threshold.minutes | INJECT_EXECUTION_THRESHOLD_MINUTES | 10 | Inject execution threshold in minutes. If this time is exceeded, the inject will be moved to the MAYBE_PREVENTED status. | +| openaev.starterpack.enabled | OPENAEV_STARTERPACK_ENABLED | true | StarterPack feature, providing default endpoint, asset group, scenarios and dashboards | #### Network and security -| Parameter | Environment variable | Default value | Description | -|:----------------------------------|:--------------------------------|:------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| server.ssl.enabled | SERVER_SSL_ENABLED | `false` | Turn on to enable SSL on the local server | -| server.ssl.key-store-type | SERVER_SSL_KEY-STORE-TYPE | PKCS12 | Type of SSL keystore | -| server.ssl.key-store | SERVER_SSL_KEY-STORE | classpath:localhost.p12 | SSL keystore path | -| server.ssl.key-store-password | SERVER_SSL_KEY-STORE-PASSWORD | admin | SSL keystore password | -| server.ssl.key-alias | SERVER_SSL_KEY-ALIAS | localhost | SSL key alias | -| openbas.unsecured-certificate | OPENBAS_UNSECURED-CERTIFICATE | `false` | Turn on to authorize self-signed or unsecure ssl certificate | -| openbas.with-proxy | OPENBAS_WITH-PROXY | `false` | Turn on to authorize environment with proxy | -| openbas.extra-trusted-certs-dir | OPENBAS_EXTRA-TRUSTED-CERTS-DIR | | If you want to set extra trusted self-signed TLS certificates to communicate with external applications (Crowdstrike, Tanium,...),
fill this attribute with you local folder containing your public .PEM certs. If you install OpenBAS with Docker,
uncomment the volume and set the attribute in the [docker compose file](https://github.com/OpenBAS-Platform/docker/blob/master/docker-compose.yml) | +| Parameter | Environment variable | Default value | Description | +|:--------------------------------|:--------------------------------|:------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| server.ssl.enabled | SERVER_SSL_ENABLED | `false` | Turn on to enable SSL on the local server | +| server.ssl.key-store-type | SERVER_SSL_KEY-STORE-TYPE | PKCS12 | Type of SSL keystore | +| server.ssl.key-store | SERVER_SSL_KEY-STORE | classpath:localhost.p12 | SSL keystore path | +| server.ssl.key-store-password | SERVER_SSL_KEY-STORE-PASSWORD | admin | SSL keystore password | +| server.ssl.key-alias | SERVER_SSL_KEY-ALIAS | localhost | SSL key alias | +| openaev.unsecured-certificate | OPENAEV_UNSECURED-CERTIFICATE | `false` | Turn on to authorize self-signed or unsecure ssl certificate | +| openaev.with-proxy | OPENAEV_WITH-PROXY | `false` | Turn on to authorize environment with proxy | +| openaev.extra-trusted-certs-dir | OPENAEV_EXTRA-TRUSTED-CERTS-DIR | | If you want to set extra trusted self-signed TLS certificates to communicate with external applications (Crowdstrike, Tanium,...),
fill this attribute with you local folder containing your public .PEM certs. If you install OpenAEV with Docker,
uncomment the volume and set the attribute in the [docker compose file](https://github.com/OpenAEV-Platform/docker/blob/master/docker-compose.yml) | -⚠️ **Important**: If you are using the parameter `openbas.extra-trusted-certs-dir`, the file format needed for the certificates in the folder are public PEM-armoured (*.pem), DER-encoded X509 certs. +⚠️ **Important**: If you are using the parameter `openaev.extra-trusted-certs-dir`, the file format needed for the +certificates in the folder are public PEM-armoured (*.pem), DER-encoded X509 certs. #### Logging | Parameter | Environment variable | Default value | Description | |:--------------------------------------------|:--------------------------------------------|:-------------------|:----------------------------------------------| | logging.level.root | LOGGING_LEVEL_ROOT | fatal | Root log level | -| logging.level.io.openbas | LOGGING_LEVEL_IO_OPENBAS | warn | OpenBAS log level | -| logging.file.name | LOGGING_FILE_NAME | ./logs/openbas.log | Log file path (in addition to console output) | +| logging.level.io.openaev | LOGGING_LEVEL_IO_OPENAEV | warn | OpenAEV log level | +| logging.file.name | LOGGING_FILE_NAME | ./logs/openaev.log | Log file path (in addition to console output) | | logging.logback.rollingpolicy.max-file-size | LOGGING_LOGBACK_ROLLINGPOLICY_MAX-FILE-SIZE | 10MB | Rolling max file size | | logging.logback.rollingpolicy.max-history | LOGGING_LOGBACK_ROLLINGPOLICY_MAX-HISTORY | 7 | Rolling max days | @@ -71,81 +71,82 @@ Here are the configuration keys, for both containers (environment variables) and #### XTM Suite: OpenCTI -| Parameter | Environment variable | Default value | Description | -|:------------------------------------|:------------------------------------|:--------------|:----------------------------------------------------------------------------------------------------| -| openbas.xtm.opencti.enable | OPENBAS_XTM_OPENCTI_ENABLE | false | Enable integration with OpenCTI | -| openbas.xtm.opencti.url | OPENBAS_XTM_OPENCTI_URL | | OpenCTI URL | -| openbas.xtm.opencti.api_url | OPENBAS_XTM_OPENCTI_API_URL | | OpenCTI API URL, it will completly override the OpenCTI URL, otherwise the default url will be `openbas.xtm.opencti.url` + '/graphql'| -| openbas.xtm.opencti.token | OPENBAS_XTM_OPENCTI_TOKEN | | OpenCTI token | -| openbas.xtm.opencti.disable-display | OPENBAS_XTM_OPENCTI_DISABLE-DISPLAY | `false` | Disable OpenCTI in the UI | +| Parameter | Environment variable | Default value | Description | +|:------------------------------------|:------------------------------------|:--------------|:--------------------------------------------------------------------------------------------------------------------------------------| +| openaev.xtm.opencti.enable | OPENAEV_XTM_OPENCTI_ENABLE | false | Enable integration with OpenCTI | +| openaev.xtm.opencti.url | OPENAEV_XTM_OPENCTI_URL | | OpenCTI URL | +| openaev.xtm.opencti.api_url | OPENAEV_XTM_OPENCTI_API_URL | | OpenCTI API URL, it will completly override the OpenCTI URL, otherwise the default url will be `openaev.xtm.opencti.url` + '/graphql' | +| openaev.xtm.opencti.token | OPENAEV_XTM_OPENCTI_TOKEN | | OpenCTI token | +| openaev.xtm.opencti.disable-display | OPENAEV_XTM_OPENCTI_DISABLE-DISPLAY | `false` | Disable OpenCTI in the UI | #### XTM Suite: XTM Hub -| Parameter | Environment variable | Default value | Description | -|:---------------------------------|:---------------------------------|:--------------|:------------------------------------------------------------------| -| openbas.xtm.hub.enable | OPENBAS_XTM_HUB_ENABLE | false | Enable integration with XTM Hub | -| openbas.xtm.hub.url | OPENBAS_XTM_HUB_URL | | XTM Hub URL | -| openbas.xtm.hub.override-api-url | OPENBAS_XTM_HUB_OVERRIDE_API_URL | | When specified, override `openbas.xtm.hub.url` during backend calls | +| Parameter | Environment variable | Default value | Description | +|:---------------------------------|:---------------------------------|:--------------|:--------------------------------------------------------------------| +| openaev.xtm.hub.enable | OPENAEV_XTM_HUB_ENABLE | false | Enable integration with XTM Hub | +| openaev.xtm.hub.url | OPENAEV_XTM_HUB_URL | | XTM Hub URL | +| openaev.xtm.hub.override-api-url | OPENAEV_XTM_HUB_OVERRIDE_API_URL | | When specified, override `openaev.xtm.hub.url` during backend calls | #### PostgreSQL | Parameter | Environment variable | Default value | Description | |:---------------------------|:---------------------------|:----------------------|:-------------------------------------------------------------------------------------------| -| spring.datasource.url | SPRING_DATASOURCE_URL | jdbc:postgresql://... | URL of the PostgreSQL database (ex jdbc:postgresql://postgresql.mydomain.com:5432/openbas) | +| spring.datasource.url | SPRING_DATASOURCE_URL | jdbc:postgresql://... | URL of the PostgreSQL database (ex jdbc:postgresql://postgresql.mydomain.com:5432/openaev) | | spring.datasource.username | SPRING_DATASOURCE_USERNAME | | Login for the database | | spring.datasource.password | SPRING_DATASOURCE_PASSWORD | password | Password for the database | #### Engine -| Parameter | Environment variable | Default value | Description | -|:------------------------|:-----------------------|:----------------------|:-----------------------------------------------------------------------------------------------| -| engine.engine-aws-mode | ENGINE_ENGINE_AWS_MODE | no | Whether to use AWS SigV4 authentication (yes or no) | -| engine.engine-selector | ENGINE_ENGINE_SELECTOR | elk | Engine to use for storage and search (`elk` for ElasticSearch and `opensearch` for OpenSearch) | -| engine.url | ENGINE_URL | http://localhost:9200 | URL of the ElasticSearch database | -| engine.username | ENGINE_USERNAME | | This parameter is optional. Login for the database | -| engine.password | ENGINE_PASSWORD | | This parameter is optional. Password for the dat | +| Parameter | Environment variable | Default value | Description | +|:-----------------------|:-----------------------|:----------------------|:-----------------------------------------------------------------------------------------------| +| engine.engine-aws-mode | ENGINE_ENGINE_AWS_MODE | no | Whether to use AWS SigV4 authentication (yes or no) | +| engine.engine-selector | ENGINE_ENGINE_SELECTOR | elk | Engine to use for storage and search (`elk` for ElasticSearch and `opensearch` for OpenSearch) | +| engine.url | ENGINE_URL | http://localhost:9200 | URL of the ElasticSearch database | +| engine.username | ENGINE_USERNAME | | This parameter is optional. Login for the database | +| engine.password | ENGINE_PASSWORD | | This parameter is optional. Password for the dat | -If you switch your engine selector, you’ll need to delete the `indexing_status` table in PostgreSQL to trigger a full reindex. +If you switch your engine selector, you’ll need to delete the `indexing_status` table in PostgreSQL to trigger a full +reindex. #### RabbitMQ -| Parameter | Environment variable | Default value | Description | +| Parameter | Environment variable | Default value | Description | |:--------------------------------------|:--------------------------------------|:----------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| openbas.rabbitmq.prefix | OPENBAS_RABBITMQ_PREFIX | openbas | Prefix for the queue names | -| openbas.rabbitmq.hostname | OPENBAS_RABBITMQ_HOSTNAME | localhost | Hostname of the RabbitMQ server | -| openbas.rabbitmq.vhost | OPENBAS_RABBITMQ_VHOST | / | Vhost of the RabbitMQ server | -| openbas.rabbitmq.port | OPENBAS_RABBITMQ_PORT | 5672 | Port of the RabbitMQ Server | -| openbas.rabbitmq.management-port | OPENBAS_RABBITMQ_MANAGEMENT-PORT | 15672 | Management port of the RabbitMQ Server | -| openbas.rabbitmq.ssl | OPENBAS_RABBITMQ_SSL | `false` | Use SSL | -| openbas.rabbitmq.user | OPENBAS_RABBITMQ_USER | guest | RabbitMQ user | -| openbas.rabbitmq.pass | OPENBAS_RABBITMQ_PASS | guest | RabbitMQ password | -| openbas.rabbitmq.queue-type | OPENBAS_RABBITMQ_QUEUE-TYPE | classic | RabbitMQ Queue Type ("classic" or "quorum") | -| openbas.rabbitmq.management-insecure | OPENBAS_RABBITMQ_MANAGEMENT-INSECURE | `true` | Whether or not the calls to the management plugin of rabbitmq can be insecure | -| openbas.rabbitmq.trust.store | OPENBAS_RABBITMQ_TRUST_STORE | | Path to the p12 keystore file to use if ssl is activated and insecure management is deactivated. The keystore must contain the client side certificate and key generated for ssl. | -| openbas.rabbitmq.trust-store-password | OPENBAS_RABBITMQ_TRUST-STORE-PASSWORD | | Password of the keystore | +| openaev.rabbitmq.prefix | OPENAEV_RABBITMQ_PREFIX | openaev | Prefix for the queue names | +| openaev.rabbitmq.hostname | OPENAEV_RABBITMQ_HOSTNAME | localhost | Hostname of the RabbitMQ server | +| openaev.rabbitmq.vhost | OPENAEV_RABBITMQ_VHOST | / | Vhost of the RabbitMQ server | +| openaev.rabbitmq.port | OPENAEV_RABBITMQ_PORT | 5672 | Port of the RabbitMQ Server | +| openaev.rabbitmq.management-port | OPENAEV_RABBITMQ_MANAGEMENT-PORT | 15672 | Management port of the RabbitMQ Server | +| openaev.rabbitmq.ssl | OPENAEV_RABBITMQ_SSL | `false` | Use SSL | +| openaev.rabbitmq.user | OPENAEV_RABBITMQ_USER | guest | RabbitMQ user | +| openaev.rabbitmq.pass | OPENAEV_RABBITMQ_PASS | guest | RabbitMQ password | +| openaev.rabbitmq.queue-type | OPENAEV_RABBITMQ_QUEUE-TYPE | classic | RabbitMQ Queue Type ("classic" or "quorum") | +| openaev.rabbitmq.management-insecure | OPENAEV_RABBITMQ_MANAGEMENT-INSECURE | `true` | Whether or not the calls to the management plugin of rabbitmq can be insecure | +| openaev.rabbitmq.trust.store | OPENAEV_RABBITMQ_TRUST_STORE | | Path to the p12 keystore file to use if ssl is activated and insecure management is deactivated. The keystore must contain the client side certificate and key generated for ssl. | +| openaev.rabbitmq.trust-store-password | OPENAEV_RABBITMQ_TRUST-STORE-PASSWORD | | Password of the keystore | #### S3 bucket -| Parameter | Environment variable | Default value | Description | -|:--------------------|:---------------------|:--------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| minio.endpoint | MINIO_ENDPOINT | localhost | Hostname of the S3 Service. Example if you use AWS Bucket S3: __s3.us-east-1.amazonaws.com__ (if `minio:bucket_region` value is _us-east-1_). This parameter value can be omitted if you use Minio as an S3 Bucket Service. | -| minio.port | MINIO_PORT | 9000 | Port of the S3 Service. For AWS Bucket S3 over HTTPS, this value can be changed (usually __443__). | -| minio.secure | MINIO_SECURE | `false` | Indicates whether the S3 Service has TLS enabled. For AWS Bucket S3 over HTTPS, this value could be `true`. | -| minio.access-key | MINIO_ACCESS-KEY | key | Access key for the S3 Service. | -| minio.access-secret | MINIO_ACCESS-SECRET | secret | Secret key for the S3 Service. | -| minio.bucket | MINIO_BUCKET | openbas | S3 bucket name. Useful to change if you use AWS. | -| minio.bucket-region | MINIO_BUCKET-REGION | us-east-1 | Region of the S3 bucket if you are using AWS. This parameter value can be omitted if you use Minio as an S3 Bucket Service. | -| openbas.s3.use-aws-role | OPENBAS_S3_USE-AWS-ROLE | `false` | Whether or not we want to get the AWS role using AWS Security Token Service | -| openbas.s3.sts-endpoint | OPENBAS_S3_STS-ENDPOINT | | `experimental` This parameter is optional. If it stays empty, it will use either the AWS legacy STS endpoint (https://sts.amazonaws.com) or the regional one using AWS_REGION if the environment variable is set (you can learn more about it [here](https://docs.aws.amazon.com/general/latest/gr/sts.html#sts_region)). Otherwise, if you want to use your own custom implementation of STS endpoints, you can set it here. | +| Parameter | Environment variable | Default value | Description | +|:------------------------|:------------------------|:--------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| minio.endpoint | MINIO_ENDPOINT | localhost | Hostname of the S3 Service. Example if you use AWS Bucket S3: __s3.us-east-1.amazonaws.com__ (if `minio:bucket_region` value is _us-east-1_). This parameter value can be omitted if you use Minio as an S3 Bucket Service. | +| minio.port | MINIO_PORT | 9000 | Port of the S3 Service. For AWS Bucket S3 over HTTPS, this value can be changed (usually __443__). | +| minio.secure | MINIO_SECURE | `false` | Indicates whether the S3 Service has TLS enabled. For AWS Bucket S3 over HTTPS, this value could be `true`. | +| minio.access-key | MINIO_ACCESS-KEY | key | Access key for the S3 Service. | +| minio.access-secret | MINIO_ACCESS-SECRET | secret | Secret key for the S3 Service. | +| minio.bucket | MINIO_BUCKET | openaev | S3 bucket name. Useful to change if you use AWS. | +| minio.bucket-region | MINIO_BUCKET-REGION | us-east-1 | Region of the S3 bucket if you are using AWS. This parameter value can be omitted if you use Minio as an S3 Bucket Service. | +| openaev.s3.use-aws-role | OPENAEV_S3_USE-AWS-ROLE | `false` | Whether or not we want to get the AWS role using AWS Security Token Service | +| openaev.s3.sts-endpoint | OPENAEV_S3_STS-ENDPOINT | | `experimental` This parameter is optional. If it stays empty, it will use either the AWS legacy STS endpoint (https://sts.amazonaws.com) or the regional one using AWS_REGION if the environment variable is set (you can learn more about it [here](https://docs.aws.amazon.com/general/latest/gr/sts.html#sts_region)). Otherwise, if you want to use your own custom implementation of STS endpoints, you can set it here. | #### Agents (executors) -To be able to use the power of the OpenBAS platform on endpoints, you need at least one **neutral executor** that will +To be able to use the power of the OpenAEV platform on endpoints, you need at least one **neutral executor** that will be in charge of executing implants as detached processes. Implants will then execute payloads. -##### OpenBAS Agent +##### OpenAEV Agent -The OpenBAS agent is enabled by default and cannot be disabled. It is available for: +The OpenAEV agent is enabled by default and cannot be disabled. It is available for: - Windows (`x86_64` / `arm64`) - Linux (`x86_64` / `arm64`) @@ -194,34 +195,34 @@ required. You can find a guide [here](https://support.google.com/accounts/answer | Parameter | Environment variable | Default value | Description | |:---------------------------|:---------------------------|:------------------|:------------------------------------------------------------------------------------| -| openbas.mail.imap.enabled | OPENBAS_MAIL_IMAP_ENABLED | false | Turn on to enable IMAP mail synchronization. Injector email must be well configured | -| openbas.mail.imap.host | OPENBAS_MAIL_IMAP_HOST | imap.mail.com | IMAP Server hostname | -| openbas.mail.imap.port | OPENBAS_MAIL_IMAP_PORT | 993 | IMAP Server port | -| openbas.mail.imap.username | OPENBAS_MAIL_IMAP_USERNAME | username@mail.com | IMAP Server username | -| openbas.mail.imap.password | OPENBAS_MAIL_IMAP_PASSWORD | password | IMAP Server password | -| openbas.mail.imap.inbox | OPENBAS_MAIL_IMAP_INBOX | INBOX | IMAP inbox directory to synchronize from | -| openbas.mail.imap.sent | OPENBAS_MAIL_IMAP_SENT | Sent | IMAP sent directory to synchronize from | +| openaev.mail.imap.enabled | OPENAEV_MAIL_IMAP_ENABLED | false | Turn on to enable IMAP mail synchronization. Injector email must be well configured | +| openaev.mail.imap.host | OPENAEV_MAIL_IMAP_HOST | imap.mail.com | IMAP Server hostname | +| openaev.mail.imap.port | OPENAEV_MAIL_IMAP_PORT | 993 | IMAP Server port | +| openaev.mail.imap.username | OPENAEV_MAIL_IMAP_USERNAME | username@mail.com | IMAP Server username | +| openaev.mail.imap.password | OPENAEV_MAIL_IMAP_PASSWORD | password | IMAP Server password | +| openaev.mail.imap.inbox | OPENAEV_MAIL_IMAP_INBOX | INBOX | IMAP inbox directory to synchronize from | +| openaev.mail.imap.sent | OPENAEV_MAIL_IMAP_SENT | Sent | IMAP sent directory to synchronize from | | Parameter | Environment variable | Default value | Description | |:----------------------------------|:----------------------------------|:--------------|:------------------------------| -| openbas.mail.imap.ssl.enable | OPENBAS_MAIL_IMAP_SSL_ENABLE | true | Turn on IMAP SSL mode | -| openbas.mail.imap.ssl.trust | OPENBAS_MAIL_IMAP_SSL_TRUST | * | Trust unverified certificates | -| openbas.mail.imap.auth | OPENBAS_MAIL_IMAP_AUTH | true | Turn on IMAP authentication | -| openbas.mail.imap.starttls.enable | OPENBAS_MAIL_IMAP_STARTTLS_ENABLE | true | Turn on IMAP STARTTLS | +| openaev.mail.imap.ssl.enable | OPENAEV_MAIL_IMAP_SSL_ENABLE | true | Turn on IMAP SSL mode | +| openaev.mail.imap.ssl.trust | OPENAEV_MAIL_IMAP_SSL_TRUST | * | Trust unverified certificates | +| openaev.mail.imap.auth | OPENAEV_MAIL_IMAP_AUTH | true | Turn on IMAP authentication | +| openaev.mail.imap.starttls.enable | OPENAEV_MAIL_IMAP_STARTTLS_ENABLE | true | Turn on IMAP STARTTLS | > **Note :** Example with Gmail -| Parameter | Environment variable | Value | Description | -|:-----------------------------|:-----------------------------|:-------------------|:----------------------------------------| -| openbas.mail.imap.enabled | OPENBAS_MAIL_IMAP_ENABLED | true | Enable IMAP for Gmail | -| openbas.mail.imap.host | OPENBAS_MAIL_IMAP_HOST | imap.gmail.com | Gmail IMAP server hostname | -| openbas.mail.imap.port | OPENBAS_MAIL_IMAP_PORT | 993 | Gmail IMAP port (SSL) | -| openbas.mail.imap.username | OPENBAS_MAIL_IMAP_USERNAME | username@mail.com | Gmail address | -| openbas.mail.imap.password | OPENBAS_MAIL_IMAP_PASSWORD | app password | Gmail App-specific password | -| openbas.mail.imap.ssl.enable | OPENBAS_MAIL_IMAP_SSL_ENABLE | true | Enable IMAP SSL | -| openbas.mail.imap.ssl.trust | OPENBAS_MAIL_IMAP_SSL_TRUST | * | Trust unverified certificates | -| openbas.mail.imap.auth | OPENBAS_MAIL_IMAP_AUTH | true | Enable IMAP authentication | -| openbas.mail.imap.sent | OPENBAS_MAIL_IMAP_SENT | [Gmail]/Sent Mail | IMAP sent directory to synchronize from | +| Parameter | Environment variable | Value | Description | +|:-----------------------------|:-----------------------------|:------------------|:----------------------------------------| +| openaev.mail.imap.enabled | OPENAEV_MAIL_IMAP_ENABLED | true | Enable IMAP for Gmail | +| openaev.mail.imap.host | OPENAEV_MAIL_IMAP_HOST | imap.gmail.com | Gmail IMAP server hostname | +| openaev.mail.imap.port | OPENAEV_MAIL_IMAP_PORT | 993 | Gmail IMAP port (SSL) | +| openaev.mail.imap.username | OPENAEV_MAIL_IMAP_USERNAME | username@mail.com | Gmail address | +| openaev.mail.imap.password | OPENAEV_MAIL_IMAP_PASSWORD | app password | Gmail App-specific password | +| openaev.mail.imap.ssl.enable | OPENAEV_MAIL_IMAP_SSL_ENABLE | true | Enable IMAP SSL | +| openaev.mail.imap.ssl.trust | OPENAEV_MAIL_IMAP_SSL_TRUST | * | Trust unverified certificates | +| openaev.mail.imap.auth | OPENAEV_MAIL_IMAP_AUTH | true | Enable IMAP authentication | +| openaev.mail.imap.sent | OPENAEV_MAIL_IMAP_SENT | [Gmail]/Sent Mail | IMAP sent directory to synchronize from | ⚠️ **Important**: If you are using two-factor authentication on your Gmail account, an app-specific password is required. You can find a guide [here](https://support.google.com/accounts/answer/185833). @@ -230,7 +231,7 @@ required. You can find a guide [here](https://support.google.com/accounts/answer !!! note "AI deployment and cloud services" - There are several possibilities for [Enterprise Edition](../administration/enterprise.md) customers to use OpenBAS AI endpoints: + There are several possibilities for [Enterprise Edition](../administration/enterprise.md) customers to use OpenAEV AI endpoints: - Use the Filigran AI Service leveraging our custom AI model using the token given by the support team. - Use OpenAI or MistralAI cloud endpoints using your own tokens. @@ -243,4 +244,4 @@ required. You can find a guide [here](https://support.google.com/accounts/answer | ai.endpoint | AI_ENDPOINT | | Endpoint URL (empty means default cloud service) | | ai.token | AI_TOKEN | | Token for endpoint