Version 1.18.0

Hello dear community! Time to celebrate ! The OpenBAS 1.18.0 is out ! Hope you will enjoy it! 🎉

✅ Vulnerability assessment

Do you want to know more about your vulnerabilities ? We are introducing CVE assessment of your assets through several features

• New finding type: CVE
• New taxonomy added for CVE
• Expectation on vulnerability

You can now scan potential vulnerabilities through our Nuclei injector and assess if your assets are exposed and on which CVEs.

Find the related documentation:

• https://docs.openbas.io/latest/usage/findings/
• https://docs.openbas.io/latest/administration/taxonomies/#cves-ee

Documentation for vulnerability expectation is in progress.

📚 Scenario library in the XTM Hub

You don’t know where to start ? We released a library of 10 ready-to-use Attack Scenarios you can import directly into your platform! These Scenarios are available into our XTM Hub! Access easily this library from the Scenario page in OpenBAS through the new “Import from Hub” button.

Find the available scenarios in the XTM Hub: https://hub.filigran.io/cybersecurity-solutions/open-bas-scenarios

🧶 AI for scenario assistant [EE]

Automatize even more the creation of your scenario with the help ArianeAI, our new AI assistant ! You can now upload a content such as a threat report that will be analyzed in back-end by Ariane in order to extract the relevant TTPs to cover your use case.

Find the related documentation: https://docs.openbas.io/latest/usage/scenario/#how-to-use-the-scenario-assistant

👍 Manual remediation for vulnerabilities and payloads

You don’t know how to fix your detection/prev? We are introducing the concept of remediation, you can add some to your CVE and payload manually and, spoiler, it’s the first step for more advanced remediation recommendation by AI. For the moment this will help us propose custom remediation to Filigran’s scenarios.

Find the related documentation:

• https://docs.openbas.io/latest/usage/atomic/#remediations-ee
• https://docs.openbas.io/latest/usage/findings/

♻️ End of Life categorization for assets

Get an overview of your assets’ health. In your asset page you can now flag assets that are in end of life, that way you will know which of your assets need to be replaced when some vulnerabilities are found.

Related documentation: In progress

📊 Analysis tab: Integration of custom dashboards in simulations

Read your simulation results through your own lense. You can now add a custom dashboard to your simulation and have your own custom view of the results !

Related documentation: In progress

📈 New custom dashboard widgets and new dimension

Additional widgets have been added to give you more freedom in your data visualizations:

• Horizontal bar
• Attack graph
• List

And the following dimension were added as well:

• Assets
• Vulnerable asset (Assets on which CVEs have been found)

📁 Manual payload import/export

Share the love, share the payloads ! You can now import and export your payloads and get more flexibility in your payload management.

Related documentation: In progress

🎯 Remote asset targeting

We improved our agentless injects such as nmap and CVE scans so you can now associate the findings to the targeted asset.

Related documentation: In progress

Enhancements:

• #3445 Update Teams enable state by default
• #3396 Add an "attack graph" widget
• #3330 Add reports tab into scenario/simulations
• #3171 Introduce remediation for technical inject
• #2885 Implement "list" widget

Bug Fixes:

• #3473 On pre-release, just displaying groups or players is throwing an internal error
• #3458 Not possible to add attachment to emails anymore in atomic testing
• #3454 Media pressure expectations cant be validated
• #3422 Caldera antivirus exclusion should not be displayed on OpenBAS agent and leads to confusion
• #3059 Convey "Ask AI" in text editors is an EE feature in the GUI

Pull Requests:

