Skip to content

Version 1.16.0

Choose a tag to compare

View all tags
@Filigran-Automation Filigran-Automation released this 05 May 09:46
· 1730 commits to master since this release
1.16.0
5be3526
This commit was signed with the committer’s verified signature.
Filigran-Automation Filigran Automation
GPG key ID: C708FDB840E80D34
Verified
Learn about vigilant mode.

💡Hello dear community! We are thrilled to announce the release of OpenBAS 1.16.0! 🎉

🚨 Major Update – Custom Dashboard & Security Coverage Widget (CE)

We’re rolling out a major update with the introduction of custom dashboards, enabling full customization of your data visualizations using common widgets (pie charts, bar charts, line charts), as well as a new BAS-focused widget: Security Coverage. This widget offers a comprehensive view of your security posture, displaying coverage by TTP directly on a MITRE ATT&CK matrix. Additional widgets will be released in upcoming iterations.

⚠️ Important Notice: This feature requires the deployment of Elasticsearch. If Elasticsearch is not properly configured, OpenBAS may stop functioning. Please ensure your environment is prepared accordingly.

Documentation: https://docs.openbas.io/latest/usage/dashboards/custom-dashboards/custom-dashboards/?h=custom

📬Alerting Capacity (CE)

A brand-new alerting feature has been added! Now, users can receive email notifications when there’s a decrease in either prevention or detection during two consecutive simulations of a scenario.

Documentation: coming soon

🔒 Enterprise Edition Lock (EE)

Following in the footsteps of OpenCTI, we’re introducing an Enterprise Edition lock. This will protect access to the following EE features:

⚙️ CrowdStrike Executor Improvement (EE)

The CrowdStrike Executor has been significantly improved to avoid being detected by its own processes. Additionally, API interactions have been optimized for better performance.

Documentation: https://docs.openbas.io/latest/deployment/ecosystem/executors/#upload-openbas-scripts

🕵️ Findings (CE)

A powerful new feature called Findings is now available! This tab will highlight security risks identified through OpenBAS, such as IP addresses, credentials, CVEs, and more. This helps you better understand the capabilities of a threat and track risks more easily.

Findings are based on Output Parsers which will run Regex to your execution details.

Documentation:

Performance Improvements (CE)

We’ve started a large-scale performance improvement initiative. This is just the beginning, and we’re committed to making the platform faster and more scalable.

🔧 Bug Fixes & Enhancements: 🛠️

As always, this release includes several important bug fixes and improvements to ensure the platform runs smoothly and efficiently.

This release also includes lots of bug fixes and UI improvements. Here is the complete list:

Enhancements:

  • #2965 [backend] Introduce inject targets search endpoint
  • #2884 Implement "vertical bar" widget
  • #2883 Implement "Line" widget
  • #2868 Download OpenBAS implant with correct architecture for CS agent
  • #2838 Implementation of the EE lock
  • #2833 Bring execution traces at asset/agent level
  • #2808 Ability to be alerted on the differences between 2 simulation’s expecations results on my scheduled scenario
  • #2793 Improve redux selector to avoid performances issues when we have a lot of events in the stream
  • #2776 Have a MITRE matrix Coverage widget in our custom dashboard
  • #2730 Ability to add Salt Typhoon scenario executable
  • #2682 Implement elastic search in OBAS
  • #2332 Implement custom dashboard (CRUD)

Bug Fixes:

  • #3084 Improve IP/MAC list display in endpoint view
  • #3000 Inject export TTP link to UUID and not TTP ID
  • #2986 tags for challenges are misleading and useless
  • #2982 The layout in the List of injects in simulation/scenario is not correct
  • #2961 Error on chaining injects traces
  • #2960 Error on export inject
  • #2801 Inject still in pending state if implant is killed
  • #2572 Inject form not correctly updated when selecting another inject type
  • #2569 Ask AI icon is floating around in rich text editor
  • #2531 Use standard "-" for the absence of target
  • #2524 Kill chain phase should be "-", instead of Unknown, as part of our standards when fields are empty
  • #1882 Can't stop an atomic testing in unusual status