credentials | | ai.model | AI_MODEL | | Model to be used for text generation (depending on type) | -| ai.model_images | AI_MODEL_IMAGES | | Model to be used for image generation (depending on type) | \ No newline at end of file +| ai.model_images | AI_MODEL_IMAGES | | Model to be used for image generation (depending on type) | diff --git a/docs/deployment/ecosystem/collectors.md b/docs/deployment/ecosystem/collectors.md index 47804033..fa581715 100644 --- a/docs/deployment/ecosystem/collectors.md +++ b/docs/deployment/ecosystem/collectors.md @@ -10,7 +10,7 @@ #### Configuration -All external collectors have to be able to access the OpenBAS API. To allow this connection, they have 2 mandatory configuration parameters, the `OPENBAS_URL` and the `OPENBAS_TOKEN`. In addition to these 2 parameters, collectors have other mandatory parameters that need to be set in order to get them work. +All external collectors have to be able to access the OpenAEV API. To allow this connection, they have 2 mandatory configuration parameters, the `OPENAEV_URL` and the `OPENAEV_TOKEN`. In addition to these 2 parameters, collectors have other mandatory parameters that need to be set in order to get them work. !!! info "Collector tokens" @@ -18,8 +18,8 @@ All external collectors have to be able to access the OpenBAS API. To allow this Here is an example of a collector `docker-compose.yml` file: ```yaml -- OPENBAS_URL=http://localhost -- OPENBAS_TOKEN=ChangeMe +- OPENAEV_URL=http://localhost +- OPENAEV_TOKEN=ChangeMe - COLLECTOR_ID=ChangeMe # Specify a valid UUIDv4 of your choice - "COLLECTOR_NAME=MITRE ATT&CK" - COLLECTOR_LOG_LEVEL=error @@ -28,7 +28,7 @@ Here is an example of a collector `docker-compose.yml` file: Here is an example in a collector `config.yml` file: ```yaml -openbas: +openaev: url: 'http://localhost:3001' token: 'ChangeMe' @@ -48,10 +48,10 @@ For instance, to enable the MITRE ATT&CK collector, you can add a new service to ```docker collector-mitre-attack: - image: openbas/collector-mitre-attack:1.0.0 + image: openaev/collector-mitre-attack:1.0.0 environment: - - OPENBAS_URL=http://localhost - - OPENBAS_TOKEN=ChangeMe + - OPENAEV_URL=http://localhost + - OPENAEV_TOKEN=ChangeMe - COLLECTOR_ID=ChangeMe - "COLLECTOR_NAME=MITRE ATT&CK" - COLLECTOR_LOG_LEVEL=error @@ -60,10 +60,10 @@ For instance, to enable the MITRE ATT&CK collector, you can add a new service to ### Launch a standalone collector -To launch standalone collector, you can use the `docker-compose.yml` file of the collector itself. Just download the latest [release](https://github.com/OpenBAS-Platform/collectors/releases) and start the collector: +To launch standalone collector, you can use the `docker-compose.yml` file of the collector itself. Just download the latest [release](https://github.com/OpenAEV-Platform/collectors/releases) and start the collector: ``` -$ wget https://github.com/OpenBAS-Platform/collectors/archive/{RELEASE_VERSION}.zip +$ wget https://github.com/OpenAEV-Platform/collectors/archive/{RELEASE_VERSION}.zip $ unzip {RELEASE_VERSION}.zip $ cd collectors-{RELEASE_VERSION}/mitre-attack/ ``` @@ -85,7 +85,7 @@ $ apt install python3 python3-pip Download the release of the collectors: ``` -$ wget +$ wget $ unzip {RELEASE_VERSION}.zip $ cd collectors-{RELEASE_VERSION}/mitre-attack/src/ ``` @@ -100,7 +100,7 @@ $ cp config.yml.sample config.yml Change the `config.yml` content according to the parameters of the platform and of the targeted service and launch the collector: ``` -$ python3 openbas_mitre.py +$ python3 openaev_mitre.py ``` ## Collectors status @@ -108,7 +108,3 @@ $ python3 openbas_mitre.py The collector status can be displayed in the dedicated section of the platform available in Integration > collectors. You will be able to see the statistics of the RabbitMQ queue of the collector: ![collectors](../assets/collectors-status.png) - -!!! bug "Problem" - - If you encounter problems deploying OpenBAS or collectors, you can consult the [troubleshooting page](../troubleshooting.md) page. diff --git a/docs/deployment/ecosystem/executors.md b/docs/deployment/ecosystem/executors.md index 05ed9c3c..adf408a1 100644 --- a/docs/deployment/ecosystem/executors.md +++ b/docs/deployment/ecosystem/executors.md @@ -2,46 +2,42 @@ ## Introduction -To be able to use the power of the OpenBAS platform on endpoints, you need at least one **neutral executor** that will +To be able to use the power of the OpenAEV platform on endpoints, you need at least one **neutral executor** that will be in charge of executing implants as detached processes. Implants will then execute payloads. -![Architecture](../platform/assets/architecture.png) - -The OpenBAS platform manages 4 executors which can be installed on Windows, Linux and MacOS using x86_64 or arm64 +The platform manages different executors which can be installed on Windows, Linux and MacOS using x86_64 or arm64 architectures. This table below summarizes the information about each agent. | Executor | Type | Installation mode | Installation type | Run As | Payload execution | Multi agents for an endpoint | |:-----------------------------------|:--------------|:--------------------------------------------------|:------------------|:---------------------------------------|:-----------------------------------------------|:-------------------------------------------------| -| **OpenBAS Agent (native/default)** | Open source | As a user session, user service or system service | Script | A standard or admin background process | As a user standard, user admin or system admin | Yes, depending on the user and installation mode | +| **OpenAEV Agent (native/default)** | Open source | As a user session, user service or system service | Script | A standard or admin background process | As a user standard, user admin or system admin | Yes, depending on the user and installation mode | | **Tanium Agent** | Under license | As a system service | Executable | An admin background process | As a system admin | No, always the same agent | | **Crowdstrike Falcon Agent** | Under license | As a system service | Executable | An admin background process | As a system admin | No, always the same agent | | **Caldera Agent** | Open source | As a user session | Script | An admin background process | As a user admin | Yes, depending on the user | -For more details about the installation and working of each agent, see the sections dedicated below. - -## OpenBAS Agent +## OpenAEV Agent -The OpenBAS agent is available for Windows, Linux and MacOS, it is the native / default way to execute implants and +The OpenAEV agent is available for Windows, Linux and MacOS, it is the native / default way to execute implants and payloads on endpoints. -[Learn More](../../usage/openbas-agent.md) +[Learn More](../../usage/openaev-agent.md) ## Tanium Agent The Tanium agent can be leveraged to execute implants as detached processes that will then execute payloads, according -to the [OpenBAS architecture](https://docs.openbas.io/latest/deployment/overview). +to the [OpenAEV architecture](https://docs.openaev.io/latest/deployment/overview). ### Configure the Tanium Platform We -provide [two Tanium packages](https://github.com/OpenBAS-Platform/openbas/blob/master/openbas-api/src/main/java/io/openbas/executors/tanium/openbas-tanium-packages.json) +provide [two Tanium packages](https://github.com/OpenAEV-Platform/openaev/blob/master/openaev-api/src/main/java/io/openaev/executors/tanium/openaev-tanium-packages.json) to be imported into the Tanium platform. ![Tanium Packages](../assets/tanium-packages.png) !!! warning "Tanium package configuration" - Because OpenBAS should run implants as detached processes, you must uncheck + Because OpenAEV should run implants as detached processes, you must uncheck **"Launch this package command in a process group"** in the package configuration: ![Tanium Package](../assets/tanium-package.png) @@ -49,15 +45,15 @@ to be imported into the Tanium platform. !!! warning "Tanium Threat Response usage" If your environment uses **Tanium Threat Response (TTR)** together with the Tanium agent, you should rely on the **dedicated TTR package**. - This package technically works in all cases, but it is **only recommended** when OpenBAS runs on endpoints with TTR enabled. + This package technically works in all cases, but it is **only recommended** when OpenAEV runs on endpoints with TTR enabled. Reason: this package performs more extensive operations on the machine and can generate **more noise and alerts**. → If you do **not** use Tanium Threat Response, prefer the **standard Tanium package**. 📦 Packages to import: - - [OpenBAS Tanium Windows & Unix package (TTR)](https://github.com/OpenBAS-Platform/openbas/blob/master/openbas-api/src/main/java/io/openbas/executors/tanium/openbas-tanium-packages-TTR.json) + - [OpenAEV Tanium Windows & Unix package (TTR)](https://github.com/OpenAEV-Platform/openaev/blob/master/openaev-api/src/main/java/io/openaev/executors/tanium/openaev-tanium-packages-TTR.json) 📜 Scripts to attach in the package configuration into files section: - - [Windows TTR script](https://github.com/OpenBAS-Platform/openbas/blob/master/openbas-api/src/main/java/io/openbas/executors/tanium/openbas-ttr.ps1) + - [Windows TTR script](https://github.com/OpenAEV-Platform/openaev/blob/master/openaev-api/src/main/java/io/openaev/executors/tanium/openaev-ttr.ps1) | Package type | Recommended use case | Characteristics | |-----------------------------|---------------------------------------|------------------------------------------------------------| @@ -72,7 +68,7 @@ Once configured and imported, retrieve the package IDs from the URL: > - **Computer Group ID**: identifies which endpoints will be queried. > - **Action Group ID**: identifies where actions (like package execution) are allowed. -### Configure the OpenBAS Platform +### Configure the OpenAEV Platform To use the Tanium executor, fill the following configuration: @@ -83,8 +79,8 @@ To use the Tanium executor, fill the following configuration: | executor.tanium.api-key | EXECUTOR_TANIUM_API-KEY | | Tanium API key | | executor.tanium.computer-group-id | EXECUTOR_TANIUM_COMPUTER_GROUP_ID | `1` | Tanium Computer Group to be used in simulations | | executor.tanium.action-group-id | EXECUTOR_TANIUM_ACTION_GROUP_ID | `4` | Tanium Action Group to apply actions to | -| executor.tanium.windows-package-id | EXECUTOR_TANIUM_WINDOWS_PACKAGE_ID | | ID of the OpenBAS Tanium Windows package | -| executor.tanium.unix-package-id | EXECUTOR_TANIUM_UNIX_PACKAGE_ID | | ID of the OpenBAS Tanium Unix package | +| executor.tanium.windows-package-id | EXECUTOR_TANIUM_WINDOWS_PACKAGE_ID | | ID of the OpenAEV Tanium Windows package | +| executor.tanium.unix-package-id | EXECUTOR_TANIUM_UNIX_PACKAGE_ID | | ID of the OpenAEV Tanium Unix package | !!! note "Tanium API Key" @@ -100,49 +96,49 @@ Once enabled, you should see **Tanium** available in the `Install agents` sectio ![Agents](../assets/agents.png) -Endpoints from the selected computer groups should now appear in the **OpenBAS Endpoints** section: +Endpoints from the selected computer groups should now appear in the **OpenAEV Endpoints** section: ![Endpoints](../assets/tanium-endpoints.png) !!! note "Agent uniqueness" An endpoint can only have **one Tanium agent** registered due to MAC address uniqueness. - Installing a new agent will overwrite the existing one, and you will always see a single endpoint in the OpenBAS console. + Installing a new agent will overwrite the existing one, and you will always see a single endpoint in the OpenAEV console. !!! success "Installation done" - You are now ready to leverage your Tanium platform to run OpenBAS payloads! + You are now ready to leverage your Tanium platform to run OpenAEV payloads! --- ## CrowdStrike Falcon Agent The CrowdStrike Falcon agent can be leveraged to execute implants as detached processes that will then execute payloads -according to the [OpenBAS architecture](https://docs.openbas.io/latest/deployment/overview). +according to the [OpenAEV architecture](https://docs.openaev.io/latest/deployment/overview). The implants will be downloaded to these folders on the different assets: -* On Windows assets: `C:\Windows\Temp\.openbas\implant-XXXXX` -* On Linux or MacOS assets: `/tmp/.openbas/implant-XXXXX` +* On Windows assets: `C:\Windows\Temp\.openaev\implant-XXXXX` +* On Linux or MacOS assets: `/tmp/.openaev/implant-XXXXX` where XXXXX will be a completely random UUID, generated for each inject that will be executed. This ensures that the implants are unique and will be deleted on assets' restart. ### Configure the CrowdStrike Platform -#### Upload OpenBAS scripts +#### Upload OpenAEV scripts First of all, you need to create two custom scripts, one for Windows and one for Unix, covering both Linux and MacOS systems. To create it, go to `Host setup and management` > `Response and containment` > `Response scripts and files`. The names -of the scripts can be changed if necessary, they will be put in the OpenBAS configuration. +of the scripts can be changed if necessary, they will be put in the OpenAEV configuration. *Unix Script* | Attribute | Value | |:----------------------|:-----------------------------------------------------------------| -| name | OpenBAS Subprocessor (Unix) | +| name | OpenAEV Subprocessor (Unix) | | shell type | bash | | script access | Users with the role of RTR Administrator or RTR Active Responder | | shared with workflows | yes | @@ -178,7 +174,7 @@ Put the following Input schema: | Attribute | Value | |:----------------------|:-----------------------------------------------------------------| -| name | OpenBAS Subprocessor (Windows) | +| name | OpenAEV Subprocessor (Windows) | | shell type | PowerShell | | script access | Users with the role of RTR Administrator or RTR Active Responder | | shared with workflows | yes | @@ -227,7 +223,7 @@ To create a host group, go to `Host setup and management` > `Host groups`. #### Create/Update response policies for your targeted platforms -As OpenBAS will ask CrowdStrike to create implants in order to execute payloads as scripts, you need to allow the +As OpenAEV will ask CrowdStrike to create implants in order to execute payloads as scripts, you need to allow the execution of custom scripts on your assets. To do so, you need to create a new response policy or update an existing one for your assets' platforms. @@ -250,7 +246,7 @@ Once done, the policy may take a few minutes to be applied to your assets. You can go back to the policies list screen and check that there is a 0 in the `Pending` column to know that it has been applied. -### Configure the OpenBAS platform +### Configure the OpenAEV platform !!! warning "CrowdStrike API Key" @@ -262,51 +258,51 @@ To use the CrowdStrike executor, just fill the following configuration. |:-----------------------------------------------------------|:-----------------------------------------------------------|:-----------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------| | executor.crowdstrike.enable | EXECUTOR_CROWDSTRIKE_ENABLE | `false` | Enable the Crowdstrike executor | | executor.crowdstrike.api-url | EXECUTOR_CROWDSTRIKE_API_URL | `https://api.us-2.crowdstrike.com` | Crowdstrike API url | -| executor.crowdstrike.api-register-interval | EXECUTOR_CROWDSTRIKE_API_REGISTER_INTERVAL | 1200 | Crowdstrike API interval to register/update the host groups/hosts/agents in OpenBAS (in seconds) | +| executor.crowdstrike.api-register-interval | EXECUTOR_CROWDSTRIKE_API_REGISTER_INTERVAL | 1200 | Crowdstrike API interval to register/update the host groups/hosts/agents in OpenAEV (in seconds) | | executor.crowdstrike.api-batch-execution-action-pagination | EXECUTOR_CROWDSTRIKE_API_BATCH_EXECUTION_ACTION_PAGINATION | 2500 | Crowdstrike API pagination per second to set for hosts batch executions (number of hosts sent per second to Crowdstrike to execute a payload) | | executor.crowdstrike.client-id | EXECUTOR_CROWDSTRIKE_CLIENT_ID | | Crowdstrike client id | | executor.crowdstrike.client-secret | EXECUTOR_CROWDSTRIKE_CLIENT_SECRET | | Crowdstrike client secret | | executor.crowdstrike.host-group | EXECUTOR_CROWDSTRIKE_HOST_GROUP | | Crowdstrike host group id or hosts groups ids separated with commas | -| executor.crowdstrike.windows-script-name | EXECUTOR_CROWDSTRIKE_WINDOWS_SCRIPT_NAME | `OpenBAS Subprocessor (Windows)` | Name of the OpenBAS Crowdstrike windows script | -| executor.crowdstrike.unix-script-name | EXECUTOR_CROWDSTRIKE_UNIX_SCRIPT_NAME | `OpenBAS Subprocessor (Unix)` | Name of the OpenBAS Crowdstrike unix script | +| executor.crowdstrike.windows-script-name | EXECUTOR_CROWDSTRIKE_WINDOWS_SCRIPT_NAME | `OpenAEV Subprocessor (Windows)` | Name of the OpenAEV Crowdstrike windows script | +| executor.crowdstrike.unix-script-name | EXECUTOR_CROWDSTRIKE_UNIX_SCRIPT_NAME | `OpenAEV Subprocessor (Unix)` | Name of the OpenAEV Crowdstrike unix script | ### Checks Once enabled, you should see CrowdStrike available in your `Install agents` section -![Crowdstrike available agent](../assets/crowdstrike-available-agent.png) +![Crowdstrike available agent](../assets/agents.png) Also, the assets and the asset groups in the selected computer groups should now be available in the endpoints and asset -groups sections in OpenBAS: +groups sections in OpenAEV: ![Crowdstrike Endpoints](../assets/crowdstrike-endpoints.png) NB : An Asset can only have one CrowdStrike agent installed due to the uniqueness of the MAC address parameters. If you try to install again a CrowdStrike agent on a platform, it will overwrite the actual one and you will always see one -Endpoint on the OpenBAS endpoint page. +Endpoint on the OpenAEV endpoint page. !!! success "Installation done" - You are now ready to leverage your CrowdStrike platform to run OpenBAS payloads! + You are now ready to leverage your CrowdStrike platform to run OpenAEV payloads! ## Caldera Agent The Caldera agent can be leveraged to execute implants as detached processes that will the execute payloads according to -the [OpenBAS architecture](https://docs.openbas.io/latest/deployment/overview/#architecture). +the [OpenAEV architecture](https://docs.openaev.io/latest/deployment/overview/#architecture). !!! note "Caldera already installed" - If you already have a working Caldera installation, just go directly to [OpenBAS configuration section](#openbas-configuration). + If you already have a working Caldera installation, just go directly to [OpenAEV configuration section](#openaev-configuration). ### Deploy Caldera -To deploy Caldera, you can just add Caldera to the OpenBAS stack, we advise you to modify your `docker-compose.yml` and -add a [Caldera service](https://github.com/OpenBAS-Platform/caldera/blob/filigran/docker/docker-compose.yml): +To deploy Caldera, you can just add Caldera to the OpenAEV stack, we advise you to modify your `docker-compose.yml` and +add a [Caldera service](https://github.com/OpenAEV-Platform/caldera/blob/filigran/docker/docker-compose.yml): ``` services: caldera: - image: openbas/caldera-server:5.1.0 + image: openaev/caldera-server:5.1.0 restart: always ports: - "8888:8888" @@ -319,10 +315,10 @@ services: ``` As you can see in the configuration, you will also need a configuration -file [caldera.yml](https://github.com/OpenBAS-Platform/caldera/blob/filigran/docker/caldera.yml) because Caldera does +file [caldera.yml](https://github.com/OpenAEV-Platform/caldera/blob/filigran/docker/caldera.yml) because Caldera does not support well environment variables for configuration. -Download [caldera.yml](https://github.com/OpenBAS-Platform/caldera/blob/filigran/docker/caldera.yml) and put it +Download [caldera.yml](https://github.com/OpenAEV-Platform/caldera/blob/filigran/docker/caldera.yml) and put it alongside your `docker-compose.yml` file. This file must be modified prior launching, only change what is marked as * *Change this**, listed below. @@ -337,7 +333,7 @@ api_key_blue: ChangeMe api_key: ChangeMe # Change this crypt_salt: ChangeMe # Change this encryption_key: ChangeMe # Change this -app.contact.http: http://caldera.myopenbas.myorganization.com:8888 # Change this +app.contact.http: http://caldera.myopenaev.myorganization.com:8888 # Change this app.contact.tunnel.ssh.user_password: ChangeMe # Change this ``` @@ -347,15 +343,15 @@ Just update your stack and check Caldera is running: docker compose up -d ``` -### OpenBAS configuration +### OpenAEV configuration -Then, just change the OpenBAS configuration as follow: +Then, just change the OpenAEV configuration as follow: | Parameter | Environment variable | Default value | Description | |:----------------------------|:----------------------------|:--------------|:---------------------------------------------------------------------------------------------| | executor.caldera.enable | EXECUTOR_CALDERA_ENABLE | `false` | Enable the Caldera executor | | executor.caldera.url | EXECUTOR_CALDERA_URL | | Caldera URL | -| executor.caldera.public-url | EXECUTOR_CALDERA_PUBLIC-URL | | Caldera URL accessible from endpoints (ex: http://caldera.myopenbas.myorganization.com:8888) | +| executor.caldera.public-url | EXECUTOR_CALDERA_PUBLIC-URL | | Caldera URL accessible from endpoints (ex: http://caldera.myopenaev.myorganization.com:8888) | | executor.caldera.api-key | EXECUTOR_CALDERA_API-KEY | | Caldera API key | ### Agents @@ -364,28 +360,26 @@ Then, just change the OpenBAS configuration as follow: Once enabled, you should see Caldera available in your `Install agents` section: -![Agents](../assets/agents.png) - -OpenBAS has built-in instruction if you want command line examples to deploy the agent on one endpoint. +OpenAEV has built-in instruction if you want command line examples to deploy the agent on one endpoint. ![Caldera deploy agents](../assets/caldera-deploy-agent.png) !!! warning "Caldera AV detection" - By default, the Caldera agent "Sandcat" is detected and blocked by antivirus. Here, we are using Caldera as a neutral executor that will execute implants that will execute payloads, so you need to add the proper AV exclusions as instructed in the OpenBAS screen. + By default, the Caldera agent "Sandcat" is detected and blocked by antivirus. Here, we are using Caldera as a neutral executor that will execute implants that will execute payloads, so you need to add the proper AV exclusions as instructed in the OpenAEV screen. ![Caldera AV exclusion](../assets/caldera-av.png) #### Checks -All assets with a proper Caldera agent installed using the OpenBAS provided command line (then persistent) should now be -available in the OpenBAS endpoints list. +All assets with a proper Caldera agent installed using the OpenAEV provided command line (then persistent) should now be +available in the OpenAEV endpoints list. ![Endpoints](../assets/caldera-endpoints.png) #### Uninstallation Run the following commands with an administrator Powershell in order to uninstall your Caldera agent:
-`schtasks /delete /tn OpenBASCaldera`
+`schtasks /delete /tn OpenAEVCaldera`
`Stop-Process -Name obas-agent-caldera`