• [frontend] Update eslint monorepo to v9.28.0 (release/current) by @renovate[bot] in #3266
• [frontend] Update material-ui monorepo (release/current) by @renovate[bot] in #3265
• [frontend] Update dependency vitest to v3.2.1 (release/current) by @renovate[bot] in #3283
• [frontend] Update dependency react-hook-form to v7.57.0 (release/current) - autoclosed by @renovate[bot] in #3282
• [tool] Update docker.elastic.co/kibana/kibana Docker tag to v8.18.2 (release/current) by @renovate[bot] in #3235
• [tool] Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.18.2 (release/current) by @renovate[bot] in #3234
• [backend] fix empty group case by @MarineLeM in #3286
• [frontend] Update dependency ckeditor5 to v45.2.0 (release/current) by @renovate[bot] in #3287
• [backend] Update dependency com.diffplug.spotless:spotless-maven-plugin to v2.44.5 (release/current) by @renovate[bot] in #3289
• [backend] Update dependency com.opencsv:opencsv to v5.11.1 (release/current) by @renovate[bot] in #3290
• [frontend] Update dependency @stylistic/eslint-plugin to v4.4.1 (release/current) by @renovate[bot] in #3292
• [frontend] Update dependency @types/node to v22.15.29 (release/current) by @renovate[bot] in #3293
• [frontend] Update dependency @types/react to v19.1.6 (release/current) by @renovate[bot] in #3294
• [frontend] Update dependency @vitejs/plugin-react to v4.5.1 (release/current) by @renovate[bot] in #3295
• [frontend] Update dependency esbuild to v0.25.5 (release/current) by @renovate[bot] in #3296
• [frontend] Update dependency monocart-reporter to v2.9.20 (release/current) by @renovate[bot] in #3297
• [frontend] Update dependency react-router to v7.6.2 (release/current) by @renovate[bot] in #3298
• [frontend] Update dependency zod to v3.25.51 (release/current) by @renovate[bot] in #3299
• [frontend] Update Yarn to v4.9.2 (release/current) by @renovate[bot] in #3301
• [frontend] Update typescript-eslint monorepo to v8.33.1 (release/current) by @renovate[bot] in #3300
• [backend] Define a logic for saving structured outputs by @savacano28 in #3162
• [backend] Update dependency org.springframework.security:spring-security-crypto to v6.5.0 (release/current) by @renovate[bot] in #3204
• [frontend] Update dependency @types/react-dom to v19.1.6 (release/current) by @renovate[bot] in #3304
• [backend] Update dependency co.elastic.clients:elasticsearch-java to v8.18.2 (release/current) by @renovate[bot] in #3288
• [backend] Add logs to understand issue/2797 by @damgouj in #3306
• [backend/frontend] Allow test injects for no admin roles by @savacano28 in #3056
• [frontend] Total number of simulations and scenarios isn't updated wh… by @EmilieFo17 in #3302
• [DANGER] Update dependency swagger-typescript-api to v13.2.0 (swagger-typescript-api new version does not work on linux) (release/current) by @renovate[bot] in #3303
• [frontend] Update dependency remark-flexible-markers to v1.3.0 (release/current) by @renovate[bot] in #3314
• [backend] Update dependency io.opentelemetry:opentelemetry-bom to v1.51.0 (release/current) by @renovate[bot] in #3312
• [frontend] Update dependency @hookform/resolvers to v5.1.1 (release/current) by @renovate[bot] in #3324
• [frontend] Update typescript-eslint monorepo to v8.34.0 (release/current) - autoclosed by @renovate[bot] in #3325
• [backend] Update dependency io.opentelemetry.semconv:opentelemetry-semconv to v1.34.0 (release/current) by @renovate[bot] in #3339
• [backend] Update dependency io.hypersistence:hypersistence-utils-hibernate-63 to v3.10.0 (release/current) by @renovate[bot] in #3338
• [backend] Update dependency org.postgresql:postgresql to v42.7.6 (release/current) by @renovate[bot] in #3291
• [backend] Update dependency org.bouncycastle:bcpg-jdk18on to v1.81 (release/current) by @renovate[bot] in #3285
• [backend] dead code cleanup by @antoinemzs in #3322
• [frontend] Update dependency @mui/x-date-pickers to v8.5.1 (release/current) by @renovate[bot] in #3349
• [frontend] Update dependency @xyflow/react to v12.7.0 (release/current) - autoclosed by @renovate[bot] in #3347
• [backend] improve non-dynamic field in contract by @MarineLeM in #3344
• [frontend/backend] add ai assistant by @MarineLeM in #3305
• [frontend] Update dependency @types/node to v22.15.31 (release/current) by @renovate[bot] in #3357