Pull Requests:

  • [frontend] add output in payload form - chunk # 4 by @MarineLeM in #2790
  • [frontend] Update dependency tss-react to v4.9.16 (release/current) by @renovate in #2817
  • [frontend] Update dependency react-router to v7.4.1 (release/current) by @renovate in #2816
  • [frontend] Update dependency mdi-material-ui to v7.9.4 (release/current) by @renovate in #2815
  • [frontend] Update dependency react-hook-form to v7.55.0 (release/current) by @renovate in #2811
  • Bump vite from 6.2.3 to 6.2.4 in /openbas-front by @dependabot in #2834
  • [frontend] Update Yarn to v4.8.1 (release/current) by @renovate in #2810
  • [frontend] Update react monorepo to v19.1.0 (release/current) by @renovate in #2812
  • [backend] Update dependency io.hypersistence:hypersistence-utils-hibernate-63 to v3.9.9 (release/current) by @renovate in #2813
  • [backend] Ability to spawn an OpenBAS implant with Crowdstrike by @guillaumejparis in #2807
  • [frontend] Update material-ui monorepo (release/current) by @renovate in #2814
  • [backend] Improve Crowdstrike executor by @damgouj in #2760
  • [backend] Add extraction findings - chunk #3 by @savacano28 in #2720
  • [backend] Update dependency io.opentelemetry.semconv:opentelemetry-semconv to v1.32.0 (release/current) by @renovate in #2851
  • [backend] Update dependency org.springframework.security:spring-security-crypto to v6.4.4 (release/current) - autoclosed by @renovate in #2852
  • [frontend/bakend] display outputparser in payload info tab - chunk #5 by @MarineLeM in #2843
  • [frontend]Add top space in injector contract form by @johanah29 in #2791
  • [frontend] Fix layout endpoint list by @savacano28 in #2856
  • [frontend] Add loader in paginated list by @johanah29 in #2809
  • [frontend] adapt theme as opencti by @MarineLeM in #2857
  • Missing exception propagation by @impolitepanda in #2859
  • [frontend] add an alert on atomic testing page when request in error (#2818) by @guillaumejparis in #2835
  • [frontend] create reusable component for findings list by @MarineLeM in #2858
  • [frontend] Update dependency @vitest/eslint-plugin to v1.1.39 (release/current) by @renovate in #2866
  • [frontend] Update dependency @types/node to v22.14.0 (release/current) by @renovate in #2862
  • [frontend] Update dependency @testing-library/react to v16.3.0 (release/current) by @renovate in #2861
  • [frontend] Update react monorepo (release/current) by @renovate in #2864
  • [frontend] Update dependency vitest to v3.1.1 (release/current) by @renovate in #2863
  • [frontend] Update typescript-eslint monorepo to v8.29.0 (release/current) by @renovate in #2865
  • [frontend] Update material-ui monorepo to v7 (release/current) (major) by @renovate in #2785
  • [backend] Update dependency io.opentelemetry:opentelemetry-bom to v1.49.0 (release/current) by @renovate in #2877
  • [frontend] Update dependency react-router to v7.5.0 (release/current) by @renovate in #2878
  • [backend] Update dependency io.pyroscope:agent to v0.18.1 (release/current) by @renovate in #2880
  • [frontend] Update eslint monorepo to v9.24.0 (release/current) - autoclosed by @renovate in #2879
  • [backend] Update dependency org.jacoco:jacoco-maven-plugin to v0.8.13 (release/current) by @renovate in #2881
  • [backend] Ability to call CrowdStrike in batch for payload execution by @damgouj in #2846
  • [backend] Add flyway validator to avoid same version at runtime by @RomuDeuxfois in #2827
  • [backend] Fix creation findings with filtering by inject, asset and value by @savacano28 in #2886
  • [backend] Update apache-poi monorepo to v5.4.1 (release/current) by @renovate in #2890
  • [frontend] Update dependency cronstrue to v2.58.0 (release/current) by @renovate in #2889