`rm -force -Recurse "C:\Program Files (x86)\Filigran\OBAS Caldera"` diff --git a/docs/deployment/ecosystem/injectors.md b/docs/deployment/ecosystem/injectors.md index 92b604e3..a224de33 100644 --- a/docs/deployment/ecosystem/injectors.md +++ b/docs/deployment/ecosystem/injectors.md @@ -6,7 +6,7 @@ !!! question "Injectors list" - You are looking for the available injectors? The list is in the [OpenBAS Ecosystem](https://filigran.notion.site/OpenBAS-Ecosystem-30d8eb73d7d04611843e758ddef8941b). + You are looking for the available injectors? The list is in the [OpenAEV Ecosystem](https://filigran.notion.site/OpenAEV-Ecosystem-30d8eb73d7d04611843e758ddef8941b). ## Installation @@ -19,7 +19,7 @@ just add the proper configuration parameters in your platform configuration. #### Configuration -All external injectors have to be able to access the OpenBAS API. To allow this connection, they have 2 mandatory configuration parameters, the `OPENBAS_URL` and the `OPENBAS_TOKEN`. In addition to these 2 parameters, injectors have other mandatory parameters that need to be set in order to get them work. +All external injectors have to be able to access the OpenAEV API. To allow this connection, they have 2 mandatory configuration parameters, the `OPENAEV_URL` and the `OPENAEV_TOKEN`. In addition to these 2 parameters, injectors have other mandatory parameters that need to be set in order to get them work. !!! info "Injector tokens" @@ -27,8 +27,8 @@ All external injectors have to be able to access the OpenBAS API. To allow this Here is an example of a injector `docker-compose.yml` file: ```yaml -- OPENBAS_URL=http://localhost -- OPENBAS_TOKEN=ChangeMe +- OPENAEV_URL=http://localhost +- OPENAEV_TOKEN=ChangeMe - INJECTOR_ID=ChangeMe # Specify a valid UUIDv4 of your choice - "INJECTOR_NAME=HTTP query" - INJECTOR_LOG_LEVEL=error @@ -37,7 +37,7 @@ Here is an example of a injector `docker-compose.yml` file: Here is an example in a injector `config.yml` file: ```yaml -openbas: +openaev: url: 'http://localhost:3001' token: 'ChangeMe' @@ -49,13 +49,13 @@ injector: #### Networking -Be aware that all injectors are reaching RabbitMQ based the RabbitMQ configuration provided by the OpenBAS platform. The injector must be able to reach RabbitMQ on the specified hostname and port. If you have a specific Docker network configuration, please be sure to adapt your `docker-compose.yml` file in such way that the injector container gets attached to the OpenBAS Network, e.g.: +Be aware that all injectors are reaching RabbitMQ based the RabbitMQ configuration provided by the OpenAEV platform. The injector must be able to reach RabbitMQ on the specified hostname and port. If you have a specific Docker network configuration, please be sure to adapt your `docker-compose.yml` file in such way that the injector container gets attached to the OpenAEV Network, e.g.: ```yaml networks: default: external: true - name: openbas-docker_default + name: openaev-docker_default ``` ## Docker activation @@ -68,10 +68,10 @@ For instance, to enable the HTTP query injector, you can add a new service to yo ```docker injector-http-query: - image: openbas/injector-http-query:latest + image: openaev/injector-http-query:latest environment: - - OPENBAS_URL=http://localhost - - OPENBAS_TOKEN=ChangeMe + - OPENAEV_URL=http://localhost + - OPENAEV_TOKEN=ChangeMe - INJECTOR_ID=ChangeMe - "INJECTOR_NAME=HTTP query" - INJECTOR_LOG_LEVEL=error @@ -80,10 +80,10 @@ For instance, to enable the HTTP query injector, you can add a new service to yo ### Launch a standalone injector -To launch standalone injector, you can use the `docker-compose.yml` file of the injector itself. Just download the latest [release](https://github.com/OpenBAS-Platform/injectors/releases) and start the injector: +To launch standalone injector, you can use the `docker-compose.yml` file of the injector itself. Just download the latest [release](https://github.com/OpenAEV-Platform/injectors/releases) and start the injector: ``` -$ wget https://github.com/OpenBAS-Platform/injectors/archive/{RELEASE_VERSION}.zip +$ wget https://github.com/OpenAEV-Platform/injectors/archive/{RELEASE_VERSION}.zip $ unzip {RELEASE_VERSION}.zip $ cd injectors-{RELEASE_VERSION}/http-query/ ``` @@ -105,7 +105,7 @@ $ apt install python3 python3-pip Download the release of the injectors: ``` -$ wget +$ wget $ unzip {RELEASE_VERSION}.zip $ cd injectors-{RELEASE_VERSION}/http-query/src/ ``` @@ -120,7 +120,7 @@ $ cp config.yml.sample config.yml Change the `config.yml` content according to the parameters of the platform and of the targeted service and launch the injector: ``` -$ python3 openbas_http.py +$ python3 openaev_http.py ``` ## Injectors status @@ -128,7 +128,3 @@ $ python3 openbas_http.py The injector status can be displayed in the dedicated section of the platform available in Integration > injectors. You will be able to see the statistics of the RabbitMQ queue of the injector: ![injectors](../assets/injectors-status.png) - -!!! bug "Problem" - - If you encounter problems deploying OpenBAS or injectors, you can consult the [troubleshooting page](../troubleshooting.md) page. diff --git a/docs/deployment/installation.md b/docs/deployment/installation.md index 124595e1..8dc7d595 100644 --- a/docs/deployment/installation.md +++ b/docs/deployment/installation.md @@ -1,7 +1,7 @@ # Installation -All components of OpenBAS are shipped both as [Docker images](https://hub.docker.com/u/openbas) and -manual [installation packages](https://github.com/OpenBAS-Platform/openbas/releases). +All components of OpenAEV are shipped both as [Docker images](https://hub.docker.com/u/openaev) and +manual [installation packages](https://github.com/OpenAEV-Platform/openaev/releases). !!! note "Production deployment" @@ -13,8 +13,8 @@ manual [installation packages](https://github.com/OpenBAS-Platform/openbas/relea --- - Deploy OpenBAS using Docker and the default `docker-compose.yml` provided - in the [docker](https://github.com/OpenBAS-Platform/docker). + Deploy OpenAEV using Docker and the default `docker-compose.yml` provided + in the [docker](https://github.com/OpenAEV-Platform/docker). [:octicons-arrow-right-24:{ .middle } Setup](#using-docker) @@ -23,7 +23,7 @@ manual [installation packages](https://github.com/OpenBAS-Platform/openbas/relea --- Deploy dependencies and launch the platform manually using the packages - released in the [GitHub releases](https://github.com/OpenBAS-Platform/openbas/releases). + released in the [GitHub releases](https://github.com/OpenAEV-Platform/openaev/releases). [:octicons-arrow-right-24:{ .middle } Explore](#manual-installation) @@ -32,7 +32,7 @@ manual [installation packages](https://github.com/OpenBAS-Platform/openbas/relea ### Introduction -OpenBAS can be deployed using the *docker compose* command. +OpenAEV can be deployed using the *docker compose* command. ### Pre-requisites @@ -49,77 +49,24 @@ operating system. ### Clone the repository -Docker helpers are available in the [Docker GitHub repository](https://github.com/OpenBAS-Platform/docker). +Docker helpers are available in the [Docker GitHub repository](https://github.com/OpenAEV-Platform/docker). ```bash mkdir -p /path_to_your_app cd /path_to_your_app -git clone https://github.com/OpenBAS-Platform/docker.git +git clone https://github.com/OpenAEV-Platform/docker.git cd docker ``` ### Configure the environment Before running the `docker compose` command, the `docker-compose.yml` file should be configured. By default, the -`docker-compose.yml` file is using environment variables available in the `.env.sample` file. +`docker-compose.yml` file is using environment variables available in the `.env.sample` file, available [here](https://github.com/OpenAEV-Platform/docker/blob/master/.env.sample). You can either rename the file `.env.sample` in `.env` and put the expected values or just fill directly the `docker-compose.yml` with the values corresponding to your environment. -#### Docker compose env - -!!! note "Configuration static parameters" - - The complete list of available static parameters is available in the [configuration](configuration.md) section. - -Whether you are using one method or the other, here are the mandatory parameters to fill: - -```bash -POSTGRES_USER=ChangeMe -POSTGRES_PASSWORD=ChangeMe -KEYSTORE_PASSWORD=ChangeMe -MINIO_ROOT_USER=ChangeMeAccess -MINIO_ROOT_PASSWORD=ChangeMeKey -RABBITMQ_DEFAULT_USER=ChangeMe -RABBITMQ_DEFAULT_PASS=ChangeMe -SPRING_MAIL_HOST=smtp.example.com -SPRING_MAIL_PORT=465 -SPRING_MAIL_USERNAME=ChangeMe@example.com -SPRING_MAIL_PASSWORD=ChangeMe -OPENBAS_MAIL_IMAP_ENABLED=true -OPENBAS_MAIL_IMAP_HOST=imap.example.com -OPENBAS_MAIL_IMAP_PORT=993 -OPENBAS_ADMIN_EMAIL=ChangeMe@example.com # must be a valid email address -OPENBAS_ADMIN_PASSWORD=ChangeMe -OPENBAS_ADMIN_TOKEN=ChangeMe # must be a valid UUID -COLLECTOR_MITRE_ATTACK_ID=3050d2a3-291d-44eb-8038-b4e7dd107436 # No need for change -COLLECTOR_ATOMIC_OPENBAS_ID=63544750-19a1-435f-ada4-b44e39cf3cdb # No need for change -COLLECTOR_ATOMIC_RED_TEAM_ID=c34e3f19-e0b9-45cb-83e0-3b329e4c53d3 # No need for change -``` - -If your `docker-compose` deployment does not support `.env` files, just export all environment variables before -launching the platform: - -```bash -export $(cat .env | grep -v "#" | xargs) -``` - -### Persist data - -The default for OpenBAS data is to be persistent. - -In the `docker-compose.yml`, you will find at the end the list of necessary persistent volumes for the dependencies: - -```yaml -volumes: - esdata: # ElasticSearch data - s3data: # S3 bucket data - amqpdata: # RabbitMQ data -``` - -### Run OpenBAS - -#### Using single node Docker +### Run OpenAEV After changing your `.env` file run `docker compose` in detached (-d) mode: @@ -129,120 +76,51 @@ sudo systemctl start docker.service docker compose up -d ``` -#### Using Docker swarm - -Alternatively, you may deploy OpenBAS using Docker Swarm. In this mode you will -have additional capacity to scale your deployment. - -```bash -# If your virtual machine is not a part of a Swarm cluster, please use: -docker swarm init -``` - -Put your environment variables in `/etc/environment`: - -```bash -# If you already exported your variables to .env from above: -sudo cat .env >> /etc/environment -sudo bash -c 'cat .env >> /etc/environment’ -sudo docker stack deploy --compose-file docker-compose.yml openbas -``` - !!! success "Installation done" You can now navigate to [http://localhost:8080](http://localhost:8080/) and log in with the credentials filled in your configuration. -### OpenBAS X Caldera (Optional part) - -You can deploy Caldera alongside OpenBAS to execute Caldera scripts. - -
- -- :simple-docker:{ .lg .middle } __Use Docker__ - - --- - - Deploy Caldera using Docker and the default `docker-compose.yml` provided - in the [docker](https://github.com/OpenBAS-Platform/docker). - - [:octicons-arrow-right-24:{ .middle } Setup](#using-docker) -
- -Unfortunately, Caldera does not support well environment variables, the `caldera.yml` needs to be modified to change -default API keys and passwords. Only change what is marked as **Change this**, listed below: - -!!! note "Caldera application" - - You will never be asked to go into Caldera directly because OpenBAS manages everything for you, so don't hesitate to put the same UUIDv4 in all parameters here. - -```yaml -users: - red: - red: ChangeMe # Change this - blue: - blue: ChangeMe # Change this -api_key_red: ChangeMe # Change this -api_key_blue: ChangeMe # Change this -api_key: ChangeMe # Change this -crypt_salt: ChangeMe # Change this -encryption_key: ChangeMe # Change this -app.contact.http: http://caldera.myopenbas.myorganization.com:8888 # Change this -app.contact.tunnel.ssh.user_password: ChangeMe # Change this -``` - -#### Docker compose env - -Add this environment variable to connect OpenBAS and Caldera: - -```bash -INJECTOR_CALDERA_ENABLE=true -INJECTOR_CALDERA_URL=${CALDERA_URL:-http://caldera:8888} -INJECTOR_CALDERA_PUBLIC_URL=${CALDERA_PUBLIC_URL:-http://localhost:8888} -INJECTOR_CALDERA_API_KEY=${CALDERA_API_KEY:-ChangeMe} -``` - -##### Login to Caldera - -To connect to Caldera, you need to use one of the users defined in your `caldera.yml` file (either 'red' or 'blue'). -OpenBAS will use the red user. - ## Manual installation -This section provides instructions to install and run a pre-built OpenBAS server with its dependencies. Note that this does not cover building from source, -which you will find in the [Development section](/development/build_from_source) instead. + +This section provides instructions to install and run a pre-built OpenAEV server with its dependencies. Note that this +does not cover building from source, +which you will find in the [Development section](../development/build_from_source.md) instead. ### Prepare the installation #### Installation of dependencies -You have to enable all the mandatory dependencies for the main application if you would like to play breach and attack -simulation scenarios. +You have to enable all the mandatory dependencies for the main application. You may choose to use the dependencies from the provided compose file (see: [Using Docker](#using-docker)). -If you elect doing so, make sure you disable the openbas server container first, and expose the dependencies on appropriate ports. +If you choose to do so, make sure you disable the OpenAEV server container first, and expose the dependencies on +appropriate ports. You may refer to [the official Docker documentation](https://docs.docker.com/reference/compose-file/) to achieve this. Otherwise, you are responsible for providing the dependencies yourself by installing and running them. -You need at least a Java Runtime, PostgreSQL (database), RabbitMQ (queue management), and MinIO (for object storage). +You need at least a Java Runtime, PostgreSQL (database), ElasticSearch (database), RabbitMQ (queue management), and +MinIO (for object storage). !!! note "Supported dependency versions" - See the [Dependencies section](overview.md#dependencies) for details on the recommended (and supported) versions of the dependencies. + See the [Dependencies section](platform/overview.md#dependencies) for details on the recommended (and supported) versions of the dependencies. If you choose to install the dependencies manually, please refer to their respective documentation: * Java: the [Java documentation portal](https://docs.oracle.com/en/java/) * PostgreSQL: the [PostgreSQL documentation portal](https://www.postgresql.org/docs/) +* ElasticSearch: the [ElasticSearch documentation portal](https://www.elastic.co/docs) * RabbitMQ: the [RabbitMQ documentation portal](https://www.rabbitmq.com/docs) -* MinIO: the [MinIO website](https://min.io/docs). +* MinIO: the [MinIO website](https://min.io/docs). #### Download the application files -First, you have to [download and extract the latest release file](https://github.com/OpenBAS-Platform/openbas/releases). +First, you have to [download and extract the latest release file](https://github.com/OpenAEV-Platform/openaev/releases). ```bash mkdir /path/to/your/app && cd /path/to/your/app -wget -tar xvfz openbas-release-{RELEASE_VERSION}.tar.gz +wget +tar xvfz openaev-release-{RELEASE_VERSION}.tar.gz ``` ### Install the main platform @@ -253,9 +131,9 @@ You may change the `application.properties` file (located at the root of the ext according to your needs; alternatively you may set the equivalent environment variables. ```shell -$ cd openbas +$ cd openaev $ ls -application.properties openbas-api.jar +application.properties openaev-api.jar ``` !!! note "Mandatory configuration" @@ -265,6 +143,7 @@ application.properties openbas-api.jar See the relevant Configuration sections for more details: - [PostgreSQL](configuration.md#postgresql) +- [ElasticSearch](configuration.md#engine) - [RabbitMQ](configuration.md#rabbitmq) - [MinIO](configuration.md#s3-bucket) @@ -275,7 +154,7 @@ Before you can start the application, ensure your dependencies are up and runnin Then start the application itself: ```bash -java -jar openbas-api.jar +java -jar openaev-api.jar ``` !!! success "Installation done" @@ -284,12 +163,12 @@ java -jar openbas-api.jar #### Build the application locally -1. cd openbas-front yarn build -2. cp -r builder/prod/* ../openbas-api/src/main/resources/static/ -3. cd ../openbas-api +1. cd openaev-front yarn build +2. cp -r builder/prod/* ../openaev-api/src/main/resources/static/ +3. cd ../openaev-api 4. mvn clean install -DskipTests -5. create an application.properties based on the existing one in openbas-api and fill all the mandatory fields -6. run java -jar target/openbas-api.jar --spring.config.location=%PATH%\application.properties +5. create an application.properties based on the existing one in openaev-api and fill all the mandatory fields +6. run java -jar target/openaev-api.jar --spring.config.location=%PATH%\application.properties ## Community contributions @@ -301,19 +180,22 @@ java -jar openbas-api.jar --- - OpenBAS Helm Charts for Kubernetes with a global configuration file. More information how to deploy here on [basic installation](https://github.com/devops-ia/helm-openbas/blob/main/charts/openbas/docs/configuration.md) and [examples](https://github.com/devops-ia/helm-openbas/blob/main/charts/openbas/docs/examples.md). + OpenAEV Helm Charts for Kubernetes with a global configuration file. More information how to deploy here + on [basic installation](https://github.com/devops-ia/helm-openaev/blob/main/charts/openaev/docs/configuration.md) + and [examples](https://github.com/devops-ia/helm-openaev/blob/main/charts/openaev/docs/examples.md). + + [:material-github:{ .middle } GitHub Repository](https://github.com/devops-ia/helm-openaev/tree/main/charts/openaev) - [:material-github:{ .middle } GitHub Repository](https://github.com/devops-ia/helm-openbas/tree/main/charts/openbas) ### Deploy behind a reverse proxy -If you want to use OpenBAS behind a reverse proxy with a context path, like `https://example.com/openbas`, please change +If you want to use OpenAEV behind a reverse proxy with a context path, like `https://example.com/openaev`, please change the `base_path` static parameter. -- `APP__BASE_PATH=/openbas` +- `APP__BASE_PATH=/openaev` -By default OpenBAS use websockets so don't forget to configure your proxy for this usage, an example with `Nginx`: +By default OpenAEV use websockets so don't forget to configure your proxy for this usage, an example with `Nginx`: ```bash location / { @@ -327,17 +209,3 @@ location / { proxy_pass http://YOUR_UPSTREAM_BACKEND; } ``` - -### Additional memory information - -OpenBAS platform is based on a JAVA runtime. The application needs at least 4GB of RAM to work properly. - -#### PostgreSQL - -PostgreSQL is the main database of OpenBAS. You can find more information in -the [official PostgresQL documentation](https://hub.docker.com/_/postgres). - -#### MinIO - -MinIO is a small process and does not require a high amount of memory. More information are available for Linux here on -the [Kernel tuning guide](https://github.com/minio/minio/tree/master/docs/deployment/kernel-tuning). diff --git a/docs/deployment/platform/assets/architecture.png b/docs/deployment/platform/assets/architecture.png index 3f0dc1cd..ccc20d94 100644 Binary files a/docs/deployment/platform/assets/architecture.png and b/docs/deployment/platform/assets/architecture.png differ diff --git a/docs/deployment/platform/overview.md b/docs/deployment/platform/overview.md index 2915fa38..bcd4b6b2 100644 --- a/docs/deployment/platform/overview.md +++ b/docs/deployment/platform/overview.md @@ -1,61 +1,66 @@ # Overview -Before starting the installation, let's discover how OpenBAS is working, which dependencies are needed and what are the minimal requirements to deploy it in production. +Before starting the installation, let's discover how OpenAEV is working, which dependencies are needed and what are the +minimal requirements to deploy it in production. ## Architecture -The OpenBAS platform relies on several external databases and services in order to work. +The OpenAEV platform relies on several external databases and services in order to work. ![Architecture](assets/architecture.png) ### Platform -The platform is the central part of the OpenBAS platform, allowing users to configure scenarios, simulations, atomic testings and all other components used in the context of breach and attack simulations and security validations. +Platform is the central component, allowing users to configure scenarios, simulations, atomic testings and all other +components used in the context of security validations. ### Neutral agents / executors -Executors are embedded into the platform but you should configure at least one. -This system is responsible for executing local injectors on endpoints. +Executors are responsible to launch simulated attacks on endpoints. -We developed a home-made XTM agent, and we support Tanium and Crowdstrike. Others will be added in the near future. +We developed our own XTM agent and also support third-party agents, with more being added over time. !!! tip "Tips" - If you want to learn more about how to deploy executors, you can have more info [here](./ecosystem/executors.md). + If you want to learn more about how to deploy executors, you can have more info [here](../ecosystem/executors.md). ### Injectors -Injectors are used to interact with third-party applications or services (including execution on the endpoints through executors) in the context of a simulation or an atomic testing. A few injectors are built-in but most of them are standalone Python processes. +Injectors are used to interact with third-party applications or services (including execution on the endpoints through +executors) in the context of a simulation or an atomic testing. A few injectors are built-in but most of them are +standalone Python processes. !!! tip "Tips" - If you want to learn more about how to deploy injectors, you can have more info [here](./ecosystem/injectors.md). + If you want to learn more about how to deploy injectors, you can have more info [here](../ecosystem/injectors.md). ### Collectors -Collectors are used to connect to all security systems such as SIEMs, XDRs, EDRs, firewalls, mail gateways etc. to check if an inject (execution, emails, etc.) has been detected or prevented and fill the security posture. +Collectors are used to connect to all security systems such as SIEMs, XDRs, EDRs, firewalls, mail gateways etc. to check +if an inject (execution, emails, etc.) has been detected or prevented and fill the security posture. !!! tip "Tips" - If you want to learn more about how to deploy collectors, you can have more info [here](./ecosystem/collectors.md). + If you want to learn more about how to deploy collectors, you can have more info [here](../ecosystem/collectors.md). ## Infrastructure requirements ### Dependencies -| Component | Recommended version | CPU | RAM | Disk type | Disk space | -|:--------------|:--------------------|:----------| :----------- | :--------------------------- |:-------------------| -| PostgreSQL | ≥ 17.0 | 2 cores | ≥ 8GB | SSD | ≥ 16GB | -| ElasticSearch | ≥ 8.18 | 2 cores | ≥ 8GB | SSD | ≥ 16GB | -| RabbitMQ | >= 4.0 | 1 core | ≥ 512MB | Standard | ≥ 2GB | -| S3 / MinIO | ≥ RELEASE.2023-02 | 1 core | ≥ 128MB | SSD | ≥ 16GB | +| Component | Recommended version | CPU | RAM | Disk type | Disk space | +|:--------------|:--------------------------------|:--------|:--------|:----------|:-----------| +| PostgreSQL | ≥ 17.0 | 2 cores | ≥ 8GB | SSD | ≥ 16GB | +| ElasticSearch | ≥ 8.19 | 2 cores | ≥ 8GB | SSD | ≥ 16GB | +| RabbitMQ | >= 4.1 | 1 core | ≥ 512MB | Standard | ≥ 2GB | +| S3 / MinIO | ≥ RELEASE.2025-06-13T11-33-47Z | 1 core | ≥ 128MB | SSD | ≥ 16GB | -Please note that while the versions of these dependencies are the recommended ones, OpenBAS may still function with earlier versions. However, we will not provide support for versions prior to the recommended ones. +Please note that while the versions of these dependencies are the recommended ones, OpenAEV may still function with +earlier versions. However, we will not provide support for versions prior to the recommended ones. ### Platform -| Component | CPU | RAM | Disk type | Disk space | -|:-------------| :---------- | :----------- | :-------------------------------- | :-------------- | -| OpenBAS Core | 2 cores | ≥ 8GB | None (stateless) | - | -| Injector(s) | 1 core | ≥ 128MB | None (stateless) | - | -| Collector(s) | 1 core | ≥ 128MB | None (stateless) | - | +| Component | CPU | RAM | Disk type | Disk space | +|:--------------|:--------|:--------|:-----------------|:-----------| +| OpenAEV Core | 2 cores | ≥ 8GB | None (stateless) | - | +| Injector(s) | 1 core | ≥ 128MB | None (stateless) | - | +| Collector(s) | 1 core | ≥ 128MB | None (stateless) | - | diff --git a/docs/deployment/resources.md b/docs/deployment/resources.md deleted file mode 100644 index 4ba2accf..00000000 --- a/docs/deployment/resources.md +++ /dev/null @@ -1,5 +0,0 @@ -# Resources - -!!! tip "Under construction" - - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). diff --git a/docs/deployment/troubleshooting.md b/docs/deployment/troubleshooting.md deleted file mode 100644 index 71412d91..00000000 --- a/docs/deployment/troubleshooting.md +++ /dev/null @@ -1,5 +0,0 @@ -# Troubleshooting - -!!! tip "Under construction" - - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). diff --git a/docs/deployment/upgrade.md b/docs/deployment/upgrade.md index 9e9ad373..d0536221 100644 --- a/docs/deployment/upgrade.md +++ b/docs/deployment/upgrade.md @@ -4,7 +4,7 @@ Depending on your [installation mode](installation.md), upgrade path may change. !!! note "Migrations" - The platform is taking care of all necessary underlying migrations in the databases if any, you can upgrade OpenBAS from any version to the latest one, including skipping multiple major releases. + The platform is taking care of all necessary underlying migrations in the databases if any, you can upgrade OpenAEV from any version to the latest one, including skipping multiple major releases. ## Using Docker @@ -31,5 +31,5 @@ $ sudo docker service update --force service_name When upgrading the platform, you have to replace all files and restart the platform, the database migrations will be done automatically: ```bash -$ java -jar openbas-api.jar +$ java -jar openaev-api.jar ``` diff --git a/docs/development/api-usage.md b/docs/development/api-usage.md index 40fbc557..2a519761 100644 --- a/docs/development/api-usage.md +++ b/docs/development/api-usage.md @@ -2,4 +2,4 @@ !!! tip "Under construction" - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). + We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenAEV-Platform/docs). diff --git a/docs/development/build_from_source.md b/docs/development/build_from_source.md index 2f36a96e..ec1f1dc4 100644 --- a/docs/development/build_from_source.md +++ b/docs/development/build_from_source.md @@ -3,8 +3,8 @@ Ensure you have followed the steps for installing prerequisites according to your development platform of choice: - * [Linux (Ubuntu used as example)](/development/environment_ubuntu) - * [Windows](/development/environment_windows) + * [Linux (Ubuntu used as example)](environment_ubuntu.md) + * [Windows](environment_windows.md) * MacOS (TBD) # Building and running from source @@ -14,26 +14,26 @@ This documentation assumes that commands listed here are run from the root folder of the git repository, unless stated otherwise. -## Clone the OpenBAS repository -Obtain a clone of the main OpenBAS repository and navigate to it: +## Clone the OpenAEV repository +Obtain a clone of the main OpenAEV repository and navigate to it: ```shell -git clone https://github.com/OpenBAS-Platform/openbas -cd openbas +git clone https://github.com/OpenAEV-Platform/openaev +cd openaev ``` ## Backend ### Configuring Development assumes that you are using a development-specific properties file. The file located at -`./openbas-api/src/main/resources/application.properties` is a version-controlled example file and -lacks many of the required configuration settings needed for OpenBAS to execute. +`./openaev-api/src/main/resources/application.properties` is a version-controlled example file and +lacks many of the required configuration settings needed for OpenAEV to execute. It is strongly recommended to make a copy of the sample `application.properties` file to create a development-specific profile called `dev`. Copy and paste the example `application.properties` file into the same directory: ```shell -cp ./openbas-api/src/main/resources/application.properties ./openbas-api/src/main/resources/application-dev.properties +cp ./openaev-api/src/main/resources/application.properties ./openaev-api/src/main/resources/application-dev.properties ``` #### Required dependencies @@ -41,12 +41,12 @@ cp ./openbas-api/src/main/resources/application.properties ./openbas-api/src/mai **Start the development dependencies docker stack** Preconfigured containers for all the needed support containers (PostgreSQL, MinIO, RabbitMQ, Elasticsearch...) -can be found as a docker compose file in `./openbas/openbas-dev`. +can be found as a docker compose file in `./openaev/openaev-dev`. -Create a file a this location: `./openbas/openbas-dev/.env` and populate it with a minimal set of keys: +Create a file a this location: `./openaev/openaev-dev/.env` and populate it with a minimal set of keys: ```shell -POSTGRES_USER=openbas -POSTGRES_PASSWORD=openbas +POSTGRES_USER=openaev +POSTGRES_PASSWORD=openaev KEYSTORE_PASSWORD=minioadmin MINIO_ROOT_USER=minioadmin MINIO_ROOT_PASSWORD=minioadmin @@ -54,15 +54,15 @@ RABBITMQ_DEFAULT_USER=rbit RABBITMQ_DEFAULT_PASS=rbitpass ``` Note: these are example values, but will do in a development environment. Available environment variables -can be examined in `./openbas/openbas-dev/docker-compose.yml`. +can be examined in `./openaev/openaev-dev/docker-compose.yml`. Then start the stack: ```shell -cd ./openbas/openbas-dev +cd ./openaev/openaev-dev docker compose up -d ``` -**Set up the local development configuration for the OpenBAS server** +**Set up the local development configuration for the OpenAEV server** Edit the `application-dev.properties` file, according to the .env file created earlier, and any additional configuration. Make sure the file contains settings for at the very minimum @@ -73,21 +73,21 @@ the following dependencies: - RabbitMQ - Engine (Elasticsearch or OpenSearch) -All required settings are listed in the [Configuration documentation](/deployment/configuration#dependencies) +All required settings are listed in the [Configuration documentation](../deployment/configuration.md#dependencies) ### Building and running Maven is used for package management and building the main server binary. -OpenBAS is a Spring Boot application and thus can be built and started +OpenAEV is a Spring Boot application and thus can be built and started in one fell swoop with ```shell -mvn spring-boot:run -Dspring-boot.run.profiles=dev -Dspring-boot.run.main-class=io.openbas.App +mvn spring-boot:run -Dspring-boot.run.profiles=dev -Dspring-boot.run.main-class=io.openaev.App ``` !!! tip "IntelliJ IDEA run configuration" - The OpenBAS repository provides predefined IntelliJ IDEA run configurations for - both the backend. After loading the OpenBAS cloned repository's root + The OpenAEV repository provides predefined IntelliJ IDEA run configurations for + both the backend. After loading the OpenAEV cloned repository's root directory in IDEA, the "Backend start" run configuration will show up in the Run widget in the top right corner. @@ -95,11 +95,11 @@ mvn spring-boot:run -Dspring-boot.run.profiles=dev -Dspring-boot.run.main-class= ## Frontend !!! Info "Change the location of your shell" - In this section, commands need to be run from a subfolder: ./openbas-front + In this section, commands need to be run from a subfolder: ./openaev-front -Navigate to `./openbas-front`. +Navigate to `./openaev-front`. ```shell -cd ./openbas-front +cd ./openaev-front ``` ### Building @@ -126,7 +126,7 @@ to be running otherwise the GUI will not come up in the browser. !!! tip "IntelliJ IDEA run configuration" - The OpenBAS repository provides predefined IntelliJ IDEA run configurations for - both the frontend. After loading the OpenBAS cloned repository's root + The OpenAEV repository provides predefined IntelliJ IDEA run configurations for + both the frontend. After loading the OpenAEV cloned repository's root directory in IDEA, the "Frontend start" run configuration will show up in the Run widget in the top right corner. diff --git a/docs/development/collectors.md b/docs/development/collectors.md index b2046c12..dbb7deaa 100644 --- a/docs/development/collectors.md +++ b/docs/development/collectors.md @@ -4,24 +4,24 @@ ### Introduction -This guide explains how to implement an **OpenBAS collector for a EDR/XDR**, to retrieve security events and compare -them against injected expectations in OpenBAS. +This guide explains how to implement an **OpenAEV collector for a EDR/XDR**, to retrieve security events and compare +them against injected expectations in OpenAEV. ### Prerequisites !!! tip "Not just Python" Note that while this guide puts an emphasis on the Python language, a collector may be implemented in any language - because it communicates with the OpenBAS server via its REST API. However, Filigran provides an official implementation - of a REST client for the OpenBAS API, in python: PyOBAS. + because it communicates with the OpenAEV server via its REST API. However, Filigran provides an official implementation + of a REST client for the OpenAEV API, in python: PyOBAS. -In this guide, we will use [PyOBAS](https://pypi.org/project/pyobas/), the official OpenBAS API client for Python. The guide requires a basic understanding +In this guide, we will use [PyOBAS](https://pypi.org/project/pyobas/), the official OpenAEV API client for Python. The guide requires a basic understanding of the Python language, and a working Python install on the development machine. ### High level overview Let's consider this diagram for understanding the basic, generic process involved to retrieve alerts and match them with -expectations from within the OpenBAS system. +expectations from within the OpenAEV system. ![High level process overview](assets/high-level-collector-overview.png) @@ -33,7 +33,7 @@ from pyobas.configuration import Configuration # this is where the whole of the collector logic needs # to be implemented. def main_loop(collector: CollectorDaemon): - # get some expectations from OpenBAS + # get some expectations from OpenAEV # if there are any waiting for results expectations = collector.api.inject_expectation.expectations_models_for_source(collector.get_id()) if any(expectations): @@ -68,9 +68,9 @@ if __name__ == "__main__": # this might look a bit verbose # it defines where and how to specify various config keys config = Configuration(config_hints={ - # OpenBAS API - "openbas_url": {"env": "OPENBAS_URL"}, - "openbas_token": {"env": "OPENBAS_TOKEN"}, + # OpenAEV API + "openaev_url": {"env": "OPENAEV_URL"}, + "openaev_token": {"env": "OPENAEV_TOKEN"}, # Collector configuration "collector_id": {"env": "COLLECTOR_ID"}, "collector_name": {"env": "COLLECTOR_NAME"}, @@ -112,7 +112,7 @@ period is exceeded, the expectations should be updated to be marked as failed by This step focuses on collecting alerts from your service tiers. There are two key aspects to define: -- How to extract relevant information from an alert to match OpenBAS signatures. +- How to extract relevant information from an alert to match OpenAEV signatures. - How to determine whether the alert successfully prevented or detected the attack based on the expectations. Definition: a signature is a way to find an attack in an alert, for example the presence of a specific process name @@ -120,7 +120,7 @@ in the process tree of the subject of the alert: | Signature | Description | |---------------------|-----------------------------------------------------------------------------------------------------------------------------| -| PARENT_PROCESS_NAME | The parent process name of the attack, which corresponds to the implant
name created with openbas-implant-INJECT_ID.exe | +| PARENT_PROCESS_NAME | The parent process name of the attack, which corresponds to the implant
name created with openaev-implant-INJECT_ID.exe | #### 3. Matching Expectations @@ -131,18 +131,18 @@ proper validation. ### Use it -Now, you can launch your collector by connecting it with OpenBAS. -Your collector will register to OpenBAS and you can view in Integrations > Collectors. +Now, you can launch your collector by connecting it with OpenAEV. +Your collector will register to OpenAEV and you can view in Integrations > Collectors. -![Collectors view in OpenBAS](assets/collectors-view.png) +![Collectors view in OpenAEV](assets/collectors-view.png) ## Learn more -You may find reference implementations in the OpenBAS Collectors repository: +You may find reference implementations in the OpenAEV Collectors repository: -* [Crowdstrike Falcon EDR](https://github.com/OpenBAS-Platform/collectors/tree/main/crowdstrike) -* [Microsoft Defender](https://github.com/OpenBAS-Platform/collectors/tree/main/microsoft-defender) -* [Microsoft Sentinel](https://github.com/OpenBAS-Platform/collectors/tree/main/microsoft-sentinel) +* [Crowdstrike Falcon EDR](https://github.com/OpenAEV-Platform/collectors/tree/main/crowdstrike) +* [Microsoft Defender](https://github.com/OpenAEV-Platform/collectors/tree/main/microsoft-defender) +* [Microsoft Sentinel](https://github.com/OpenAEV-Platform/collectors/tree/main/microsoft-sentinel) You might find them useful to find inspiration on how to implement a matching logic against your EDR or SIEM -of choice, using PyOBAS. \ No newline at end of file +of choice, using PyOBAS. diff --git a/docs/development/environment_windows.md b/docs/development/environment_windows.md index 373b690c..2ff313c9 100644 --- a/docs/development/environment_windows.md +++ b/docs/development/environment_windows.md @@ -2,4 +2,4 @@ !!! tip "Under construction" - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). + We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenAEV-Platform/docs). diff --git a/docs/development/injectors.md b/docs/development/injectors.md index 1579b2ef..8a33ee45 100644 --- a/docs/development/injectors.md +++ b/docs/development/injectors.md @@ -2,16 +2,16 @@ !!! question "What are injectors?" - For a functional overview of the role of Injectors within the OpenBAS ecosystem, please refer to [the User Guide section on Injectors](../usage/injectors.md). + For a functional overview of the role of Injectors within the OpenAEV ecosystem, please refer to [the User Guide section on Injectors](../usage/injectors.md). ### Introduction -This guide explains how to implement an **OpenBAS injector**, to extend the platform's capabilities by adding new type +This guide explains how to implement an **OpenAEV injector**, to extend the platform's capabilities by adding new type of injects. !!! note - The following is based on the Filigran-maintained [HTTP Injector](https://github.com/OpenBAS-Platform/injectors/tree/main/http-query) + The following is based on the Filigran-maintained [HTTP Injector](https://github.com/OpenAEV-Platform/injectors/tree/main/http-query) and only highlights the larger picture of the steps to create an injector from scratch. Please refer to the HTTP injector's codebase for an example of the implementation of a functional injector. @@ -20,7 +20,7 @@ of injects. #### 1. Define one or more contracts The contract is the list of parameters and corresponding fields that will constitute the data that the injector will -handle as part of its core logic. It describes how OpenBAS will parse and display the input form in the GUI for defining +handle as part of its core logic. It describes how OpenAEV will parse and display the input form in the GUI for defining new injects to be executed by the injector. It is also the data structure that the injector handles internally to access the parameter values. @@ -29,7 +29,7 @@ internally to access the parameter values. For injectors created with the Python language, Filigran maintains the [`pyobas` library](https://pypi.org/project/pyobas/) which provides a wealth of utility classes to compose a functional contract. - Note however that injectors are typically independent processes communicating with OpenBAS via a network transport, + Note however that injectors are typically independent processes communicating with OpenAEV via a network transport, and may be implemented in any language. #### 2. Define the internal logic @@ -40,7 +40,7 @@ use them within its internal logic to perform the necessary actions. ### Use it -Now, the new injector may be launched as a new process, and it should register with OpenBAS. It will then be listed +Now, the new injector may be launched as a new process, and it should register with OpenAEV. It will then be listed in ***Integrations > Injectors*** and its inject contracts should be available for creating new injects. -![Injectors view in OpenBAS](assets/collectors-view.png) +![Injectors view in OpenAEV](assets/collectors-view.png) diff --git a/docs/development/platform.md b/docs/development/platform.md index df01299d..5313a44d 100644 --- a/docs/development/platform.md +++ b/docs/development/platform.md @@ -2,4 +2,4 @@ !!! tip "Under construction" - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). + We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenAEV-Platform/docs). diff --git a/docs/development/translations.md b/docs/development/translations.md index eb71b274..46d2672b 100644 --- a/docs/development/translations.md +++ b/docs/development/translations.md @@ -1,7 +1,7 @@ # Adding translations ### Introduction -This guide explains how to add translations when developing with OpenBAS. We have 3 files to support the app’s languages: en.json (the reference file - for english), fr.json (for french) and zh.json (for chinese). We have set up some elements to streamline the translation process. +This guide explains how to add translations when developing with OpenAEV. We have 3 files to support the app’s languages: en.json (the reference file - for english), fr.json (for french) and zh.json (for chinese). We have set up some elements to streamline the translation process. #### 1. Using scripts You can find translations management scripts in the package.json file. @@ -21,4 +21,4 @@ You can generate your subscription key on Deepl and add it in the configurations - Easy i18n : allows to add, edit, delete, sort and check translations ![Config easy i18n](assets/easy-i18n-config.png) - ![View easy i18n](assets/easy-i18n-view.png) \ No newline at end of file + ![View easy i18n](assets/easy-i18n-view.png) diff --git a/docs/index.md b/docs/index.md index 003805f8..09271269 100644 --- a/docs/index.md +++ b/docs/index.md @@ -4,18 +4,21 @@ hide: - toc --- -# OpenBAS Documentation Space +# OpenAEV Documentation Space -Welcome to the OpenBAS Documentation space. Here you will be able to find all documents, meeting notes and presentations about the platform. +Welcome to the OpenAEV Documentation space. Here you will be able to find all documents, meeting notes and presentations about the platform. !!! tip "Release notes" - Please, be sure to also take a look at the [OpenBAS releases notes](https://github.com/OpenBAS-Platform/openbas/releases), they may contain important information about releases and deployments. + Please, be sure to also take a look at the [OpenAEV releases notes](https://github.com/OpenAEV-Platform/openaev/releases), they may contain important information about releases and deployments. ## Introduction -OpenBAS is an open source platform allowing organizations to plan, schedule and conduct crisis exercises as well as adversary and breach simulations. OpenBAS is an ISO 22398 compliant product and has been designed as a modern web application including a RESTFul API and an UX oriented frontend. +OpenAEV is an open-source platform that helps organizations design, schedule, and run both crisis management exercises +and adversary simulation scenarios. Fully aligned with ISO 22398, OpenAEV combines a modern web architecture with a +RESTful API and a user-friendly frontend, making it easy to integrate, automate, and deliver realistic training +experiences. ## Getting started @@ -26,7 +29,7 @@ OpenBAS is an open source platform allowing organizations to plan, schedule and --- Learn how to deploy and configure the platform as well as - launch connectors to get the first data in OpenBAS. + launch connectors to get the first data in OpenAEV. [:octicons-arrow-right-24:{ .middle } Deploy now](deployment/platform/overview.md) @@ -34,8 +37,8 @@ OpenBAS is an open source platform allowing organizations to plan, schedule and --- - Understand how to use the platform, create exercises and campaigns, use - media pressure simulation and integrate with other tools. + Understand how to use the platform, manage assets, + design scenarios with tailored payloads and integrate with other tools. [:octicons-arrow-right-24:{ .middle } Explore](usage/getting-started.md) @@ -43,8 +46,7 @@ OpenBAS is an open source platform allowing organizations to plan, schedule and --- - Know how to administrate OpenBAS, create users and groups using RBAC / - segregation, customize the overall experience. + Know how to administrate OpenAEV, create users and groups using RBAC and custom taxonomies. [:octicons-arrow-right-24:{ .middle } Customize](administration/introduction.md) @@ -65,18 +67,18 @@ OpenBAS is an open source platform allowing organizations to plan, schedule and --- - Discover tutorials, best practices and deep dives on OpenBAS features on our Filigran blog. + Discover tutorials, best practices and deep dives on OpenAEV features on our Filigran blog. [:octicons-arrow-right-24:{ .middle } Read now](https://blog.filigran.io) ## Additional resources -Below, you will find external resources which may be useful along your OpenCTI journey. +Below, you will find external resources which may be useful along your OpenAEV journey.