• [frontend] Update dependency @mui/x-date-pickers to v8.5.2 (release/current) by @renovate[bot] in #3356
• [frontend] Update fontsource monorepo to v5.2.6 (release/current) by @renovate[bot] in #3373
• [frontend] Update dependency zod to v3.25.64 (release/current) by @renovate[bot] in #3372
• [backend] Update dependency io.swagger.core.v3:swagger-annotations-jakarta to v2.2.33 (release/current) by @renovate[bot] in #3361
• [frontend] Update eslint monorepo to v9.29.0 (release/current) by @renovate[bot] in #3360
• [frontend] Update dependency immutable to v5.1.3 (release/current) by @renovate[bot] in #3369
• [frontend] Update dependency axios to v1.10.0 (release/current) by @renovate[bot] in #3363
• [frontend] Update dependency react-hook-form to v7.58.0 (release/current) by @renovate[bot] in #3364
• [backend] Update dependency io.hypersistence:hypersistence-utils-hibernate-63 to v3.10.1 (release/current) by @renovate[bot] in #3365
• [frontend] Update dependency @types/react to v19.1.8 (release/current) by @renovate[bot] in #3366
• [frontend] Update dependency @vitejs/plugin-react to v4.5.2 (release/current) by @renovate[bot] in #3367
• [frontend] Update dependency monocart-reporter to v2.9.21 (release/current) by @renovate[bot] in #3370
• [frontend] Update dependency vitest to v3.2.3 (release/current) by @renovate[bot] in #3371
• [DANGER] Update dependency swagger-typescript-api to v13.2.2 (swagger-typescript-api new version does not work on linux) (release/current) by @renovate[bot] in #3348
• [backend] adding role/capa apis by @heditar in #3341
• [frontend] Fix dashboard layout update Issue/3090 by @heditar in #3351
• Indexing of fields in Elastic search by @RomuDeuxfois in #3382
• [backend] Issue/375 Role and Capa: follow up for PR #3341 by @heditar in #3386
• [frontend] bad status in simulation list (#3238) by @EmilieFo17 in #3384
• [frontend] missing translation (#3378) by @EmilieFo17 in #3397
• [backend] Update finding values for cve type by @savacano28 in #3355
• [frontend] Review scrollbar color with theme dark (#3092) by @EmilieFo17 in #3326
• [frontend/backend] add asset payload argument by @MarineLeM in #3390
• [frontend] missing translation (#3378) by @EmilieFo17 in #3401
• [frontend] Update dependency eslint-plugin-import to v2.32.0 (release/current) by @renovate[bot] in #3402
• [backend] Update dependency io.swagger.core.v3:swagger-annotations-jakarta to v2.2.34 (release/current) by @renovate[bot] in #3403
• [backend] Update dependency org.postgresql:postgresql to v42.7.7 (release/current) by @renovate[bot] in #3404
• [backend] Update dependency org.springframework.security:spring-security-crypto to v6.5.1 (release/current) by @renovate[bot] in #3405
• [frontend] Update dependency @dagrejs/dagre to v1.1.5 (release/current) by @renovate[bot] in #3407
• [frontend] Update dependency @vitest/eslint-plugin to v1.2.7 (release/current) by @renovate[bot] in #3409
• [frontend] Update dependency @types/node to v22.15.32 (release/current) by @renovate[bot] in #3408
• [frontend] Update dependency react-hook-form to v7.58.1 (release/current) by @renovate[bot] in #3410
• [frontend] Update dependency vitest to v3.2.4 (release/current) by @renovate[bot] in #3411
• [frontend] Update material-ui monorepo (release/current) by @renovate[bot] in #3413
• [DANGER] Update dependency swagger-typescript-api to v13.2.3 (swagger-typescript-api new version does not work on linux) (release/current) by @renovate[bot] in #3406
• [frontend] Clear store on logout (#1807) by @guillaumejparis in #3323
• [frontend] update shema validator user form (#3247) by @EmilieFo17 in #3400
• Add attack pattern filter on inject results by @RomuDeuxfois in #3398
• Add permission logic Issue/375 by @heditar in #3433
• [backend/frontend] Add CVE entity by @savacano28 in #3392
• [backend/frontend] Add EoL field on endpoints by @Dimfacion in #3389
• [backend] RBAC: added missing api to add role to group by @heditar in #3438
• [backend] RBAC: updated RoleApi to use Capability enum Issue/375 follow up 3 by @heditar in #3441
• [backend] RBAC: allow read on team/player for all the users by @heditar in #3451
• [Improvement] Fix display drone runner host by @efaure in #3452
• [backend/frontend] Add horizontal bar by @RomuDeuxfois in #3432
