Skip to content

Releases: OpenBAS-Platform/openbas

Version 1.0.0

13 May 12:58
@SamuelHassine SamuelHassine
1.0.0
cedad5f
This commit was signed with the committer’s verified signature.
SamuelHassine Samuel Hassine
GPG key ID: 966CA4FD74C31B9B
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.0.0 Latest
Latest

OpenBAS is finally out! 🎊 It is the first iteration of our new Breach and Attack simulation platform based on a profound improvement and restructuring of our previous Exercise planning platform, OpenEx. With OpenBAS, generate and manage your attack and crisis simulations, incorporate technical and contextual events together, and evaluate your security posture against real-world threats. 🛡️

OpenBAS is part of our eXtended Threats Management suite, and offer a strong integration with OpenCTI 🤝. Based on your qualified knowledge on threats in OpenCTI, you can generate OpenBAS’s simulations directly from OpenCTI and know if you are at risk facing them.

With OpenBAS, we want to include people skills into the equation. You can evaluate how your teams are responding to specific events, not only technical ones. It means you can include non-technical teams, like legal, crisis communication and so on into your security posture evaluation. 👥

Like OpenCTI, OpenBAS propose a python framework to help the Community to develop integrations with their own ecosystems. Executors (responsible for executing attacks), Injectors (responsible for injecting commands) and Collectors (responsible for collecting results and environment topography) helps you interact with your security environment and users. 🌐

OpenBAS simulations can be generated from templates, called Scenarios. Scenarios can be imported, created directly in the interface or even created automatically from OpenCTI. From them, you can scheduled recurring simulations to see the evolution of your security posture’s efficiency against a specific threat context. ⏰

Scenarios, thus Simulations, are composed of Injects: events simulating attacker actions and contextual situations. Each inject targets players or endpoints and you can define what is expected from them. From these expectations’ successes is calculated how your security posture is performing. 💯

In OpenBAS, results are broken down into three main metrics: Prevention, Detection, and Human response. It helps you quickly understand where are your strengths, and your weaknesses. 💪

You will find much more in OpenBAS, like atomic testing, media pressure simulations, technical Challenges, etc. We are eager to see you play with it and give us feedback! This iteration is a first of many! Stay tuned! 👋

Enhancements:

  • #292 Massive operations and filters in injects list
  • #703 Change expectations validation strategy with alert types in injectors/collectors
  • #508 Implement list numbers and change the export style button
  • #571 Design rework for major release and integration with OpenCTI
  • #562 OpenCTI integration for injecting case & incident
  • #642 Atomic testing
  • #646 Rework the Home screen
  • #771 [platform] Implement Ask IA capability
  • #561 New workflow for selecting Injects, based on ATT&CK matrices
  • #644 Concatenate results from recurring simulations and display Results in Scenario
  • #643 Rework of the Simulations list screen
  • #565 Rework of the Overview screen of a Simulation
  • #711 Rework of the Validation screen in Simulations
  • #620 Ability to launch recurring Simulations based on a Scenario
  • #622 Rename map server to map.openbas.io in config and in production
  • #505 Implement a global search across the platform
  • #510 Dynamic Asset Groups
  • #559 Enhance the load time of thousand of Objects in list
  • #507 Be able to customize theme in OpenEx
  • #482 Remove ckeditor mentions
  • #560 Rework of the left menu to correspond to new workflows
  • #231 Be able to customize sender email address of system messages (lost password, registration, etc.)
  • #563 Collector for Sentinel for catching inject and feeding expectations
  • #566 Modelize inject types / contract in the database
  • #569 Handle 404 properly within admin
  • #566 Modelize inject types / contract in the database
  • #513 Implement status for Caldera Agent
  • #555 Implement Scenarios
  • #511 Add technical expectations for Caldera injects
  • #268 Be able to modelize asset and group in the platform

Bug Fixes:

  • #270 Add a constraint on tag name uniqueness
  • #654 [Lessons Learned] for players the survey page does not load
  • #637 Migration to scenario and simulation break my exercise
  • #626 Disable / enable player in a team is not correctly handled
  • #614 Fix vite hmr on .js files
  • #576 Ensure uniqueness of email field when creating a user account
  • #573 I forgot my password display not look like a cliquable link
  • #515 No check on landline phone numbers in the players edition form

Pull Requests:

Read more

Contributors

richard-julien, SamuelHassine, and 9 other contributors
Assets 4