  • [backend] Update dependency io.swagger.core.v3:swagger-annotations-jakarta to v2.2.30 (release/current) by @renovate in #2892
  • [backend] Update dependency com.diffplug.spotless:spotless-maven-plugin to v2.44.4 (release/current) by @renovate in #2891
  • [frontend] Update dependency @vitest/eslint-plugin to v1.1.40 (release/current) by @renovate in #2899
  • [frontend] Update dependency cronstrue to v2.59.0 (release/current) by @renovate in #2897
  • [frontend] Update dependency dompurify to v3.2.5 (release/current) by @renovate in #2900
  • [backend] Filter Tanium assets from Tanium API to get only "active" assets by @damgouj in #2874
  • [backend/frontend] Add Pagination to the assets list on managing assets on Assets group screen (#2787) by @johanah29 in #2848
  • [frontend] Adjust spacing in inject creation form by @johanah29 in #2806
  • [frontend] Update Yarn to v4.9.0 (release/current) by @renovate in #2909
  • [frontend] Update dependency @types/react-dom to v19.1.2 (release/current) by @renovate in #2910
  • [frontend] Update dependency esbuild to v0.25.2 (release/current) by @renovate in #2911
  • Update a simulation loose the automated trigger by @RomuDeuxfois in #2915
  • [frontend] Update dependency http-proxy-middleware to v3.0.5 (release/current) by @renovate in #2919
  • [frontend] Update dependency html-react-parser to v5.2.3 (release/current) by @renovate in #2918
  • [frontend] Update dependency @vitest/eslint-plugin to v1.1.42 (release/current) by @renovate in #2920
  • [frontend] Update route for parameter #2871 by @EmilieFo17 in #2917
  • [backend] Try to fix "inject too old" by @damgouj in #2922
  • [backend] Fix CS register interval for inactive agents by @damgouj in #2926
  • [frontend] Update dependency swagger-typescript-api to v13.1.1 (release/current) by @renovate in #2942
  • [frontend] Update dependency jsdom to v26.1.0 (release/current) by @renovate in #2941
  • [frontend] Update dependency @faker-js/faker to v9.7.0 (release/current) by @renovate in #2940
  • [frontend] Update dependency @xyflow/react to v12.5.5 (release/current) by @renovate in #2943
  • [frontend] Update dependency eslint-plugin-react to v7.37.5 (release/current) by @renovate in #2912
  • [frontend] Update dependency i18n-auto-translation to v2.1.3 (release/current) by @renovate in #2944
  • [backend/frontend] Introduce enterprise edition licensing by @richard-julien in #2850
  • [frontend] Update dependency express to v5 (release/current) by @renovate in #2938
  • [frontend] Improve redux selector to avoid performances issues when we have a lot of events in the stream (#2793) by @guillaumejparis in #2829
  • [frontend] Update Yarn to v4.9.1 (release/current) by @renovate in #2952
  • [frontend]: hover effect on bottom border in all list (#2825) by @EmilieFo17 in #2925
  • [frontend] Update dependency @types/react to v19.1.2 (release/current) by @renovate in #2954
  • [frontend] Update dependency monocart-coverage-reports to v2.12.4 (release/current) by @renovate in #2956
  • [frontend] Update dependency @xyflow/react to v12.5.6 (release/current) by @renovate in #2955
  • [frontend]: Ask AI icon is floating around in rich text editor (#2569) by @EmilieFo17 in #2928
  • [frontend] Introduce tab control to Targets panel in inject details c… by @EmilieFo17 in #2963
  • [frontend] fix delete in redux store (#2793) by @guillaumejparis in #2962
  • [frontend] Inject expectation:No have a pointer cursor when I don’t have any results (#2841) by @EmilieFo17 in #2924
  • [frontend] refacto design eeDialog by @MarineLeM in #2923
  • [frontend] Update dependency @vitejs/plugin-react to v4.4.0 (release/current) by @renovate in #2974
  • [frontend] Update dependency zod to v3.24.3 (release/current) by @renovate in #2990