-[**:material-package-variant-closed:{ .middle } OpenBAS Ecosystem**](https://filigran.notion.site/OpenBAS-Ecosystem-30d8eb73d7d04611843e758ddef8941b)
+[**:material-package-variant-closed:{ .middle } OpenAEV Ecosystem**](https://filigran.notion.site/OpenAEV-Ecosystem-30d8eb73d7d04611843e758ddef8941b)
List of available injectors and collectors to expand platform usage. [**:material-school-outline:{ .middle } Training Courses**](https://academy.filigran.io)
diff --git a/docs/reference/apis/filters.md b/docs/reference/apis/filters.md index dab8c497..c5b30c24 100644 --- a/docs/reference/apis/filters.md +++ b/docs/reference/apis/filters.md @@ -1,6 +1,6 @@ # Filter knowledge -In OpenBAS, you can filter data to focus on or display information with specific attributes. +In OpenAEV, you can filter data to focus on or display information with specific attributes. ## Filters usages @@ -39,7 +39,7 @@ click, changing the logic of your filtering. ## Filters format -The OpenBAS platform uses a filter format called `FilterGroup`. The `FilterGroup` model enables +The OpenAEV platform uses a filter format called `FilterGroup`. The `FilterGroup` model enables to do complex filters imbrication with different boolean operators, which extends greatly the filtering capabilities in every part of the platform. diff --git a/docs/reference/deployment/telemetry.md b/docs/reference/deployment/telemetry.md index eb3f1bfe..9042d309 100644 --- a/docs/reference/deployment/telemetry.md +++ b/docs/reference/deployment/telemetry.md @@ -4,7 +4,7 @@ The application collects statistical data related to its usage and performances. !!! note "Confidentiality" - The OpenBAS platform does not collect any information related to vulnerability which remains strictly confidential. Also, the collection is strictly anonymous and personally identifiable information is NOT collected (including IP addresses). + The OpenAEV platform does not collect any information related to vulnerability which remains strictly confidential. Also, the collection is strictly anonymous and personally identifiable information is NOT collected (including IP addresses). We do not collect any personal data, only statistical data. All collected data is aggregated to ensure privacy and compliance with relevant privacy regulations (see breakdown below for details). @@ -20,7 +20,7 @@ The collected data is used for the following purposes: The platform send the metrics to the hostname `telemetry.filigran.io` using the OTLP protocol (over HTTPS). The format of the data is OpenTelemetry JSON. -The metrics push is done every 6 hours if OpenBAS was able to connect to the hostname when the telemetry manager is started. +The metrics push is done every 6 hours if OpenAEV was able to connect to the hostname when the telemetry manager is started. ## Telemetry metrics @@ -34,7 +34,7 @@ The application collects statistical data related to its usage. Here is an exhau - The total number of agents deployed - The total number of agents deployed as services or sessions - The total number of agents deployed for users or admins -- The total number of agents deployed for each executor (e.g. Caldera, OpenBAS, CrowdStrike, etc.) +- The total number of agents deployed for each executor (e.g. Caldera, OpenAEV, CrowdStrike, etc.) - The number of simulations, scenarios, and atomic tests created - The number of simulations or injects executed diff --git a/docs/usage/assets.md b/docs/usage/assets.md index 7f7b0494..0c066608 100644 --- a/docs/usage/assets.md +++ b/docs/usage/assets.md @@ -16,7 +16,7 @@ From the `Assets` section, users can access the following pages: ## Endpoints Endpoints encompass devices and systems that connect to a network, serving as the foundation for interaction with -OpenBAS. +OpenAEV. The list of endpoints continues to grow with the changing landscape of networked technologies and the increasing interconnectivity of digital ecosystems. Below is a non-exhaustive list of terminal categories: @@ -37,7 +37,7 @@ details specific to each endpoint. !!! note - Openbas marks an endpoint as inactive if none of its agents have communicated within one hour. + OpenAEV marks an endpoint as inactive if none of its agents have communicated within one hour. ![Example of list of Assets](assets/assets_list.png) @@ -58,18 +58,18 @@ By clicking on an endpoint, you will be able to access and manage its details: | **Architecture** | Architecture (arm64 or x86_64) | Yes | | **IP addresses** | All IP addresses detected | Yes* | | **MAC addresses** | All MAC addresses detected | Yes* | -| **Tags** | OpenBAS tags to identify your machine | No | +| **Tags** | OpenAEV tags to identify your machine | No | *IP and MAC addresses can be manually added or removed by the user (but the ones the agents find will always be upserted) -To register new endpoints, you will need to install an agent. You can find detailed instructions on the [agent installation page](../usage/openbas-agent.md). +To register new endpoints, you will need to install an agent. You can find detailed instructions on the [agent installation page](../usage/openaev-agent.md). **Agents panel** | Attribute | Meaning | |-----------------|----------------------------------------------------------------------| | **Name** | Local user account on the endpoint that executes the agent process | -| **Executor** | Agent type (OpenBAS, Crowdstrike, Tanium or Caldera) | +| **Executor** | Agent type (OpenAEV, Crowdstrike, Tanium or Caldera) | | **Privilege** | Local account's privileges on the endpoint (admin, or standard user) | | **Deployment** | Installation type (Service or Session) | | **Status** | Active or Inactive (threshold: 1 hour) | @@ -116,10 +116,10 @@ We plan to extend the possibilities by including additional filters in future up ## Security platforms -Some integrations in OpenBAS are connected to your security platforms, such as Microsoft Sentinel, Microsoft Defender, +Some integrations in OpenAEV are connected to your security platforms, such as Microsoft Sentinel, Microsoft Defender, etc., and can be viewed on this screen. -OpenBAS strives to support as many integrations as possible with the most popular tools on the market. However, if your +OpenAEV strives to support as many integrations as possible with the most popular tools on the market. However, if your security platform integration is not yet available, you can create it manually here. ![Security platforms](./assets/security-platforms.png) diff --git a/docs/usage/assets/Channel_update.png b/docs/usage/assets/Channel_update.png deleted file mode 100644 index 2e75551d..00000000 Binary files a/docs/usage/assets/Channel_update.png and /dev/null differ diff --git a/docs/usage/assets/asset_rules.png b/docs/usage/assets/asset_rules.png index 081a5445..c716dc61 100644 Binary files a/docs/usage/assets/asset_rules.png and b/docs/usage/assets/asset_rules.png differ diff --git a/docs/usage/assets/assetsgroup_creation.png b/docs/usage/assets/assetsgroup_creation.png index a633fd3d..1ec98225 100644 Binary files a/docs/usage/assets/assetsgroup_creation.png and b/docs/usage/assets/assetsgroup_creation.png differ diff --git a/docs/usage/assets/atomic_details_overview.png b/docs/usage/assets/atomic_details_overview.png index 834afa84..83cb6441 100644 Binary files a/docs/usage/assets/atomic_details_overview.png and b/docs/usage/assets/atomic_details_overview.png differ diff --git a/docs/usage/assets/atomic_details_tooltip.png b/docs/usage/assets/atomic_details_tooltip.png index 6ff7776b..f3c84001 100644 Binary files a/docs/usage/assets/atomic_details_tooltip.png and b/docs/usage/assets/atomic_details_tooltip.png differ diff --git a/docs/usage/assets/atomic_list.png b/docs/usage/assets/atomic_list.png index 69e772e1..79d390eb 100644 Binary files a/docs/usage/assets/atomic_list.png and b/docs/usage/assets/atomic_list.png differ diff --git a/docs/usage/assets/atomic_testing_detection_remediation.png b/docs/usage/assets/atomic_testing_detection_remediation.png index 7e5901d9..52b33524 100644 Binary files a/docs/usage/assets/atomic_testing_detection_remediation.png and b/docs/usage/assets/atomic_testing_detection_remediation.png differ diff --git a/docs/usage/assets/atomic_testing_detection_remediation_no_present.png b/docs/usage/assets/atomic_testing_detection_remediation_no_present.png index feae1360..2d2ccca9 100644 Binary files a/docs/usage/assets/atomic_testing_detection_remediation_no_present.png and b/docs/usage/assets/atomic_testing_detection_remediation_no_present.png differ diff --git a/docs/usage/assets/components/challenge-creation.png b/docs/usage/assets/components/challenge-creation.png deleted file mode 100644 index e9f9a534..00000000 Binary files a/docs/usage/assets/components/challenge-creation.png and /dev/null differ diff --git a/docs/usage/assets/components/lesson-creation.png b/docs/usage/assets/components/lesson-creation.png deleted file mode 100644 index 4e1b91fa..00000000 Binary files a/docs/usage/assets/components/lesson-creation.png and /dev/null differ diff --git a/docs/usage/assets/findings-atomic-view.png b/docs/usage/assets/findings-atomic-view.png deleted file mode 100644 index 939afeb2..00000000 Binary files a/docs/usage/assets/findings-atomic-view.png and /dev/null differ diff --git a/docs/usage/assets/findings-drawer-cve-general.png b/docs/usage/assets/findings-drawer-cve-general.png deleted file mode 100644 index 27372fb8..00000000 Binary files a/docs/usage/assets/findings-drawer-cve-general.png and /dev/null differ diff --git a/docs/usage/assets/findings-drawer-non-cve.png b/docs/usage/assets/findings-drawer-non-cve.png deleted file mode 100644 index 795d2cbc..00000000 Binary files a/docs/usage/assets/findings-drawer-non-cve.png and /dev/null differ diff --git a/docs/usage/assets/findings-drawer-related.png b/docs/usage/assets/findings-drawer-related.png deleted file mode 100644 index 9d6c7c2b..00000000 Binary files a/docs/usage/assets/findings-drawer-related.png and /dev/null differ diff --git a/docs/usage/assets/findings-drawer-remediation.png b/docs/usage/assets/findings-drawer-remediation.png deleted file mode 100644 index 84b586cd..00000000 Binary files a/docs/usage/assets/findings-drawer-remediation.png and /dev/null differ diff --git a/docs/usage/assets/findings-endpoint-view.png b/docs/usage/assets/findings-endpoint-view.png deleted file mode 100644 index 357b4a0c..00000000 Binary files a/docs/usage/assets/findings-endpoint-view.png and /dev/null differ diff --git a/docs/usage/assets/findings-global-view.png b/docs/usage/assets/findings-global-view.png deleted file mode 100644 index b7968f92..00000000 Binary files a/docs/usage/assets/findings-global-view.png and /dev/null differ diff --git a/docs/usage/assets/findings-inject-view.png b/docs/usage/assets/findings-inject-view.png deleted file mode 100644 index 672ecb88..00000000 Binary files a/docs/usage/assets/findings-inject-view.png and /dev/null differ diff --git a/docs/usage/assets/findings-scenarios-view.png b/docs/usage/assets/findings-scenarios-view.png deleted file mode 100644 index 3b974581..00000000 Binary files a/docs/usage/assets/findings-scenarios-view.png and /dev/null differ diff --git a/docs/usage/assets/findings-simulation-view.png b/docs/usage/assets/findings-simulation-view.png deleted file mode 100644 index f7125715..00000000 Binary files a/docs/usage/assets/findings-simulation-view.png and /dev/null differ diff --git a/docs/usage/assets/inject_test_bulk.png b/docs/usage/assets/inject_test_bulk.png index 278330a3..24aa750c 100644 Binary files a/docs/usage/assets/inject_test_bulk.png and b/docs/usage/assets/inject_test_bulk.png differ diff --git a/docs/usage/assets/inject_test_bulk_confirmation_dialog.png b/docs/usage/assets/inject_test_bulk_confirmation_dialog.png index 94a80891..291f8f80 100644 Binary files a/docs/usage/assets/inject_test_bulk_confirmation_dialog.png and b/docs/usage/assets/inject_test_bulk_confirmation_dialog.png differ diff --git a/docs/usage/assets/inject_test_details.png b/docs/usage/assets/inject_test_details.png index 5171ac54..2cd08315 100644 Binary files a/docs/usage/assets/inject_test_details.png and b/docs/usage/assets/inject_test_details.png differ diff --git a/docs/usage/assets/inject_test_list.png b/docs/usage/assets/inject_test_list.png deleted file mode 100644 index 442f056b..00000000 Binary files a/docs/usage/assets/inject_test_list.png and /dev/null differ diff --git a/docs/usage/assets/inject_test_result.png b/docs/usage/assets/inject_test_result.png index d3250c58..ac63a224 100644 Binary files a/docs/usage/assets/inject_test_result.png and b/docs/usage/assets/inject_test_result.png differ diff --git a/docs/usage/assets/inject_test_single.png b/docs/usage/assets/inject_test_single.png index d7d9b8b2..68048e10 100644 Binary files a/docs/usage/assets/inject_test_single.png and b/docs/usage/assets/inject_test_single.png differ diff --git a/docs/usage/assets/injects_list_in_scenario.png b/docs/usage/assets/injects_list_in_scenario.png deleted file mode 100644 index 6c37d28b..00000000 Binary files a/docs/usage/assets/injects_list_in_scenario.png and /dev/null differ diff --git a/docs/usage/assets/install_agent_instruction.png b/docs/usage/assets/install_agent_instruction.png deleted file mode 100644 index a981bfe6..00000000 Binary files a/docs/usage/assets/install_agent_instruction.png and /dev/null differ diff --git a/docs/usage/assets/list-of-injectors.png b/docs/usage/assets/list-of-injectors.png new file mode 100644 index 00000000..79133ae6 Binary files /dev/null and b/docs/usage/assets/list-of-injectors.png differ diff --git a/docs/usage/assets/list_of_injectors.png b/docs/usage/assets/list_of_injectors.png deleted file mode 100644 index 2df59b84..00000000 Binary files a/docs/usage/assets/list_of_injectors.png and /dev/null differ diff --git a/docs/usage/assets/mapper_screen.png b/docs/usage/assets/mapper_screen.png index fea6e0a4..67568678 100644 Binary files a/docs/usage/assets/mapper_screen.png and b/docs/usage/assets/mapper_screen.png differ diff --git a/docs/usage/assets/security-platforms.png b/docs/usage/assets/security-platforms.png index 158ec834..c26504ef 100644 Binary files a/docs/usage/assets/security-platforms.png and b/docs/usage/assets/security-platforms.png differ diff --git a/docs/usage/assets/simulation-analysis-tab.png b/docs/usage/assets/simulation-analysis-tab.png index 7cf54cf3..ff87d6d7 100644 Binary files a/docs/usage/assets/simulation-analysis-tab.png and b/docs/usage/assets/simulation-analysis-tab.png differ diff --git a/docs/usage/assets/simulation_reports/simulation_edit_button.png b/docs/usage/assets/simulation_reports/simulation_edit_button.png index 68d20d26..4aecb474 100644 Binary files a/docs/usage/assets/simulation_reports/simulation_edit_button.png and b/docs/usage/assets/simulation_reports/simulation_edit_button.png differ diff --git a/docs/usage/assets/simulation_reports/simulation_reports_add_button.png b/docs/usage/assets/simulation_reports/simulation_reports_add_button.png index 3e31081d..149b0480 100644 Binary files a/docs/usage/assets/simulation_reports/simulation_reports_add_button.png and b/docs/usage/assets/simulation_reports/simulation_reports_add_button.png differ diff --git a/docs/usage/collectors.md b/docs/usage/collectors.md index 29f63a1c..98a3d02d 100644 --- a/docs/usage/collectors.md +++ b/docs/usage/collectors.md @@ -2,11 +2,11 @@ !!! question "Collectors list" - You are looking for the available collectors? The list is in the [OpenBAS Ecosystem](https://filigran.notion.site/OpenBAS-Ecosystem-30d8eb73d7d04611843e758ddef8941b). + You are looking for the available collectors? The list is in the [OpenAEV Ecosystem](https://filigran.notion.site/OpenAEV-Ecosystem-30d8eb73d7d04611843e758ddef8941b). ## Introduction -Collectors are one of the cornerstones of the OpenBAS platform, they are responsible for pulling data from various +Collectors are one of the cornerstones of the OpenAEV platform, they are responsible for pulling data from various external services for two purposes: - Collect all alerts, logs and traces related to attacks, incidents or crisis and match them to simulated injects to @@ -25,8 +25,8 @@ these 45 minutes, if no data has been found for a given inject, this inject's re #### Detection & Prevention with EDR For EDRs, we analyze the tool's logs to identify matches for the hostname and the parent process name associated with -the attack. If the attack is initiated by the OpenBAS agent, the parent process name will follow this format: -openbas-implant-INJECT_ID.exe. +the attack. If the attack is initiated by the OpenAEV agent, the parent process name will follow this format: +openaev-implant-INJECT_ID.exe. #### Detection & Prevention with SIEM @@ -53,5 +53,5 @@ complete the view overview about your current posture. ### 🔭 Others -All other system OpenBAS can pull from, to add more meaningful and relevant information to the view of your security +All other system OpenAEV can pull from, to add more meaningful and relevant information to the view of your security posture. diff --git a/docs/usage/components.md b/docs/usage/components.md deleted file mode 100644 index 906ab231..00000000 --- a/docs/usage/components.md +++ /dev/null @@ -1,5 +0,0 @@ -# Components - -!!! tip "Under construction" - - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). diff --git a/docs/usage/components/assets/challenge-creation.png b/docs/usage/components/assets/challenge-creation.png new file mode 100644 index 00000000..13c535a2 Binary files /dev/null and b/docs/usage/components/assets/challenge-creation.png differ diff --git a/docs/usage/components/assets/channel-update.png b/docs/usage/components/assets/channel-update.png new file mode 100644 index 00000000..fabcfaa3 Binary files /dev/null and b/docs/usage/components/assets/channel-update.png differ diff --git a/docs/usage/components/assets/document-creation.png b/docs/usage/components/assets/document-creation.png index dfd96d5b..9cb1ebb8 100644 Binary files a/docs/usage/components/assets/document-creation.png and b/docs/usage/components/assets/document-creation.png differ diff --git a/docs/usage/components/assets/lesson-creation.png b/docs/usage/components/assets/lesson-creation.png new file mode 100644 index 00000000..338230ff Binary files /dev/null and b/docs/usage/components/assets/lesson-creation.png differ diff --git a/docs/usage/components/challenges.md b/docs/usage/components/challenges.md index 0e0f8dc8..6e6a5e72 100644 --- a/docs/usage/components/challenges.md +++ b/docs/usage/components/challenges.md @@ -1,6 +1,6 @@ # Challenges -Challenges are integral to handling CTF (Capture The Flag) activities on the OpenBAS platform. You can define your +Challenges are integral to handling CTF (Capture The Flag) activities on the OpenAEV platform. You can define your challenge and the flags that need to be found to complete it. ## Create a Challenge @@ -13,7 +13,7 @@ To create a new challenge, follow these steps: explanation, context, steps), and attach any relevant documents. 4. Manage your challenge by setting a score and a maximum number of attempts allowed for completing the challenge. -![challenge-creation.png](../assets/components/challenge-creation.png) +![challenge-creation.png](./assets/challenge-creation.png) Once completed, your new challenge will appear in the challenge list. @@ -32,4 +32,4 @@ When clicking on the link the player is redirected to a page with a clickable ca ![challenge-admin-answers.png](../assets/components/challenge-admin-answers.png) -The initiator of the simulation can check the results. On this picture, a player of the team answered correctly while the others have not answered yet. Note that by default, players have a day to respond. \ No newline at end of file +The initiator of the simulation can check the results. On this picture, a player of the team answered correctly while the others have not answered yet. Note that by default, players have a day to respond. diff --git a/docs/usage/components/channels.md b/docs/usage/components/channels.md index 9c153c47..b5a9375c 100644 --- a/docs/usage/components/channels.md +++ b/docs/usage/components/channels.md @@ -1,6 +1,6 @@ # Channels -In OpenBAS, Channels represent communication medias with a particular look. They are used to present [web articles or other media contents](media_pressure.md) to Players in a specific way. +In OpenAEV, Channels represent communication medias with a particular look. They are used to present [web articles or other media contents](media_pressure.md) to Players in a specific way. It helps give shape to your Scenario context and events. @@ -14,7 +14,7 @@ You can define primary and secondary colors, choose logos and define how the hea On the right, a mock up of the overview is displayed to give you the look and fill of it. -![Channel creation](../assets/Channel_update.png) +![Channel creation](./assets/channel-update.png) ## Use a Channel diff --git a/docs/usage/components/documents.md b/docs/usage/components/documents.md index a980d4bd..357d4008 100644 --- a/docs/usage/components/documents.md +++ b/docs/usage/components/documents.md @@ -12,7 +12,7 @@ To create a new document, follow these steps: 3. Optionally, add a description and tags to provide additional context. You can also link your documents directly to specific simulations or scenarios. specific simulations or scenarios. -![Document creation](../assets/document-creation.png) +![Document creation](./assets/document-creation.png) After completing these steps, your new document will appear in the document list. Clicking on a document in the list will allow you to download it. diff --git a/docs/usage/components/lessons.md b/docs/usage/components/lessons.md index d55d2aaa..36c7d7bd 100644 --- a/docs/usage/components/lessons.md +++ b/docs/usage/components/lessons.md @@ -1,6 +1,6 @@ # Lessons -Lessons in OpenBAS enable you to create customizable surveys for your simulations. These surveys can be composed of +Lessons in OpenAEV enable you to create customizable surveys for your simulations. These surveys can be composed of various categories and questions within those categories. This feature helps in conducting the often overlooked part of a Breach and Attack Simulation involving real people, by automating the process and complementing your simulation results with qualitative feedback. @@ -12,7 +12,7 @@ To create a new lesson template, follow these steps: 1. Click the + button at the bottom right corner of the screen. 2. Give your new lesson template a name. -![lesson-creation.png](../assets/components/lesson-creation.png) +![lesson-creation.png](./assets/lesson-creation.png) Once completed, your new lesson will appear in the lesson learned list. diff --git a/docs/usage/components/media_pressure.md b/docs/usage/components/media_pressure.md index 5b23b9f6..d33dead1 100644 --- a/docs/usage/components/media_pressure.md +++ b/docs/usage/components/media_pressure.md @@ -3,7 +3,7 @@ We are doing our best to complete this page. If you want to participae, dont hesitate to join the [Filigran Community on Slack](https://community.filigran.io) - or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). + or submit your pull request on the [Github doc repository](https://github.com/OpenAEV-Platform/docs). Media pressure are Articles or web contents you create to give more shape to your Scenario, or to simulate contextual pressure on your Teams and Players. @@ -21,7 +21,7 @@ A media pressure Article is defined by: - Author - Content: the content of your article. You can enrich the text and have a preview of the formatted result. You can also go fullscreen. - To simulate social network engagement, you can define number of comments, Shares and Likes of the Articles. -- Documents: you can attach file to the Article. It can be useful if you want to simulate the publication of a large report you don't want to craft inside OpenBAS, like a pdf security report for example. +- Documents: you can attach file to the Article. It can be useful if you want to simulate the publication of a large report you don't want to craft inside OpenAEV, like a pdf security report for example. Once created, Articles appears as cards in the definition screen of the Scenario or Simulation they have been created into. Note that if an article is not yet used in the Scenario or Simulation (probably because it does not have been used in a "Publish channel pressure" inject), it is mentioned into the Article's card. diff --git a/docs/usage/dashboards/custom-dashboards/assets/dashboard-overview.png b/docs/usage/dashboards/custom-dashboards/assets/dashboard-overview.png index cd8c5a8e..3ee43590 100644 Binary files a/docs/usage/dashboards/custom-dashboards/assets/dashboard-overview.png and b/docs/usage/dashboards/custom-dashboards/assets/dashboard-overview.png differ diff --git a/docs/usage/dashboards/custom-dashboards/assets/list_custom_dashboards.png b/docs/usage/dashboards/custom-dashboards/assets/list_custom_dashboards.png index 0307de36..4e590ecf 100644 Binary files a/docs/usage/dashboards/custom-dashboards/assets/list_custom_dashboards.png and b/docs/usage/dashboards/custom-dashboards/assets/list_custom_dashboards.png differ diff --git a/docs/usage/dashboards/custom-dashboards/custom-dashboards.md b/docs/usage/dashboards/custom-dashboards/custom-dashboards.md index e3bdece3..f57b7457 100644 --- a/docs/usage/dashboards/custom-dashboards/custom-dashboards.md +++ b/docs/usage/dashboards/custom-dashboards/custom-dashboards.md @@ -1,6 +1,6 @@ # Custom dashboards -OpenBAS provides an adaptable and entirely customizable dashboard functionality. The flexibility of OpenBAS's dashboard +OpenAEV provides an adaptable and entirely customizable dashboard functionality. The flexibility of OpenAEV's dashboard ensures a tailored and insightful visualization of data, fostering a comprehensive understanding of the platform's live activity. diff --git a/docs/usage/dashboards/widgets/assets/widget-dimensions-2.png b/docs/usage/dashboards/widgets/assets/widget-dimensions-2.png index 48c166ac..c32fc940 100644 Binary files a/docs/usage/dashboards/widgets/assets/widget-dimensions-2.png and b/docs/usage/dashboards/widgets/assets/widget-dimensions-2.png differ diff --git a/docs/usage/dashboards/widgets/assets/widget-visualization.png b/docs/usage/dashboards/widgets/assets/widget-visualization.png index bc23dd25..3f2b20e2 100644 Binary files a/docs/usage/dashboards/widgets/assets/widget-visualization.png and b/docs/usage/dashboards/widgets/assets/widget-visualization.png differ diff --git a/docs/usage/default_asset_rules.md b/docs/usage/default_asset_rules.md index 390d74c7..aa559ae4 100644 --- a/docs/usage/default_asset_rules.md +++ b/docs/usage/default_asset_rules.md @@ -7,6 +7,6 @@ You can manage these rules in Settings → Customization. When you create an Inject in a Scenario, if the Scenario has a tag matching one of the Asset Rules, the associated default Asset Groups are automatically applied to that Inject. When a Scenario is updated, if you add a tag matching one of the Asset Rules, a pop-up will appear asking if you want to apply those default Asset Groups to the existing Injects in the Scenario. ## OpenCTI default rule -By default, a rule for the **opencti** tag is created. This tag is automatically applied to Scenarios generated from OpenCTI (see [Generating Scenario from OpenCTI](../scenario/opencti_scenario.md) ). This default rule cannot be removed, and its tag cannot be modified. +By default, a rule for the **opencti** tag is created. This tag is automatically applied to Scenarios generated from OpenCTI (see [Generating Scenario from OpenCTI](./scenario/opencti_scenario.md) ). This default rule cannot be removed, and its tag cannot be modified. -![Asset Rules](./assets/asset_rules.png) \ No newline at end of file +![Asset Rules](./assets/asset_rules.png) diff --git a/docs/usage/evaluate/overview.md b/docs/usage/evaluate/overview.md index 4e653f7b..cf8a68f2 100644 --- a/docs/usage/evaluate/overview.md +++ b/docs/usage/evaluate/overview.md @@ -2,9 +2,9 @@ !!! tip "Under construction" - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). + We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenAEV-Platform/docs). -The Home screen provides visitors of the OpenBAS platform with an overview of the platform's live activity and a +The Home screen provides visitors of the OpenAEV platform with an overview of the platform's live activity and a snapshot of your global security posture. Below is a breakdown of the various widgets available on this page. ## Metric cards diff --git a/docs/usage/expectations.md b/docs/usage/expectations.md index f5297354..48e78dcf 100644 --- a/docs/usage/expectations.md +++ b/docs/usage/expectations.md @@ -1,7 +1,7 @@ # Expectations Expectations define what is expected from an [Asset (endpoint)](assets.md) or -a [Players](people.md#players) when facing an [Inject](injects.md) in terms of +a [Players](people.md#players) when facing an [Inject](inject-overview.md) in terms of security posture. Each expectation has a score representing how well it has been met by the target. ## Expectation types @@ -109,7 +109,7 @@ Each expectation has a **default score value** at creation, configurable via env | Parameter | Environment variable | Default value | Description | |:-----------------------------------------------|:-----------------------------------------------|:--------------|:-------------------------------------------| -| openbas.expectation.manual.default-score-value | OPENBAS_EXPECTATION_MANUAL_DEFAULT-SCORE-VALUE | 50 | Default score value for manual expectation | +| openaev.expectation.manual.default-score-value | OPENAEV_EXPECTATION_MANUAL_DEFAULT-SCORE-VALUE | 50 | Default score value for manual expectation | #### Expiration time @@ -120,13 +120,13 @@ Expectations must be validated within a time limit. Defaults are set in the syst | Parameter | Environment variable | Default value | Description | |:-----------------------------------------------|:-----------------------------------------------|:--------------|:--------------------------------------------------------------------| -| openbas.expectation.technical.expiration-time | OPENBAS_EXPECTATION_TECHNICAL_EXPIRATION-TIME | 21600 | Expiration time for Technical expectation (detection & prevention) | -| openbas.expectation.detection.expiration-time | OPENBAS_EXPECTATION_DETECTION_EXPIRATION-TIME | 21600 | Expiration time for detection expectation | -| openbas.expectation.prevention.expiration-time | OPENBAS_EXPECTATION_PREVENTION_EXPIRATION-TIME | 21600 | Expiration time for prevention expectation | -| openbas.expectation.human.expiration-time | OPENBAS_EXPECTATION_HUMAN_EXPIRATION-TIME | 86400 | Expiration time for human expectation (manual, challenge & article) | -| openbas.expectation.challenge.expiration-time | OPENBAS_EXPECTATION_CHALLENGE_EXPIRATION-TIME | 86400 | Expiration time for challenge expectation | -| openbas.expectation.article.expiration-time | OPENBAS_EXPECTATION_ARTICLE_EXPIRATION-TIME | 86400 | Expiration time for article expectation | -| openbas.expectation.manual.expiration-time | OPENBAS_EXPECTATION_MANUAL_EXPIRATION-TIME | 86400 | Expiration time for manual expectation | +| openaev.expectation.technical.expiration-time | OPENAEV_EXPECTATION_TECHNICAL_EXPIRATION-TIME | 21600 | Expiration time for Technical expectation (detection & prevention) | +| openaev.expectation.detection.expiration-time | OPENAEV_EXPECTATION_DETECTION_EXPIRATION-TIME | 21600 | Expiration time for detection expectation | +| openaev.expectation.prevention.expiration-time | OPENAEV_EXPECTATION_PREVENTION_EXPIRATION-TIME | 21600 | Expiration time for prevention expectation | +| openaev.expectation.human.expiration-time | OPENAEV_EXPECTATION_HUMAN_EXPIRATION-TIME | 86400 | Expiration time for human expectation (manual, challenge & article) | +| openaev.expectation.challenge.expiration-time | OPENAEV_EXPECTATION_CHALLENGE_EXPIRATION-TIME | 86400 | Expiration time for challenge expectation | +| openaev.expectation.article.expiration-time | OPENAEV_EXPECTATION_ARTICLE_EXPIRATION-TIME | 86400 | Expiration time for article expectation | +| openaev.expectation.manual.expiration-time | OPENAEV_EXPECTATION_MANUAL_EXPIRATION-TIME | 86400 | Expiration time for manual expectation | A default expiration time is set for technical and human expectations. Users can override them for each type of expectations. diff --git a/docs/usage/findings.md b/docs/usage/findings.md index 09af658b..ae1553b1 100644 --- a/docs/usage/findings.md +++ b/docs/usage/findings.md @@ -6,32 +6,14 @@ exploited. They are generated from the injector's structured output, which can take multiple forms, including IPv4, Text, IPv6, Port, PortScan (object), and Credentials (object). -Each finding is associated with an [Inject](injects.md) and an [Asset (endpoint)](assets.md). +Each finding is associated with an [Inject](inject-overview.md) and an [Asset (endpoint)](assets.md). Findings can be accessed at various levels across the platform. In the Findings view, only aggregated values are initially displayed to provide a high-level overview. -When a specific finding is clicked, a drawer opens to reveal more detailed information. This includes: +When a specific finding is clicked, a drawer opens to reveal more detailed information. +This includes: * The associated inject(s) where the finding was discovered * For CVE-type findings, enriched data previously sourced from [taxonomies](../administration/taxonomies.md) is available, such as: - General information about the CVE - A Remediation tab with actionable recommendations (EE) - -- Global level - ![Global](assets/findings-global-view.png) - ![Non-cve](assets/findings-drawer-non-cve.png) - ![Cve](assets/findings-drawer-cve-general.png) - ![Related-injects](assets/findings-drawer-related.png) - ![Remediation](assets/findings-drawer-remediation.png) -- Scenario level - ![Scenario](assets/findings-scenarios-view.png) -- Simulation level - ![Simulation](assets/findings-simulation-view.png) -- Inject level - ![Inject](assets/findings-inject-view.png) -- Atomic level - ![Atomic](assets/findings-atomic-view.png) -- Endpoint level - ![Endpoint](assets/findings-endpoint-view.png) - - diff --git a/docs/usage/getting-started.md b/docs/usage/getting-started.md index c41e3f81..612d3541 100644 --- a/docs/usage/getting-started.md +++ b/docs/usage/getting-started.md @@ -1,115 +1,169 @@ # Getting started -!!! tip "Under construction" +OpenAEV allows you to validate your security posture by simulating real-world adversary techniques. +It has been designed as part of the Filigran XTM suite and can be integrated +with [OpenCTI](https://filigran.io/solutions/open-cti/) to generate meaningful attack scenarios based on real threats. - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). +This guide introduces the **key concepts** and **workflows** behind the platform. -This guide aims to give you a full overview of the OpenBAS features and workflows. The platform can be used in various -contexts to handle Breach and Attack simulations at technical or strategical levels. OpenBAS has been designed as a part -of the Filigran XTM suite and can be integrated with [OpenCTI](https://filigran.io/solutions/open-cti/) to generate -meaningful attack scenarios based on real threat. OpenBAS is result-oriented with many dashboards helping you to -evaluate -you security posture given a defined context. +--- -Here are some examples of use cases: +## What you can do with OpenAEV -- Designing attack scenario based on real threat -- Evaluate your security posture against technical simulations on endpoints -- Enhance team skills by evaluating them during simulations along with your security systems -- Organize Capture The Flag with multiple challenges -- Conduct atomic testing +Some typical use cases include: -## Welcome dashboard +- Designing attack scenarios based on real threats +- Evaluating your security posture against technical simulations on endpoints +- Enhancing team skills during exercises and simulations +- Organizing Capture The Flag events with multiple challenges +- Conducting atomic testing on assets -The welcome page provides every OpenBAS platform visitor with a snapshot of the platform activity as well as an overview -of your global security posture. You can find more information in [this section](evaluate/overview.md). +--- -## Starter Pack -Enabled by default, and in order to understand the value of OpenAEV, the Starter Pack will create and provide for you a set of items for a ready to use platform. +## Players & Teams -Will be created : +Before running a simulation, define **who will participate**. -- Three types of [scenarios](scenarios_and_simulations.md) available : - - [Tabletop](https://filigran.io/build-your-table-top-scenario-with-openbas/) - - Technical - Agentless - - [Technical - Agent-based](https://filigran.io/deploy-openbas-agents-and-validate-your-security-posture/) -- Four [dashboards](dashboards/custom-dashboards/custom-dashboards.md) (Technical Home and Scenario, Technical Simulation, TTX Home and Scenario, TTX Simulation) - - Produces a summary of the different scenarios and simulations played on the platform -- Ready to use [Injectors](injectors.md) ([NMAP](https://github.com/OpenAEV-Platform/injectors/tree/main/nmap) and [Nuclei](https://github.com/OpenAEV-Platform/injectors/tree/main/nuclei)) - - Will provide the possibility to create agentless attacks -- All Filigran [Collectors](collectors.md) - - Atomic Red Team : Will provide to you a set of payloads ([more info](https://www.atomicredteam.io/atomic-red-team)) - - Mitre Attack : Will provide payloads and kill chain ([more info](https://docs.openbas.io/latest/administration/taxonomies/)) - - OpenAEV : Will provide payloads validated by Filigran ([more info](https://github.com/OpenAEV-Platform/payloads)) - - CVE by NVD Nist : Provide all known CVE ([more info](https://docs.openbas.io/latest/administration/taxonomies/)) -- One [Agentless Endpoint](assets.md) - - Prepared agentless endpoint to be used by previous items -- One [Asset Group](assets.md) "All endpoint" - - Prepared assets group to get all endpoints +- [Players](people.md#players) represent humans or roles (SOC analyst, sysadmin, end-user). +- [Teams](people.md#teams) group players into units (SOC, IT Ops, HR). -You can find configuration to disable it in [this section](../deployment/configuration.md). +Creating players and teams lets you measure not only **technical outcomes** but also the **human response**: who reports +an alert, who escalates, who reacts according to playbooks. -## Your first Breach and Attack Simulation +## Agents & Assets -### Creating or Importing players and assets to play with +[Assets](assets.md) are the systems you want to test: workstations, servers, VMs, or logical groups. -First, you need to create or import Players and Assets that will participate in the simulation and be targeted by -technical or strategical events. To do so, you can either create [players](people.md) -and [teams](people.md) or deploy agent on [assets](assets.md). +You can: -### Building your Scenario +- Deploy an **OpenAEV agent** for agent-based testing (executes payloads, reports telemetry, supports automated checks) +- Use **agentless endpoints** when software installation is not possible -Once integrations is done, you are ready to create your first Scenario! +Assets are reused across scenarios and simulations — it’s worth naming and tagging them carefully (OS, owner, +environment). -[Scenarios](scenario.md) act as template for your Breach and Attack simulations. After establishing such a template, you -will be able to schedule it as a one shot simulation, or as a recurring one. +## Payloads & Injects -You have two main options to create scenarios: +[Payloads](payloads/payloads.md) are the technical actions: running a command, scanning a network, or checking for a +vulnerability. -#### Option 1: Import from XTM Hub -- Navigate to the Scenarios menu and click on **"Import from Hub"** to access the library of pre-built scenarios -- Browse scenarios by industry, attack type, or threat actor -- Download and import ready-to-use scenarios that match your testing requirements -- Customize the imported scenario for your specific environment +[Injects](inject-overview.md) wrap payloads with context: -#### Option 2: Create from scratch -- Go to the Scenarios menu and create a new one with the + button. -- Now go to the [Injects](injects.md) tab and add some to build the serie of events that will define the core of your - Scenario. If you want to stay strategical, you can select inject like "Send individual mails". If you want to go - technical, you can select injects linked to attack pattern (Caldera integration allows you to play hundreds of them). -- Then, define [who or what will be targeted](targets.md) by those injects, customize them, and define what is expected - to happen. For example, you expect the targeted team to perform a specific action and the animation team will - validated this expectation manually. Or, you expect the technical event to be prevented and it will be automatically - checked through your integrations with your security systems. -- Do not forget to define when the inject is played in the scenario chronology. +- *who* is the target +- *when* it should run +- *what* is expected in return -Optionally, you can enhance your scenario by -adding [Documents](components/documents.md), [Media pressures](components/media_pressure.md), or even -CTF [Challenges](components/challenges.md) to your injects. +OpenAEV includes collectors with ready-to-use payloads: OpenAEV curated payloads and Atomic Red Team. -### Play the simulation +## Scenarios & Simulations -You can now schedule your [Simulation](simulation.md) by hitting the blue "Simulate now" button. Choose your moment and -hit start. +A [scenario](scenario.md) is a blueprint: a sequence of injects that tell the story of an attack. -On time, a Simulation based on your Scenario template is generated. It is listed in your Scenario overview and in the -Simulations menu. From there, you can follow the course of the Simulation and interact with it, for example to validate -manual expectations. +You can: -During the course of the simulation, results are updated and can be consulted in the Simulation overview. +- Import pre-built scenarios from the **XTM Hub** +- Create your own from scratch -### Evaluate your security posture +Once defined, a scenario can be turned into a [simulation](simulation.md): a live execution in your environment, either +one-shot or scheduled regularly. -Results in OpenBAS are based on expectations' results that are linked to injects played during Simulations. It is then -important to manually validate expectations that need it. +During simulations, [expectations](injects_and_expectations.md) are validated: -Results are broken down by "Prevention", "Detection" and "Human response" metrics. +- **Automatically**, via integrations with your stack +- **Manually**, by observers validating human reactions -- Prevention displays your ability to prevent the scenario's technical events to be completed -- Detection displays your ability to detect the scenario's technical events -- Human response displays how well players and teams react as expected facing the scenario's events -- Vulnerability displays your ability to detect common vulnerabilities and exposures (CVEs) when the scenario's events happen. +## Results & Dashboards -!!! tip "Additional Resources" +After a simulation, results are consolidated along four axes: - You can access additional Filigran resources and services through XTM Hub by clicking the 9-dot grid icon in the top navigation bar. This provides access to training materials, community resources, and other Filigran ecosystem services. +- **Prevention** — were attack steps blocked? +- **Detection** — were they detected? +- **Vulnerability** — which exposures were identified? +- **Human response** — how did players/teams react? + +[Dashboards](dashboards/custom-dashboards/custom-dashboards.md) let you explore these results at different levels: from +a global overview of your posture to the detailed timeline of a simulation. + +--- + +## The Starter Pack + +OpenAEV includes a **Starter Pack** to accelerate onboarding. +It provides: + +- Pre-built scenarios (tabletop, agentless, agent-based) +- Four dashboards +- Injectors (Nmap, Nuclei) +- Collectors (Atomic Red Team, MITRE ATT&CK, OpenAEV payloads, CVE/NVD feed) +- One agentless endpoint + an asset group + +With the Starter Pack, you can launch a complete simulation right after installation. + +--- + +## An end-to-end atomic example (with agent) + +Let’s walk through the simplest possible scenario, using only an agent and an atomic payload. + +Imagine you deployed an OpenAEV agent on a Windows endpoint named `endpoint-win-01`. + +### Step 1 — Create the payload + + ```bash + echo "OpenAEV Atomic Test" > C:\temp\atomic.txt + ```` + +### Step 2 — Build the inject + +* Create an **atomic testing** in the UI +* Use the created payload +* Target `endpoint-win-01` + +### Step 3 — Run the simulation + +Click **Launch now**. +The platform executes the payload via the agent. +The result should appear in the atomic testing overview. + +## A more complete example + +Now imagine simulating a phishing attack followed by reconnaissance. + +**Assets**: + +* Windows workstation with an agent (`endpoint-win-01`) +* Database server without agent (`srv-db-01`) + +**Injects**: + +1. **Phishing email** → expected to be reported (manual validation) + +2. **Initial access** → benign file creation on `endpoint-win-01` + + ```bash + echo "pwned" > C:\temp\pwned.txt + ``` + +3. **Network scan** → from the endpoint + + ```bash + nmap -Pn -T4 10.0.0.0/24 + ``` + +4. **Exploit attempt** → non-destructive CVE check on the DB server + +**Outcome**: +You can validate phishing reporting, check EDR blocking, IDS detection of the scan, and see vulnerability results. +Dashboards consolidate both technical and human responses. + +--- + +## Next steps + +* Create custom injects and payloads +* Import threat-informed scenarios from the XTM Hub +* Connect with [OpenCTI](https://filigran.io/solutions/open-cti/) +* Track improvements over time in dashboards + +OpenAEV is more than running tests — it is about **continuously validating your exposure** and transforming insights +into stronger defense. diff --git a/docs/usage/inject-caldera.md b/docs/usage/inject-caldera.md index 7f058712..2c950d98 100644 --- a/docs/usage/inject-caldera.md +++ b/docs/usage/inject-caldera.md @@ -4,7 +4,7 @@ The [Caldera framework](https://caldera.mitre.org/), developed by MITRE, is a po ## Injects -In OpenBAS, the Caldera framework has been fully integrated, offering users access to a comprehensive library of injects for conducting simulation exercises. With this integration, users can leverage the extensive capabilities of Caldera within OpenBAS. +In OpenAEV, the Caldera framework has been fully integrated, offering users access to a comprehensive library of injects for conducting simulation exercises. With this integration, users can leverage the extensive capabilities of Caldera within OpenAEV. Caldera offers 1600+ [abilities](https://caldera.readthedocs.io/en/latest/Learning-the-terminology.html#abilities-and-adversaries), covering the full range of ATT&CK tactics and techniques. These capabilities equip security teams with an extensive toolkit to simulate various threats and assess defense mechanisms effectively. @@ -13,9 +13,9 @@ Caldera offers 1600+ [abilities](https://caldera.readthedocs.io/en/latest/Learni ## Behavior -Injects within the Caldera framework can be played on both individual [Endpoints and Asset groups](assets.md). Prior to playing injects, [Caldera agents](injectors.md#agent-section) need to be installed on the target machines to enable interaction with the platform. +Injects within the Caldera framework can be played on both individual [Endpoints and Asset groups](assets.md). Prior to playing injects, [Caldera agents](injectors.md#agents) need to be installed on the target machines to enable interaction with the platform. -Once the agents are deployed, simulations with Caldera injects can be executed. The platform will contact the Agent to start the ability. Subsequently, the agents will report the results to OpenBAS. Below is the workflow illustrating the behavior of injects. +Once the agents are deployed, simulations with Caldera injects can be executed. The platform will contact the Agent to start the ability. Subsequently, the agents will report the results to OpenAEV. Below is the workflow illustrating the behavior of injects. ![Async workflow](assets/inject-caldera.png) @@ -24,7 +24,7 @@ Once the agents are deployed, simulations with Caldera injects can be executed. -Below are the properties you'll need to set for OpenBAS: +Below are the properties you'll need to set for OpenAEV: | Property | application.properties | Docker environment variable | Mandatory | Description | |-------------------------|--------------------------------|----------------------------------|-----------|----------------------------------------------------------| diff --git a/docs/usage/inject-overview.md b/docs/usage/inject-overview.md index 507cd879..170faa76 100644 --- a/docs/usage/inject-overview.md +++ b/docs/usage/inject-overview.md @@ -1,15 +1,13 @@ # Injects -Injects are fundamental elements of simulations within OpenBAS, each representing a discrete action to be executed +Injects are fundamental elements of simulations within OpenAEV, each representing a discrete action to be executed during a Scenario. Managed and facilitated by various [injectors](injectors.md), each inject type serves a distinct purpose, contributing to the comprehensive evaluation of defenses. -![Injects list in a Scenario](assets/injects_list_in_scenario.png) - ## Create an inject Whether intended for [Atomic testing](atomic.md) or for a [Simulation](simulation.md), the process for creating injects -remains consistent within OpenBAS. +remains consistent within OpenAEV. ![Capture of a filtered list of inject during selection process](assets/example_inject_filtering.png) @@ -37,7 +35,7 @@ steps in the creation process include: #### 1. Choose the type of inject You first need to select an inject in the list of available ones (on the left of the creation screen). Logos on the left -of each line indicates which Injector is associated with each [inject](injects.md). Depending on your integrations, this +of each line indicates which Injector is associated with each [inject](inject-overview.md). Depending on your integrations, this list can be long. To facilitate the selection into this possibly very long list, you can search injects by name and filter the list by @@ -119,6 +117,10 @@ You can test direct contact injects in simulations and scenarios. For now, only email and sms inject are concerned by this feature. +!!! note + + Only the latest test is displayed for each inject. + ### Unit test You can test injects one at a time. @@ -154,18 +156,6 @@ As mentioned in the dialog, only sms and emails injects will be tested. The emai After the launch of the test, you are redirected to the tests list page. -### Tests list - -![Inject tests list](assets/inject_test_list.png) - -A "Tests" tab is available in simulations and scenarios. The list of all the tests done on the injects of the -simulation/scenario are displayed. Clicking on one of the lines opens the drawer with the execution details of the -tests. - -!!! note - - Only the latest test is displayed for each inject. - ### Replay tests Each test in the list has a menu allowing users to delete or replay the test. @@ -179,7 +169,7 @@ the top of the list. After clicking on it, the user confirms the tests launch an ## Inject status -### Inject status using the OpenBAS agent +### Inject status using the OpenAEV agent #### Navigating between active inject targets @@ -250,14 +240,14 @@ Once an inject have been executed, it is possible to access the alerts' details ![Inject execution traces details](assets/inject-expectation-traces-1.png) -By selecting an agent on the `Targets` panel, you can access the traces details that were retrieved by OpenBAS. +By selecting an agent on the `Targets` panel, you can access the traces details that were retrieved by OpenAEV. On the above example, we can see that there are 2 agents on the `vm3.obas.lan` asset. We can see there are detections on the -OpenBAS agent, while the Crowdstrike agent hasn't had any yet (it can take several minutes for the traces to -show up in OpenBAS). +OpenAEV agent, while the Crowdstrike agent hasn't had any yet (it can take several minutes for the traces to +show up in OpenAEV). -By clicking on the OpenBAS agent, we can see that the inject's payload was already detected by the CrowdStrike Falcon +By clicking on the OpenAEV agent, we can see that the inject's payload was already detected by the CrowdStrike Falcon EDR while more detections might arrive at a later point. We can also see that there was one alert identified on CrowdStrike Falcon EDR. diff --git a/docs/usage/inject-types.md b/docs/usage/inject-types.md index 2a3e139e..a123b34e 100644 --- a/docs/usage/inject-types.md +++ b/docs/usage/inject-types.md @@ -1,6 +1,6 @@ # Inject types -There are different types of injector in OpenBAS. +There are different types