• [backend] Link Finding to targeted asset by @MarineLeM in #3430
• [backend/frontend] Implement Import/Export Payloads (#1934) by @SamuelHassine in #3428
• [backend] Handle more simple import of payloads for testing by @SamuelHassine in #3480
• [frontend] Handle not standard TTPs in security coverage by @RomuDeuxfois in #3439
• [frontend/backend] Implement a basic list widget (display a flat entity) (#2885) by @antoinemzs in #3393
• Fix wrong TTPs indexation on inject expectation by @RomuDeuxfois in #3449
• [backend/frontend] Add denormalised Vulnerable Endpoint dimension with computed columns (#2885) by @antoinemzs in #3447
• [backend] Change attack pattern representative by @RomuDeuxfois in #3498
• [frontend/backend] Proper display of vulnerable endpoint dimension in list widget (#2885) by @antoinemzs in #3499
• [backend/frontend] Refact finding views (#3381) by @savacano28 in #3424
• Add reports tab into scenario/simulations (#3330) by @RomuDeuxfois in #3497
• [backend] Add logs to updateFinalInjectStatus to debug by @damgouj in #3529
• [backend|frontend]Add vulnerability expectation (#3352) by @johanah29 in #3490
• [backend/frontend] Add detection Remediation by @savacano28 in #3500
• [frontend/backend] Misc fixes for List Widget by @antoinemzs in #3521
• [backend] Effective binding of dashboard params in entities endpoint (#3330) by @antoinemzs in #3546
• Custom dashboard improvment by @RomuDeuxfois in #3534
• [frontend] Fix findings ui by @savacano28 in #3543
• [frontend] remove limit input for security coverage widget (#3340) by @guillaumejparis in #3542
• [frontend] bugfix The drawer isn’t the same size as the screen, so t… by @EmilieFo17 in #3549
• Bugfix/limit horizontal bar by @EmilieFo17 in #3541
• [frontend/backend] add widget attack path by @MarineLeM in #3520
• [backend] fix counts for active agents (#2885) by @antoinemzs in #3555
• [frontend] select at least one dimension widget by @MarineLeM in #3557
• [backend/frontend] Fix limit 0 by @RomuDeuxfois in #3530
• [backend] Index simulation (minimal step) by @RomuDeuxfois in #3544
• [backend/frontend] Fix vulnerabilities expectation by @savacano28 in #3548
• [frontend] choose simulation and filter series to go on step 3 by @MarineLeM in #3558
• [frontend] Translate the columns from entities in list column selection (#2885) by @antoinemzs in #3553
• [frontend] fix update simulation on attack path widget by @MarineLeM in #3559
• [backend] add test coverage for entities param binding functionality (#3330) by @antoinemzs in #3551
• [backend] Fix es error "mapping set to strict" by @damgouj in #3561
• [backend] fix organization raw interface (#3473) by @guillaumejparis in #3567
• [frontend] fix legend on widget by @MarineLeM in #3562
• [frontend] reduce gap between columns by @MarineLeM in #3564
• [backend] only index CVE findings for vulnerable endpoints (#2885) by @antoinemzs in #3566
• [frontend] Click enabled in horizontal bar only for simulation selected by @damgouj in #3568
• [frontend] Add styled popover for overflowing elements (#2885) by @antoinemzs in #3563
• [frontend] display arrow only when mouse over the node - widget attac… by @MarineLeM in #3570
• Issue/3550 by @impolitepanda in #3552
• [backend] Add method to enable player in team (#3445) by @camrrx in #3554
• [frontend] Add method to enable player in team (#3445) by @camrrx in #3577
• [backend/frontend] add filters for agent/asset/group on expectation dimension with custom operators (#3340) by @antoinemzs in #3573
• [backend] Fix payload import by @savacano28 in #3565
• [frontend] fix for add anchor in horizontal bar chart click by @EmilieFo17 in #3579
• [frontend] do not render edges at all if there are not part of the attack path by @guillaumejparis in #3575
• [frontend] Remove exclusion from obas agent installation by @savacano28 in #3580
• [frontend] Add documents in injects by @savacano28 in #3584
• [frontend] Update behavoir for Ask AI considering EE by @savacano28 in #3581
• [frontend/backend] can add and remove manual/challenge/article expect… by @MarineLeM in #3569
• [backend] Fix import payload (#3171) by @savacano28 in #3592
• [backend] fix es synchro on inject by @MarineLeM in #3596

New Contributors:

• @camrrx made their first contribution in #3554

Full Changelog: 1.17.3...1.18.0