  • [frontend] Update dependency vite to v6.3.1 (release/current) by @renovate in #2989
  • [backend] Adapt the backend and frontend to include findings at all levels: platform, scenario, simulation, and endpoint by @savacano28 in #2855
  • [backend] Fix migration findings by @savacano28 in #2991
  • [backend] Ability to be alerted on the differences between 2 simulation’s expecations results on my scheduled scenario Issue/2808 by @heditar in #2967
  • [frontend] Update dependency @playwright/test to v1.52.0 (release/current) by @renovate in #2996
  • [frontend] Add condition for the display of attack command by @johanah29 in #2780
  • [frontend] Update dependency react-hook-form to v7.56.0 (release/current) by @renovate in #3005
  • [frontend] Update dependency vite to v6.3.2 (release/current) by @renovate in #3014
  • [frontend] Update dependency react-router to v7.5.1 (release/current) by @renovate in #3013
  • [frontend] Update dependency eslint-plugin-react-refresh to v0.4.20 (release/current) by @renovate in #3011
  • [frontend] Update dependency @vitest/eslint-plugin to v1.1.43 (release/current) by @renovate in #3010
  • [backend] Update dependency org.springframework.security:spring-security-crypto to v6.4.5 (release/current) by @renovate in #3008
  • [frontend] Update dependency i18n-auto-translation to v2.2.0 (release/current) by @renovate in #3002
  • [frontend] Update eslint monorepo to v9.25.1 (release/current) by @renovate in #3006
  • [frontend] Update typescript-eslint monorepo to v8.31.0 (release/current) by @renovate in #3007
  • [frontend] Update dependency @vitejs/plugin-react to v4.4.1 (release/current) by @renovate in #3009
  • [frontend] Update dependency vitest to v3.1.2 (release/current) by @renovate in #3015
  • [frontend] Update dependency react-intl to v7.1.11 (release/current) by @renovate in #3012
  • [backend] Added bulk create expectation traces endpoint by @impolitepanda in #2945
  • [frontend] Update dependency @xyflow/react to v12.6.0 (release/current) by @renovate in #3001
  • [backend] Error on chaining injects traces by @damgouj in #3018
  • [frontend] Use standard - for the absence of target (#2531) by @EmilieFo17 in #2999
  • [backend] Update dependency org.apache.commons:commons-collections4 to v4.5.0 (release/current) by @renovate in #3019
  • [frontend] Update dependency eslint-import-resolver-oxc to v0.13.2 (release/current) by @renovate in #3021
  • [frontend] Update dependency esbuild to v0.25.3 (release/current) by @renovate in #3020
  • [frontend] Add missing translations by @antoinemzs in #3025
  • Custom Dashboard by @RomuDeuxfois in #2701
  • [backend] add garbage collector on pending injects by @MarineLeM in #3017
  • [backend/frontend] Fix pagination on asset group management by @RomuDeuxfois in #2916
  • [backend] NotifcationEvent logic Issue/2808 by @heditar in #3003
  • [backend] Search endpoint for filtering+paginating Asset Group targets for Inject by @antoinemzs in #2966
  • [frontend] Update dependency apexcharts to v4.6.0 (release/current) by @renovate in #3004
  • [tool] Update rabbitmq Docker tag to v4.1 (release/current) by @renovate in #2975
  • [backend/frontend] Manage architecture for OpenBAS implant by @damgouj in #2908
  • [backend] called hook-related code at the top level by @MarineLeM in #3031
  • Add retry on ElasticDriver by @RomuDeuxfois in #3028
  • [backend] Update dependency co.elastic.clients:elasticsearch-java to v8.18.0 (release/current) by @renovate in #3039
  • [frontend] Update dependency @mui/x-date-pickers to v7.29.1 (release/current) by @renovate in #3040
  • Bump react-router from 7.4.0 to 7.5.2 in /openbas-front by @dependabot in #3038
  • [backend] Fix/docker compose elastic for mac m4 by @impolitepanda in #3045