of injector in OpenAEV. @@ -13,7 +13,7 @@ enhancing the accuracy and realism of the exercise. The inject associated with this type is referred to as `Manual`. To be able to log events not directly related to an email or a sms, you can attach manual expectation to this events ( -see [Manual Expectations](https://docs.openbas.io/latest/usage/expectations/?h=manual#manual-expectations)). +see [Manual Expectations](https://docs.openaev.io/latest/usage/expectations/?h=manual#manual-expectations)). ### Example of a manual inject: diff --git a/docs/usage/injectors.md b/docs/usage/injectors.md index f6cb8785..678ba80e 100644 --- a/docs/usage/injectors.md +++ b/docs/usage/injectors.md @@ -2,14 +2,14 @@ !!! question "Injectors list" - You are looking for the available injectors? The list is in the [OpenBAS Ecosystem](https://filigran.notion.site/OpenBAS-Ecosystem-30d8eb73d7d04611843e758ddef8941b). + You are looking for the available injectors? The list is in the [OpenAEV Ecosystem](https://filigran.notion.site/OpenAEV-Ecosystem-30d8eb73d7d04611843e758ddef8941b). ## Introduction -Injectors are one of the cornerstones of the OpenBAS platform, they are responsible for pushing simulation actions to +Injectors are one of the cornerstones of the OpenAEV platform, they are responsible for pushing simulation actions to third party systems. According to their functionality and use case, they are categorized in the following classes. -![List of Injectors](assets/list_of_injectors.png) +![List of Injectors](assets/list-of-injectors.png) ### 📡 Endpoint payloads execution @@ -31,14 +31,14 @@ messaging etc. Some of them : - Challenges: Manages inject "publish challenges". To find more information more about this type of inject, please refer - to the [dedicated documentation section](injects.md#challenge-section). + to the [dedicated documentation section](inject-types.md#challenges). - Email: Manages the sending of injects' emails, enabling communication and dissemination of simulation-related information. - Manual: Platform functionality for creating manual action reminders, allowing administrators to prompt specific actions to be performed manually. To find more information about the related inject, please refer to - the [dedicated documentation section](injects.md#manual-section). + the [dedicated documentation section](inject-types.md#manual-action-reminders). - Media pressure: Manages inject "publish channel pressure". To find more information about this type of inject, please - refer to the [dedicated documentation section](injects.md#media-pressure-section). + refer to the [dedicated documentation section](inject-types.md#media-pressure). - OVHCloud SMS Platform: Facilitates SMS messaging for injects, providing an additional communication channel for simulation participants. @@ -49,7 +49,7 @@ systems. ### 💉 Others -All other system OpenBAS can inject, as part of breach and attack simulation campaigns. +All other system OpenAEV can inject, as part of breach and attack simulation campaigns. Some of them : @@ -57,7 +57,7 @@ Some of them : collaboration with CyberRange environments. For more information concerning CyberRange, please refer to the [Airbus website](https://www.cyber.airbus.com/cyberrange/). - HTTP query: Executes HTTP requests on external services, facilitating interactions with external systems. To find more - information about the related inject, please refer to the [dedicated documentation section](injects.md#http-section). + information about the related inject, please refer to the [dedicated documentation section](inject-types.md#http-requests). - OpenCTI: Integration with an OpenCTI platform, enhancing simulation capabilities with access to threat intelligence and [automatic scenario generation](scenario/opencti_scenario.md) based on observed threat activities. @@ -65,10 +65,10 @@ Some of them : !!! tip "Tips" - If you want to learn more about the concept and features of agents, you can have more info [here](../usage/openbas-agent.md). + If you want to learn more about the concept and features of agents, you can have more info [here](../usage/openaev-agent.md). -For certain injectors, deploying an agent on the target machine is necessary to facilitate integration with OpenBAS. -These agents are software programs that connect back to OpenBAS at certain intervals to get instructions. +For certain injectors, deploying an agent on the target machine is necessary to facilitate integration with OpenAEV. +These agents are software programs that connect back to OpenAEV at certain intervals to get instructions. To access the agents and installation instructions, navigate to the dedicated page located in the top right-hand corner (button with the screen logo). @@ -82,5 +82,3 @@ MITRE Caldera framework, unlocking advanced simulation capabilities and enhancin simulation exercises. Full details of the [Caldera agent](https://caldera.readthedocs.io/en/latest/Learning-the-terminology.html#agents) are available in the MITRE documentation. - -![Install Agent panel with instructions](assets/install_agent_instruction.png) diff --git a/docs/usage/injects_and_expectations.md b/docs/usage/injects_and_expectations.md index 24680173..d1b3b4f9 100644 --- a/docs/usage/injects_and_expectations.md +++ b/docs/usage/injects_and_expectations.md @@ -1,10 +1,10 @@ # Injects and Expectations -Evaluating security posture in OpenBAS is to confront events (aka [Injects](injects.md)) with [Expectations](expectations.md). +Evaluating security posture in OpenAEV is to confront events (aka [Injects](inject-overview.md)) with [Expectations](expectations.md). ## Injects -Threats are the results of actions by threat actors, and a combination of intent, capability and opportunity. In OpenBAS, simulating threats and their attack capabilities involves executing injects targeting [players](people.md) and [assets](assets.md). +Threats are the results of actions by threat actors, and a combination of intent, capability and opportunity. In OpenAEV, simulating threats and their attack capabilities involves executing injects targeting [players](people.md) and [assets](assets.md). Injects can be technical, emulating action attackers might take on an endpoint, and non-technical, representing interactions with players or impactful contextual events during a crisis (such as media inquiries by phone following a data breach). They are always triggered at a specific point in time but it is possible to execute them only if one or multiple conditions are met. diff --git a/docs/usage/injects_builtin.md b/docs/usage/injects_builtin.md index 19bd2aed..a80d77af 100644 --- a/docs/usage/injects_builtin.md +++ b/docs/usage/injects_builtin.md @@ -2,4 +2,4 @@ !!! tip "Under construction" - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). + We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenAEV-Platform/docs). diff --git a/docs/usage/notifications.md b/docs/usage/notifications.md index 9073cfc8..b09ac351 100644 --- a/docs/usage/notifications.md +++ b/docs/usage/notifications.md @@ -1,4 +1,4 @@ -As of today, OpenBAS has only one notification type: scenario score degradation. his alert emails you when a scenario's simulation score drops below the previous score of the previous run. +As of today, OpenAEV has only one notification type: scenario score degradation. his alert emails you when a scenario's simulation score drops below the previous score of the previous run. To enable the notification, open the scenario page and click this icon: ![Notification Icon](./assets/notification_icon.png). @@ -6,4 +6,4 @@ To enable the notification, open the scenario page and click this icon: ![Notifi ![Notification Popup](./assets/notification_popup.png) -To disable the notification, click the same icon on the scenario page and select **Delete** in the popup. \ No newline at end of file +To disable the notification, click the same icon on the scenario page and select **Delete** in the popup. diff --git a/docs/usage/openbas-agent.md b/docs/usage/openaev-agent.md similarity index 78% rename from docs/usage/openbas-agent.md rename to docs/usage/openaev-agent.md index 480e963e..a10b0754 100644 --- a/docs/usage/openbas-agent.md +++ b/docs/usage/openaev-agent.md @@ -1,35 +1,35 @@ -# OpenBAS Agent +# OpenAEV Agent ## Introduction -The OpenBAS Agent is an application whose main role is to enroll an Asset on the OpenBAS platform, +The OpenAEV Agent is an application whose main role is to enroll an Asset on the OpenAEV platform, to retrieve jobs or scripts to be executed and to transmit this information to Implants (subject to come) for execution on the host Asset. The Agent will not perform direct actions on the Asset to remain neutral for antivirus and ensure the full run of the simulation. -The OpenBAS Agent is compatible with different OS (Windows, Linux, macOS) and is developed in Rust. +The OpenAEV Agent is compatible with different OS (Windows, Linux, macOS) and is developed in Rust. ## Installation -Depending on the OS, several installations are at your disposal, you can find them on OpenBAS by clicking the blue icon on the right top corner : +Depending on the OS, several installations are at your disposal, you can find them on OpenAEV by clicking the blue icon on the right top corner : ![Agents](../administration/assets/agents.png) !!! note - Since the release 1.14, several OpenBAS agents can be installed on a machine to try different configurations on Payload executions:
+ Since the release 1.14, several OpenAEV agents can be installed on a machine to try different configurations on Payload executions:
- Example 1: with the standard installation, you can install two agents on your machine with different privileges (one standard and one administrator).
- Example 2: with the advanced installation as system (installation before release 1.14), you have installed an agent with system user and privileges. It could be interesting to install an agent from the standard installation to compare the behavior like folders accesses, environment variables, privileges,...

**For more details, see the explanations below for each OS and each installation.** !!! warning - The following documented antivirus exclusions are mandatory for OpenBAS to work properly. Please note that the AV exclusions are always only on the `runtimes` subfolder, which is important to ensure `payloads` (which land in another directory) will be detected / blocked if this is relevant. + The following documented antivirus exclusions are mandatory for OpenAEV to work properly. Please note that the AV exclusions are always only on the `runtimes` subfolder, which is important to ensure `payloads` (which land in another directory) will be detected / blocked if this is relevant. ### Windows - Requirements: - - Ensure access to the OpenBAS instance being used; + - Ensure access to the OpenAEV instance being used; - Ensure that the system environment variable "Path" contains the values "%SYSTEMROOT%\System32\" and "%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\"; - For "Advanced installation as User (service)", you need to enable the "Service Logon" policy for the user you want to run the service as, follow [this tutorial](https://learn.microsoft.com/en-us/system-center/scsm/enable-service-log-on-sm?view=sc-sm-2025) to do it; - Compatibility → All major Windows versions @@ -38,8 +38,8 @@ Depending on the OS, several installations are at your disposal, you can find th | Installation mode | Installation | Installation type | Execution agent and payload | Verification/Start/Stop agent | Folder path | AV exclusions | Uninstallation | |:----------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------| -| **Standard installation (session)** | Asset with GUI and terminal with standard privileges or admin privileges for the logged-in user | User session (standard privileges): start up app `WriteRegStr`
OR
User session (admin privileges): start up task `schtasks` | Background, only when user is logged in, with the user privilege from the powershell elevation and environment | `Get-Process openbas-agent \| Where-Object { $_.Path -eq "[FOLDER_PATH]\openbas-agent.exe" }`
`Get-Process openbas-agent \| Where-Object { $_.Path -eq "[FOLDER_PATH]\openbas-agent.exe" } \| Stop-Process -Force`
`Start-Process "[FOLDER_PATH]\openbas-agent.exe"` | `$HOME\.openbas\OBASAgent-Session-[UserSanitized]`
OR
`$HOME\.openbas\OBASAgent-Session-Administrator-[UserSanitized]` | `$HOME\.openbas\OBASAgent-Session-[UserSanitized]\runtimes`
OR
`$HOME\.openbas\OBASAgent-Session-Administrator-[UserSanitized]\runtimes` | Stop the agent in background and "uninstall.exe" from the path folder | -| **Advanced installation as User (service)** | Enable the "Service Logon" policy (see above)
Terminal with admin privileges, replace params [USER] and [PASSWORD] in the
bash snippet and in the following commands by the username with domain and password wanted | Service: `sc` (with user and password in service conf) | Background, as soon as the machine powers on, with the user privilege and environment | `Get-Service -Name "OBASAgent-Service-[UserSanitized]"`
`Start-Service -Name "OBASAgent-Service-[UserSanitized]"`
`Stop-Service -Name "OBASAgent-Service-[UserSanitized]"` | `$HOME\.openbas\OBASAgent-Service-[UserSanitized]` | `$HOME\.openbas\OBASAgent-Service-[UserSanitized]\runtimes` | "uninstall.exe" from the path folder
Disable the "Service Logon" policy for the user (see above) | +| **Standard installation (session)** | Asset with GUI and terminal with standard privileges or admin privileges for the logged-in user | User session (standard privileges): start up app `WriteRegStr`
OR
User session (admin privileges): start up task `schtasks` | Background, only when user is logged in, with the user privilege from the powershell elevation and environment | `Get-Process openaev-agent \| Where-Object { $_.Path -eq "[FOLDER_PATH]\openaev-agent.exe" }`
`Get-Process openaev-agent \| Where-Object { $_.Path -eq "[FOLDER_PATH]\openaev-agent.exe" } \| Stop-Process -Force`
`Start-Process "[FOLDER_PATH]\openaev-agent.exe"` | `$HOME\.openaev\OBASAgent-Session-[UserSanitized]`
OR
`$HOME\.openaev\OBASAgent-Session-Administrator-[UserSanitized]` | `$HOME\.openaev\OBASAgent-Session-[UserSanitized]\runtimes`
OR
`$HOME\.openaev\OBASAgent-Session-Administrator-[UserSanitized]\runtimes` | Stop the agent in background and "uninstall.exe" from the path folder | +| **Advanced installation as User (service)** | Enable the "Service Logon" policy (see above)
Terminal with admin privileges, replace params [USER] and [PASSWORD] in the
bash snippet and in the following commands by the username with domain and password wanted | Service: `sc` (with user and password in service conf) | Background, as soon as the machine powers on, with the user privilege and environment | `Get-Service -Name "OBASAgent-Service-[UserSanitized]"`
`Start-Service -Name "OBASAgent-Service-[UserSanitized]"`
`Stop-Service -Name "OBASAgent-Service-[UserSanitized]"` | `$HOME\.openaev\OBASAgent-Service-[UserSanitized]` | `$HOME\.openaev\OBASAgent-Service-[UserSanitized]\runtimes` | "uninstall.exe" from the path folder
Disable the "Service Logon" policy for the user (see above) | | **Advanced installation as System (service)** | Terminal with admin privileges for the authority system user | Service: `sc` | Background, as soon as the machine powers on, with the root privilege and environment | `Get-Service -Name "OBASAgentService"`
`Start-Service -Name "OBASAgentService"`
`Stop-Service -Name "OBASAgentService"` | `C:\Program Files (x86)\Filigran\OBAS Agent` | `C:\Program Files (x86)\Filigran\OBAS Agent\runtimes` | "uninstall.exe" from the path folder | !!! note @@ -48,14 +48,14 @@ Depending on the OS, several installations are at your disposal, you can find th ### Linux -- Requirement → systemd, access to the OpenBAS instance used +- Requirement → systemd, access to the OpenAEV instance used - Compatibility → All systemd based linux distros | Installation mode | Installation | Installation type | Execution agent and payload | Verification/Start/Stop agent | Folder path | AV exclusions | Uninstallation | |:----------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------|:--------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------|:-----------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Standard installation (session)** | Asset with GUI and terminal with standard privileges for the logged-in user | User service: `systemctl --user` | Background, only when user is logged in, with the user privilege and environment | `systemctl --user enable openbas-agent-session`
`systemctl --user start openbas-agent-session`
`systemctl --user stop openbas-agent-session` | `$HOME/.local/openbas-agent-session` | `$HOME/.local/openbas-agent-session/runtimes ` | `systemctl --user stop openbas-agent-session & systemctl --user disable openbas-agent-session & systemctl --user daemon-reload & systemctl --user reset-failed & rm -rf $HOME/.local/openbas-agent-session` | -| **Advanced installation as User (service)** | Terminal with sudo privileges, replace params [USER] and [GROUP] in the bash
snippet and in the following commands by the username and group wanted | Service: `systemctl` (with user and group in service conf) | Background, as soon as the machine powers on, with the user privilege and environment | `systemctl enable [USER]-openbas-agent`
`systemctl start [USER]-openbas-agent`
`systemctl stop [USER]-openbas-agent` | `$HOME/.local/openbas-agent-service-[USER]` | `$HOME/.local/openbas-agent-service-[USER]/runtimes` | `sudo systemctl stop [USER]-openbas-agent & sudo systemctl disable [USER]-openbas-agent & sudo systemctl daemon-reload & sudo systemctl reset-failed & sudo rm -rf $HOME/.local/openbas-agent-service-[USER]` | -| **Advanced installation as System (service)** | Terminal with sudo privileges | Service: `systemctl` | Background, as soon as the machine powers on, with the root privilege and environment | `systemctl enable openbas-agent`
`systemctl start openbas-agent`
`systemctl stop openbas-agent` | `/opt/openbas-agent` | `/opt/openbas-agent/runtimes` | `sudo systemctl stop openbas-agent & sudo systemctl disable openbas-agent & sudo systemctl daemon-reload & sudo systemctl reset-failed & sudo rm -rf /opt/openbas-agent` | +| **Standard installation (session)** | Asset with GUI and terminal with standard privileges for the logged-in user | User service: `systemctl --user` | Background, only when user is logged in, with the user privilege and environment | `systemctl --user enable openaev-agent-session`
`systemctl --user start openaev-agent-session`
`systemctl --user stop openaev-agent-session` | `$HOME/.local/openaev-agent-session` | `$HOME/.local/openaev-agent-session/runtimes ` | `systemctl --user stop openaev-agent-session & systemctl --user disable openaev-agent-session & systemctl --user daemon-reload & systemctl --user reset-failed & rm -rf $HOME/.local/openaev-agent-session` | +| **Advanced installation as User (service)** | Terminal with sudo privileges, replace params [USER] and [GROUP] in the bash
snippet and in the following commands by the username and group wanted | Service: `systemctl` (with user and group in service conf) | Background, as soon as the machine powers on, with the user privilege and environment | `systemctl enable [USER]-openaev-agent`
`systemctl start [USER]-openaev-agent`
`systemctl stop [USER]-openaev-agent` | `$HOME/.local/openaev-agent-service-[USER]` | `$HOME/.local/openaev-agent-service-[USER]/runtimes` | `sudo systemctl stop [USER]-openaev-agent & sudo systemctl disable [USER]-openaev-agent & sudo systemctl daemon-reload & sudo systemctl reset-failed & sudo rm -rf $HOME/.local/openaev-agent-service-[USER]` | +| **Advanced installation as System (service)** | Terminal with sudo privileges | Service: `systemctl` | Background, as soon as the machine powers on, with the root privilege and environment | `systemctl enable openaev-agent`
`systemctl start openaev-agent`
`systemctl stop openaev-agent` | `/opt/openaev-agent` | `/opt/openaev-agent/runtimes` | `sudo systemctl stop openaev-agent & sudo systemctl disable openaev-agent & sudo systemctl daemon-reload & sudo systemctl reset-failed & sudo rm -rf /opt/openaev-agent` | !!! note @@ -63,14 +63,14 @@ Depending on the OS, several installations are at your disposal, you can find th ### MacOS - - Requirement → launchd, access to the OpenBAS instance used + - Requirement → launchd, access to the OpenAEV instance used - Compatibility → All launchd based MacOS distros (10.4 Tiger or higher) | Installation mode | Installation | Installation type | Execution agent and payload | Verification/Start/Stop agent | Folder path | AV exclusions | Uninstallation | |:----------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------------|:--------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------|:-------------------------------------------------------|:-----------------------------------------------------------------------------------------------------| -| **Standard installation (session)** | Asset with GUI and terminal with standard privileges for the logged-in user | User service: `launchctl user` | Background, only when user is logged in, with the user privilege and environment | `launchctl enable gui/$(id -u)/openbas-agent-session`
`launchctl bootstrap gui/$(id -u) ~/Library/LaunchAgents/openbas-agent-session.plist`
`launchctl bootout gui/$(id -u) ~/Library/LaunchAgents/openbas-agent-session.plist` | `$HOME/.local/openbas-agent-session` | `$HOME/.local/openbas-agent-session/runtimes` | `launchctl remove openbas-agent-session & rm -rf $HOME/.local/openbas-agent-session` | -| **Advanced installation as User (service)** | Terminal with sudo privileges, replace params [USER] and [GROUP] in the
bash snippet and in the following commands by the username and group wanted | Service: `launchctl user` (as agent, with user and group in service plist) | Background, as soon as the machine powers on, with the user privilege and environment | `launchctl enable gui/[USER-ID]/[USER]-openbas-agent`
`launchctl bootstrap gui/[USER-ID] /Library/LaunchAgents/[USER]-openbas-agent.plist`
`launchctl bootout gui/[USER-ID] ~/Library/LaunchAgents/[USER]-openbas-agent.plist` | `$HOME/.local/openbas-agent-service-[USER]` | `$HOME/.local/openbas-agent-service-[USER]/runtimes` | `sudo launchctl remove [USER]-openbas-agent & sudo rm -rf $HOME/.local/openbas-agent-service-[USER]` | -| **Advanced installation as System (service)** | Terminal with sudo privileges | Service: `launchctl system` | Background, as soon as the machine powers on, with the root privilege and environment | `launchctl enable system/openbas.agent`
`launchctl bootstrap system /Library/LaunchDaemons/openbas-agent.plist`
`launchctl bootout system/ ~/Library/LaunchDaemons/openbas-agent.plist` | `/opt/openbas-agent` | `/opt/openbas-agent/runtimes` | `sudo launchctl remove openbas-agent & sudo rm -rf /opt/openbas-agent` | +| **Standard installation (session)** | Asset with GUI and terminal with standard privileges for the logged-in user | User service: `launchctl user` | Background, only when user is logged in, with the user privilege and environment | `launchctl enable gui/$(id -u)/openaev-agent-session`
`launchctl bootstrap gui/$(id -u) ~/Library/LaunchAgents/openaev-agent-session.plist`
`launchctl bootout gui/$(id -u) ~/Library/LaunchAgents/openaev-agent-session.plist` | `$HOME/.local/openaev-agent-session` | `$HOME/.local/openaev-agent-session/runtimes` | `launchctl remove openaev-agent-session & rm -rf $HOME/.local/openaev-agent-session` | +| **Advanced installation as User (service)** | Terminal with sudo privileges, replace params [USER] and [GROUP] in the
bash snippet and in the following commands by the username and group wanted | Service: `launchctl user` (as agent, with user and group in service plist) | Background, as soon as the machine powers on, with the user privilege and environment | `launchctl enable gui/[USER-ID]/[USER]-openaev-agent`
`launchctl bootstrap gui/[USER-ID] /Library/LaunchAgents/[USER]-openaev-agent.plist`
`launchctl bootout gui/[USER-ID] ~/Library/LaunchAgents/[USER]-openaev-agent.plist` | `$HOME/.local/openaev-agent-service-[USER]` | `$HOME/.local/openaev-agent-service-[USER]/runtimes` | `sudo launchctl remove [USER]-openaev-agent & sudo rm -rf $HOME/.local/openaev-agent-service-[USER]` | +| **Advanced installation as System (service)** | Terminal with sudo privileges | Service: `launchctl system` | Background, as soon as the machine powers on, with the root privilege and environment | `launchctl enable system/openaev.agent`
`launchctl bootstrap system /Library/LaunchDaemons/openaev-agent.plist`