  • [backend/frontend] Pagination on inject overview for TEAMS by @damgouj in #3041
  • [frontend] Update dependency axios to v1.9.0 (release/current) by @renovate in #3048
  • [frontend] Update dependency apexcharts to v4.7.0 (release/current) by @renovate in #3047
  • [tool] Update Node.js to v22.15.0 (release/current) by @renovate in #3049
  • [frontend] Update dependency monocart-reporter to v2.9.18 (release/current) by @renovate in #3050
  • [frontend] Update dependency pdfmake to v0.2.19 (release/current) by @renovate in #3051
  • [frontend] Update dependency react-router to v7.5.2 (release/current) by @renovate in #3052
  • [frontend] Update dependency vite to v6.3.3 (release/current) by @renovate in #3053
  • [backend] fix: macos is sometimes called mac in tanium by @impolitepanda in #3057
  • [backend] Unproxy asset for simulation with CS executor by @damgouj in #3058
  • [frontend] Update dependency ckeditor5 to v45 (release/current) by @renovate in #2937
  • [frontend] fix selector by @guillaumejparis in #3023
  • Issue/2565 by @EmilieFo17 in #3044
  • [tools] Update template pr github by @savacano28 in #3037
  • [tool] Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.18.0 (release/current) by @renovate in #3069
  • [tool] Update docker.elastic.co/kibana/kibana Docker tag to v8.18.0 (release/current) by @renovate in #3070
  • [frontend] Store mitre matrix user preference by @RomuDeuxfois in #3067
  • [frontend] Fix finding padding & access import by @RomuDeuxfois in #3066
  • [backend] fix: broken deprecated method to store unique expectation t… by @impolitepanda in #3054
  • Issue/2572 by @EmilieFo17 in #3046
  • [backend] Fix proxy hibernate for assets to endpoints by @damgouj in #3072
  • [backend] fix TTP inside inject export by @MarineLeM in #3033
  • [frontend] Fix Preview lesson learned by @damgouj in #3073
  • [backend/frontend] Bring execution traces at asset/agent level by @savacano28 in #2976
  • [frontend|backend]Ability to be alerted on the differences between 2 simulation’s expecations results by @johanah29 in #2950
  • [frontend] Update dependency @types/node to v22.15.3 (release/current) by @renovate in #3079
  • [backend] Update dependency io.hypersistence:hypersistence-utils-hibernate-63 to v3.9.10 (release/current) by @renovate in #3078
  • [frontend] create ChallengeCard component by @MarineLeM in #3043
  • [frontend] Fix pie chart dashboard (#2833) by @savacano28 in #3081
  • [frontend] Fix undefined executor (#2838) by @savacano28 in #3080
  • [backend] Fix simulation to scenario grants by @RomuDeuxfois in #3055
  • [frontend] enable feature flag for target pagination (#2663) by @antoinemzs in #3086
  • [frontend] Add scroll bar to list of ips/mac in the endpoint overview by @savacano28 in #3085
  • [backend/frontend] Improve findings filter options (#2686) by @savacano28 in #3071
  • [frontend] fix theme selector (#2793) by @guillaumejparis in #3083
  • [backend] import output parser by @MarineLeM in #3077
  • Add custom dashboard header by @RomuDeuxfois in #3089
  • Bump vite from 6.2.6 to 6.2.7 in /openbas-front by @dependabot in #3095
  • [frontend] Update dependency @types/react-dom to v19.1.3 (release/current) by @renovate in #3096
  • [frontend] Update dependency i18n-auto-translation to v2.2.1 (release/current) by @renovate in #3097
  • [frontend] Add links to scenarios, simulations, injects in findings (#2547) by @savacano28 in #3088
  • [frontend] Improve header and response pie style in inject overview (#1984) by @guillaumejparis in #3094
  • [backend] Fix link findings/scenarios by @Dimfacion in #3102
  • Bugfix/filters by @RomuDeuxfois in #3103

New Contributors:

Full Changelog: 1.15.2...1.16.0

Contributors

richard-julien, renovate, and 12 other contributors
Assets 4
Loading