`launchctl bootout system/ ~/Library/LaunchDaemons/openaev-agent.plist` | `/opt/openaev-agent` | `/opt/openaev-agent/runtimes` | `sudo launchctl remove openaev-agent & sudo rm -rf /opt/openaev-agent` | !!! note @@ -92,27 +92,25 @@ Outbound rule ## Features -The main features of the OpenBAS Agent are: +The main features of the OpenAEV Agent are: -- Agent registration on the OpenBAS platform +- Agent registration on the OpenAEV platform The Agent is installed on the Asset using an agent-installer.exe file and runs as a service. - It communicates with the deployed OpenBAS instance in order to enroll the Asset. In some cases - like unsecured certificates or environment with proxy, the agent can't communicate with OpenBAS. - In order to fix those issues, look at "Network and security" chapter from [configuration](https://docs.openbas.io/latest/deployment/configuration) + It communicates with the deployed OpenAEV instance in order to enroll the Asset. In some cases + like unsecured certificates or environment with proxy, the agent can't communicate with OpenAEV. + In order to fix those issues, look at "Network and security" chapter from [configuration](https://docs.openaev.io/latest/deployment/configuration) to add the required attributes. - NB : An Asset can only have one OpenBAS agent installed thanks to a machine id calculated according - to the operating system and its parameters. If you try to install again an OpenBAS agent on a platform, it will - overwrite the actual one and you will always see one endpoint on the OpenBAS endpoint page. - -![Agent assets status](../administration/assets/agent_assets_status.png) + NB : An Asset can only have one OpenAEV agent installed thanks to a machine id calculated according + to the operating system and its parameters. If you try to install again an OpenAEV agent on a platform, it will + overwrite the actual one and you will always see one endpoint on the OpenAEV endpoint page. - Auto upgrade the Agent (on start-up and registration) - Retrieval of jobs to be executed - The Agent retrieves jobs to be executed from the OpenBAS instance every 30 seconds. + The Agent retrieves jobs to be executed from the OpenAEV instance every 30 seconds. For the moment, jobs are Implant to spawn and launch on the Asset, waiting to execute payloads of your Simulation's Injects. Each job execution logs is kept in a dedicated directory in order to have a trace of what happened (pid, executable). @@ -122,7 +120,7 @@ The main features of the OpenBAS Agent are: - Health check - The Agent pings the OpenBAS instance every 2 minutes to notify it of its healthy status. + The Agent pings the OpenAEV instance every 2 minutes to notify it of its healthy status. - Cleanup @@ -136,9 +134,9 @@ The main features of the OpenBAS Agent are: If you experience issues with your agent, the logs are available here (see the "Installation" section above to get the folder path) : -- Linux -> [FOLDER_PATH]/openbas-agent.log -- MacOS -> [FOLDER_PATH]/openbas-agent.log -- Windows -> [FOLDER_PATH]\openbas-agent.log +- Linux -> [FOLDER_PATH]/openaev-agent.log +- MacOS -> [FOLDER_PATH]/openaev-agent.log +- Windows -> [FOLDER_PATH]\openaev-agent.log If you see an error related to an inject not being executed, verify whether it was properly run by the agent. ![implant-troubleshooting](assets/agents/implant-troubleshooting.png) diff --git a/docs/usage/payloads/assets/payload-command-view.png b/docs/usage/payloads/assets/payload-command-view.png index 44834700..85ce538c 100644 Binary files a/docs/usage/payloads/assets/payload-command-view.png and b/docs/usage/payloads/assets/payload-command-view.png differ diff --git a/docs/usage/payloads/assets/payload-detection-remediation-view.png b/docs/usage/payloads/assets/payload-detection-remediation-view.png index f157405d..487730d8 100644 Binary files a/docs/usage/payloads/assets/payload-detection-remediation-view.png and b/docs/usage/payloads/assets/payload-detection-remediation-view.png differ diff --git a/docs/usage/payloads/assets/payload-general-view.png b/docs/usage/payloads/assets/payload-general-view.png index 9e94cd09..2922f671 100644 Binary files a/docs/usage/payloads/assets/payload-general-view.png and b/docs/usage/payloads/assets/payload-general-view.png differ diff --git a/docs/usage/payloads/assets/payload-output-parser-view.png b/docs/usage/payloads/assets/payload-output-parser-view.png index 822fec57..660695b5 100644 Binary files a/docs/usage/payloads/assets/payload-output-parser-view.png and b/docs/usage/payloads/assets/payload-output-parser-view.png differ diff --git a/docs/usage/payloads/payloads.md b/docs/usage/payloads/payloads.md index 3c01dda7..2edca230 100644 --- a/docs/usage/payloads/payloads.md +++ b/docs/usage/payloads/payloads.md @@ -1,6 +1,6 @@ # Payloads -In **OpenBAS**, payloads are key components used to build and customize injects. +In **OpenAEV**, payloads are key components used to build and customize injects. They allow you to enrich your scenarios with dynamic, reusable content tailored to various attack simulations. ## Payloads List View @@ -24,10 +24,10 @@ columns: Payloads can have one of the following statuses: - **Verified** ✅ - OpenBAS has tested the payload and confirmed it works as expected. + OpenAEV has tested the payload and confirmed it works as expected. - **Unverified** ⚠️ - The payload has not been tested by OpenBAS. It may or may not work. + The payload has not been tested by OpenAEV. It may or may not work. - **Deprecated** ❌ The original source has marked the payload as deprecated. It’s kept for reference, but functionality is not @@ -41,10 +41,10 @@ Each payload has a source indicating its origin: Submitted by external users. May vary in quality or coverage. - **Manual** ✍️ - Custom payload created within your OpenBAS instance. + Custom payload created within your OpenAEV instance. - **Filigran** 📦 - From the [official Filigran payload library](https://github.com/OpenBAS-Platform/payloads), curated and maintained by + From the [official Filigran payload library](https://github.com/OpenAEV-Platform/payloads), curated and maintained by Filigran. ## Create a Payload @@ -195,7 +195,7 @@ accessibility, detect issues, and simulate potential attacker behavior. Output Parsers allows processing the raw output from an execution. You can define rules to extract specific data from the output and link it to variables. -These variables can then be used for [chaining injects](../injects.md/#conditional-execution-of-injects). +These variables can then be used for [chaining injects](../inject-overview.md/#conditional-execution-of-injects). Currently, Output Parsers support: @@ -267,7 +267,7 @@ references next to each other). The final value of the field will be a compositi ## Use a Payload After creation, a new inject type will automatically appear in the inject types list if the implant you're using -supports it (the OpenBAS Implant does). +supports it (the OpenAEV Implant does). ![Payload creation dns](assets/payload-creation-dns.png) ![Payload to inject](assets/payload-to-inject.png) diff --git a/docs/usage/people.md b/docs/usage/people.md index a9efef3e..e372c420 100644 --- a/docs/usage/people.md +++ b/docs/usage/people.md @@ -2,13 +2,12 @@ Breach and Attack Simulation involves testing your security posture, and people are an essential part of it! -Players, teams, and organizations are where you organize the human aspect of your security posture within OpenBAS. These +Players, teams, and organizations are where you organize the human aspect of your security posture within OpenAEV. These entities are the targets for injects during your [simulations](simulation.md) and [atomic testings](atomic.md). ## Players -Players are the users that may take part into your scenarios, to be tested against attack or contextual events ( -i.e. [injects](injects.md)). +Players are the users that may take part into your scenarios, to be tested against attack or contextual events. Players can be created manually with the + button at the bottom right, but we encourage you to activate an integration allowing to import them from your IT environment, like with Microsoft Entra integration. @@ -55,6 +54,6 @@ Organization provides a straightforward method to segregate players and teams wi with an organization, even with the required rights to animate and planned scenarios and simulations, will never see players and teams from other organizations. -This feature can be particularly useful if you are using OpenBAS to plan and execute simulations for various companies +This feature can be particularly useful if you are using OpenAEV to plan and execute simulations for various companies or subsidiaries. diff --git a/docs/usage/playing.md b/docs/usage/playing.md deleted file mode 100644 index b4049153..00000000 --- a/docs/usage/playing.md +++ /dev/null @@ -1,5 +0,0 @@ -# Playing - -!!! tip "Under construction" - - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). diff --git a/docs/usage/rest-api.md b/docs/usage/rest-api.md index cf3e3416..0a51a66a 100644 --- a/docs/usage/rest-api.md +++ b/docs/usage/rest-api.md @@ -1,10 +1,10 @@ # REST API -OpenBAS provides a REST API, allowing users to perform various actions programmatically. The API enables users to interact with OpenBAS's functionality and data, offering a powerful tool for automation, integration, and customization. Any action available through the platform's graphical interface can also be executed via the API. +OpenAEV provides a REST API, allowing users to perform various actions programmatically. The API enables users to interact with OpenAEV's functionality and data, offering a powerful tool for automation, integration, and customization. Any action available through the platform's graphical interface can also be executed via the API. ## Authentication -Accessing the OpenBAS API requires authentication through standard mechanisms. To authenticate, users must include the following headers in their API requests: +Accessing the OpenAEV API requires authentication through standard mechanisms. To authenticate, users must include the following headers in their API requests: ```html @@ -16,4 +16,4 @@ Using the API key will provide you admin access. ## SwaggerUI -The OpenBAS API is documented using SwaggerUI, which provides an interactive interface for exploring the API's endpoints, parameters, and responses. The SwaggerUI is accessible at the following URL: [openbas url]:8080/swagger-ui/index.html +The OpenAEV API is documented using SwaggerUI, which provides an interactive interface for exploring the API's endpoints, parameters, and responses. The SwaggerUI is accessible at the following URL: [openaev url]:8080/swagger-ui/index.html diff --git a/docs/usage/scenario.md b/docs/usage/scenario.md index 6c431471..e5dcb405 100644 --- a/docs/usage/scenario.md +++ b/docs/usage/scenario.md @@ -21,7 +21,7 @@ NB: The selected dashboard will appear in the Analysis tab, but only for the sim ## Import scenarios from XTM Hub -XTM Hub provides access to a library of pre-built OpenBAS scenarios that you can import directly into your platform to quickly get started with realistic attack simulations. +XTM Hub provides access to a library of pre-built OpenAEV scenarios that you can import directly into your platform to quickly get started with realistic attack simulations. To import scenarios: @@ -57,7 +57,7 @@ In the "Definition" tab, you can add various elements to construct events: Once you have added all the elements you need, you can go to the "Injects" tab to begin to create the chain of events that will shape your scenario. -By clicking on the + button at the bottom right of the screen, you enter the [inject creation workflow](injects.md#Inject-creation-process). +By clicking on the + button at the bottom right of the screen, you enter the [inject creation workflow](inject-overview.md#inject-creation-process). ## Scenario Assistant diff --git a/docs/usage/scenario/assets/inject-scenario-openbas.png b/docs/usage/scenario/assets/inject-scenario-openaev.png similarity index 100% rename from docs/usage/scenario/assets/inject-scenario-openbas.png rename to docs/usage/scenario/assets/inject-scenario-openaev.png diff --git a/docs/usage/scenario/assets/scenario-assistant-drawer.png b/docs/usage/scenario/assets/scenario-assistant-drawer.png index 9d61cde3..1296e0e8 100644 Binary files a/docs/usage/scenario/assets/scenario-assistant-drawer.png and b/docs/usage/scenario/assets/scenario-assistant-drawer.png differ diff --git a/docs/usage/scenario/assets/scenario-assistant-injects.png b/docs/usage/scenario/assets/scenario-assistant-injects.png index 929e81fc..e030d480 100644 Binary files a/docs/usage/scenario/assets/scenario-assistant-injects.png and b/docs/usage/scenario/assets/scenario-assistant-injects.png differ diff --git a/docs/usage/scenario/assets/scenario-openbas.png b/docs/usage/scenario/assets/scenario-openaev.png similarity index 100% rename from docs/usage/scenario/assets/scenario-openbas.png rename to docs/usage/scenario/assets/scenario-openaev.png diff --git a/docs/usage/scenario/opencti_scenario.md b/docs/usage/scenario/opencti_scenario.md index 99176028..2f1c509c 100644 --- a/docs/usage/scenario/opencti_scenario.md +++ b/docs/usage/scenario/opencti_scenario.md @@ -2,7 +2,7 @@ Creating a [scenario](../scenario.md) can be a complex task, especially when aiming to build one that is meaningful and relevant to the specific threats facing your organization. To streamline this process and ensure that scenarios are -closely aligned with your threat landscape, you can leverage the integration between OpenCTI and OpenBAS. +closely aligned with your threat landscape, you can leverage the integration between OpenCTI and OpenAEV. This integration works across multiple entities: @@ -40,29 +40,29 @@ If you choose the **Technical (payloads)** simulation type, you will also need t ![simulation technical(payloads)](assets/octi-alert-technical.png) It’s essential to understand that a scenario creation for these entities relies on matching TTPs between OpenCTI and -OpenBAS. You’ll need to ensure that the TTPs in both platforms are aligned. For instance, if your report contains the -TTP T1059.001, a scenario can be created with an inject, provided OpenBAS also includes T1059.001. Otherwise, an +OpenAEV. You’ll need to ensure that the TTPs in both platforms are aligned. For instance, if your report contains the +TTP T1059.001, a scenario can be created with an inject, provided OpenAEV also includes T1059.001. Otherwise, an inject with a placeholder will be created instead for this TTP. -If these TTPs are not supported by OpenBAS, you will receive an alert listing the uncovered TTPs. +If these TTPs are not supported by OpenAEV, you will receive an alert listing the uncovered TTPs. ![ttps not covered obas](assets/octi-ttps-no-covered.png) -When generating a scenario from OpenCTI, a scenario is created in OpenBas and can be accessed from the scenarios screen. The +When generating a scenario from OpenCTI, a scenario is created in OpenAEV and can be accessed from the scenarios screen. The scenario name will include a reference to OpenCTI, indicating its origin. This scenario will automatically contain relevant sequences of injects based on the threat context identified in OpenCTI. -![Scenario OpenBAS](assets/scenario-openbas.png) +![Scenario OpenAEV](assets/scenario-openaev.png) -![Scenario OpenBAS](assets/inject-scenario-openbas.png) +![Scenario OpenAEV](assets/inject-scenario-openaev.png) -![Scenario OpenBAS](assets/inject-placeholder.png) +![Scenario OpenAEV](assets/inject-placeholder.png) However, it's important to review and potentially customize the scenario to ensure it meets your organization's specific requirements. Additionally, you'll need to select appropriate [targets](../targets.md) for the injects within the scenario. You can also configure default asset groups for the scenarios created from OpenCTI using the [Default Asset Groups](../default_asset_rules.md) page. -![Scenario OpenBAS](assets/inject-ttp.png) +![Scenario OpenAEV](assets/inject-ttp.png) Once you've finalized the scenario, you can schedule your simulation as you would do for any other scenarios. The overall results of the simulation will also be available directly within OpenCTI, providing insights into the threat context diff --git a/docs/usage/scenario_import.md b/docs/usage/scenario_import.md index 46c6ed53..d25884d6 100644 --- a/docs/usage/scenario_import.md +++ b/docs/usage/scenario_import.md @@ -1,10 +1,10 @@ # Importing Injects into a Scenario -Recreating a timeline of [injects](injects.md) that were already defined in a spreadsheet can be a frustrating task. To help users save time, we added the possibility to import injects as defined in an xls file into a [scenario](scenario.md). This is done via a two-steps process : [creating a mapper](#how-to-create-a-mapper) and [importing the xls file using the mapper](#how-to-import-injects-into-a-scenario-using-a-mapper). +Recreating a timeline of [injects](inject-overview.md) that were already defined in a spreadsheet can be a frustrating task. To help users save time, we added the possibility to import injects as defined in an xls file into a [scenario](scenario.md). This is done via a two-steps process : [creating a mapper](#how-to-create-a-mapper) and [importing the xls file using the mapper](#how-to-import-injects-into-a-scenario-using-a-mapper). ## How to create a mapper ? -First of all, to import [injects](injects.md) into a [scenario](scenario.md), you need to create a mapper. To do that, using an admin account, navigate to the Settings > Data ingestion page. You will then be able to see a list of all the mappers but also to create new ones by clicking on the "+" button on the bottom right of the screen. +First of all, to import [injects](inject-overview.md) into a [scenario](scenario.md), you need to create a mapper. To do that, using an admin account, navigate to the Settings > Data ingestion page. You will then be able to see a list of all the mappers but also to create new ones by clicking on the "+" button on the bottom right of the screen. ![List of Mappers](assets/mapper_screen.png) @@ -16,7 +16,7 @@ The first thing to define in this representation is the matching type in the xls ![Creating an xls mapper](assets/xls_mapper_example.png) -Once that is done, you can select the inject type among a list of [injects](injects.md) that are compatible with the xls import. When that selection is done, you will be able to set a column for each of the attribute that can be completed using the import. If you wish to set a default value you can do so by clicking the gear on the right side of the field. +Once that is done, you can select the inject type among a list of [injects](inject-overview.md) that are compatible with the xls import. When that selection is done, you will be able to set a column for each of the attribute that can be completed using the import. If you wish to set a default value you can do so by clicking the gear on the right side of the field. ### Properly setting the trigger time of the inject It should also be noted that the "Trigger Time" field has a second parameter that can be set using the gear button. It can be used to set a custom format for specific dates and or time to be interpreted. The complete format rules are available [here](https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html) but here is a very quick overview : @@ -59,6 +59,6 @@ If you click on the test button, you'll then be asked to choose a file. Once tha ## How to import injects into a scenario using a mapper ? -Once your mapper has been created, navigate to your [scenario](scenario.md) and then to the [injects](injects.md) tab. There, you will be able to click on an import button on the top right. +Once your mapper has been created, navigate to your [scenario](scenario.md) and then to the [injects](inject-overview.md) tab. There, you will be able to click on an import button on the top right. A modal will be opening, inviting you to select an .xls/.xlsx file. Once it has been selected, you can click on next. You will then be asked to choose the sheet to import out of the spreadsheet and to select the mapper to use. You will also be able to select the timezone to use for the import. Once everything is set, click on the launch import button and your injects will be imported into the current scenario ! -Please do not that if all the dates in the xls file are absolute time of the day (e.g. 9:30, 12:45, ...), it is required for the scenario to have a launch date set. \ No newline at end of file +Please do not that if all the dates in the xls file are absolute time of the day (e.g. 9:30, 12:45, ...), it is required for the scenario to have a launch date set. diff --git a/docs/usage/scenarios_and_simulations.md b/docs/usage/scenarios_and_simulations.md index 9bf4b708..fbe7b86e 100644 --- a/docs/usage/scenarios_and_simulations.md +++ b/docs/usage/scenarios_and_simulations.md @@ -1,10 +1,10 @@ # Scenarios and Simulations -In OpenBAS, the core concept to simulate attacks is based on the duo [Scenario](scenario.md) & [Simulation](simulation.md). +In OpenAEV, the core concept to simulate attacks is based on the duo [Scenario](scenario.md) & [Simulation](simulation.md). ## Scenarios -Scenario enable to translate a threat context, such as an attack or even a threat actor, into a meaningful sequence of events (referred to as [injects](injects.md)), which can be technical or non-technical. This chronology of events can be enriched with associated documents or media articles to simulate the environment surrounding them. +Scenario enable to translate a threat context, such as an attack or even a threat actor, into a meaningful sequence of events (referred to as [injects](inject-overview.md)), which can be technical or non-technical. This chronology of events can be enriched with associated documents or media articles to simulate the environment surrounding them. Within Scenarios, you also specify who participates, whether actual people (referred to as [Players](people.md)) or endpoints (referred to as [Assets](assets.md)). They will be the targets of the events representing the threat. diff --git a/docs/usage/simulation.md b/docs/usage/simulation.md index 93d38a0f..76142130 100644 --- a/docs/usage/simulation.md +++ b/docs/usage/simulation.md @@ -2,7 +2,7 @@ !!! tip "Under construction" - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). + We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenAEV-Platform/docs). When clicking on Simulations in the left menu, you access to the list of all Simulations ever launched in the platform. You can filter by tag (for example to only display simulation related to a specific threat actor) and sort them (chronologically, by status, etc.). @@ -46,7 +46,7 @@ The Animation screen of a Simulation is the place to follow the Simulation execu The Timeline screen is the overview of the Animation tab, to see ongoing injects. -The Mails screen is a way to manage email interaction with Players into the OpenBAS platform. +The Mails screen is a way to manage email interaction with Players into the OpenAEV platform. The Validation screen is the place to manually validate expectations of the Simulation to consolidate Results. @@ -65,7 +65,7 @@ In the Lesson Learned tab of a Simulation, you can manage the collection and con NB: The Analysis tab is shown if you have selected a dashboard for your simulation (during creating or updating). If you have selected a dynamic parameter "Simulation" for your dashboard and widgets, they will be calculated for this specific simulation. -The Analysis tab of a simulation is intended to enhance the data visualization and analytical capabilities of OpenBAS. +The Analysis tab of a simulation is intended to enhance the data visualization and analytical capabilities of OpenAEV. By incorporating specific widgets, users can gain deeper insights into the effectiveness of their simulations and security posture. This enhancement will provide users with contextualized, actionable intelligence, enabling them to make informed decisions to improve their security strategies. diff --git a/docs/usage/systems.md b/docs/usage/systems.md deleted file mode 100644 index a0ab5031..00000000 --- a/docs/usage/systems.md +++ /dev/null @@ -1,5 +0,0 @@ -# Systems - -!!! tip "Under construction" - - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). diff --git a/docs/usage/targets.md b/docs/usage/targets.md index d7e061c7..9e87e8f4 100644 --- a/docs/usage/targets.md +++ b/docs/usage/targets.md @@ -1,7 +1,7 @@ # Targets -When you are using an [Inject](injects.md), whether for [Atomic testing](atomic.md), [Scenario](scenario.md) or [Simulation](simulation.md), it's necessary to define the recipients, known as "targets", which could include [Players, Teams](people.md), [Assets (endpoints) or/and Asset groups](assets.md) it will be sent to. They are called "targets" of the inject. +When you are using an [Inject](inject-overview.md), whether for [Atomic testing](atomic.md), [Scenario](scenario.md) or [Simulation](simulation.md), it's necessary to define the recipients, known as "targets", which could include [Players, Teams](people.md), [Assets (endpoints) or/and Asset groups](assets.md) it will be sent to. They are called "targets" of the inject. Note that certain injects can't target assets, while others can't target players. For instance, the "Send individual mails" inject can only target players and teams, not assets. @@ -46,4 +46,4 @@ You can target [assets (endpoints) directly or asset groups](assets.md). In the When selecting an asset group to target, all assets (endpoints) within the group will be targeted by the inject. Each one will have to complete expectations. - \ No newline at end of file + diff --git a/docs/usage/testing.md b/docs/usage/testing.md deleted file mode 100644 index 5cd281d7..00000000 --- a/docs/usage/testing.md +++ /dev/null @@ -1,5 +0,0 @@ -# Testing - -!!! tip "Under construction" - - We are doing our best to complete this page. If you want to participate, don't hesitate to join the [Filigran Community on Slack](https://community.filigran.io) or submit your pull request on the [Github doc repository](https://github.com/OpenBAS-Platform/docs). diff --git a/mkdocs.yml b/mkdocs.yml index 217f0047..7260328c 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,11 +1,11 @@ -site_name: OpenBAS Documentation -site_description: Documentation about OpenBAS, the next-generation Breach & Attack Simulation platform. +site_name: OpenAEV Documentation +site_description: Documentation about OpenAEV, the next-generation Open Adversary Exposure Validation Platform. site_author: Filigran -site_url: https://docs.openbas.io -copyright: © 2024 Filigran. All rights reserved +site_url: https://docs.openaev.io +copyright: © 2025 Filigran. All rights reserved repo_name: GitHub -repo_url: https://github.com/OpenBAS-Platform/openbas -edit_uri: https://github.com/OpenBAS-Platform/docs/blob/main/docs/ +repo_url: https://github.com/OpenAEV-Platform/openaev +edit_uri: https://github.com/OpenAEV-Platform/docs/blob/main/docs/ # Theming theme: @@ -41,14 +41,14 @@ extra: generator: false social: - icon: fontawesome/brands/github - link: https://github.com/OpenBAS-Platform - - icon: fontawesome/brands/medium + link: https://github.com/OpenAEV-Platform + - icon: fontawesome/solid/book link: https://blog.filigran.io - icon: fontawesome/brands/slack link: https://community.filigran.io - icon: fontawesome/brands/linkedin link: https://linkedin.com/company/filigran - - icon: fontawesome/brands/twitter + - icon: fontawesome/brands/x-twitter link: https://twitter.com/FiligranHQ - icon: fontawesome/brands/facebook link: https://facebook.com/FiligranHQ @@ -60,7 +60,7 @@ plugins: canonical_version: latest - search - git-committers: - repository: OpenBAS-Platform/docs + repository: OpenAEV-Platform/docs branch: main - git-revision-date-localized: enable_creation_date: true @@ -121,11 +121,8 @@ nav: - Executors: deployment/ecosystem/executors.md - Injectors: deployment/ecosystem/injectors.md - Collectors: deployment/ecosystem/collectors.md - - Other resources: deployment/resources.md - Advanced: - Platform managers: deployment/managers.md - - Clustering: deployment/clustering.md - - Troubleshooting: deployment/troubleshooting.md - User Guide: - Getting started: usage/getting-started.md - Foundations: @@ -169,7 +166,7 @@ nav: - Caldera Injector: usage/inject-caldera.md - Collectors: - Overview: usage/collectors.md - - Agents: usage/openbas-agent.md + - Agents: usage/openaev-agent.md - Rest API: usage/rest-api.md - Administration: - Introduction: administration/introduction.md