Version 1.5.1

Bug Fixes:

• #1398 Teams creation does not work
• #1392 Moving an inject deletes it's content
• #1388 Launching payload with Atomic Testing on Linux is not working

Full Changelog: 1.5.0...1.5.1

Version 1.5.0

Hello dear community! The OpenBAS 1.5.0 is out ! Hope you will enjoy it! 🚀

Interactive Timeline Display

We have a brand-new timeline that will let you create and modify your injects more intuitively. More importantly, this is the first brick of a new feature that will let you chain your injects together. Stay tuned for the next step 💖

Be able to test emails and sms related injects

Don’t you feel so much more secured when you can double-check your work ? You can now test your emails and SMS to your own account before sending it to everyone. 💌

Bring lessons learned settings at scenario level

We all hate repetitive tasks, let’s agree to less setup. You can now set up your lessons learned page setting at the scenario level, and it will be applied to all simulations generated. 🙆‍♂️

XLS mapper improvement

We made our XLS mapper even more awesome by adding minor features such as being able to target all audiences or duplicate your mappers that will help you on your every day OBAS journey ✌️😎

Enhancements:

• #1195 Interactive Timeline Display
• #1109 Bring lessons learned setting at scenario level
• #1250 Duplicate an XLS mapper
• #1247 Ability to import XLS and use XLS mapper into Simulation
• #1248 In XLS mapper, having a way to map "All teams" as targets of injects
• #1107 Be able to test emails and sms related injects in Bul
• #1340 switch steps on agent instalation documentation
• #1340 Be able to test emails and sms related injects

Bug Fixes:

• #1348 Display problem not updated on Groups
• #1318 Lessons Learned page height is not properly set
• #1308 Loosing focus on the selected endpoint in atomic testing result when auto reload is happening
• #1303 Contextual group still linked after scenario duplication
• #1259 Atomic testing list: columns headers not aligned
• #1151 OpenBAS agent failed to install on windows machine

Pull Requests:

• Update dependency axios to v1.7.4 [SECURITY] by @renovate in #1322
• [Frontend|Backend]Be able to troubleshoot a failed email/sms inject test by @johanah29 in #1311
• Update dependency react-hook-form to v7.52.2 by @renovate in #1329
• Update material-ui monorepo to v5.16.7 by @renovate in #1332
• Update dependency esbuild to v0.23.1 by @renovate in #1327
• Update Yarn to v4.4.0 by @renovate in #1325
• Update dependency react-router-dom to v6.26.1 by @renovate in #1330
• Update dependency apexcharts to v3.52.0 by @renovate in #1326
• [frontend] Add chinese language option by @RomuDeuxfois in #1266
• [backend/frontend] Align DB constraint to api-types by @RomuDeuxfois in #1306
• Update dependency io.minio:minio to v8.5.12 by @renovate in #1328
• Update fontsource monorepo by @renovate in #1331
• Update dependency nyc to v17 by @renovate in #1333
• Update dependency @mui/x-date-pickers to v7 by @renovate in #696
• [backend/frontend] Add new filters on inject contract panel & persist choice in local storage by @RomuDeuxfois in #1258
• [frontend] aligned list columns headers #1259 by @MarineLeM in #1334
• [frontend] Switch steps on agent installation documentation (#1340) by @RomuDeuxfois in #1342
• [backend] fix contextual team while duplicating scenario #1303 by @MarineLeM in #1343
• [backend/frontend] Add filters on payloads by @RomuDeuxfois in #1341
• [backend/frontend]Test sms and emails in bulk by @johanah29 in #1337
• [frontend] Remove double fetch by @RomuDeuxfois in #1345
• [frontend] reselect the last endpoint selected after after a data rel… by @guillaumejparis in #1353
• [frontend/backend] In XLS mapper, having a way to map "All teams" as targets of injects by @Dimfacion in #1349
• Fixed obas url for dev deploy and template id in AWX by @troll-os in #1355
• Bump micromatch from 4.0.5 to 4.0.8 in /openbas-front by @dependabot in #1357
• Bump webpack from 5.91.0 to 5.94.0 in /openbas-front by @dependabot in #1356
• [backend/frontend] Ability to import XLS and use XLS mapper into Simulation by @RomuDeuxfois in #1335
• [backend/frontend] duplicate XLS mapper (#1250) by @MarineLeM in #1354
• [frontend] add lessons into scenarios by @savacano28 in #1323
• [frontend] fix simulation start time validation (#1360) by @guillaumejparis in #1362
• [frontend] fix simulation start time display by @guillaumejparis in #1367
• [frontend/backend] Interactive Timeline Display by @Dimfacion in #1268
• Improvement/feature branch docker digest by @troll-os in #1365
• [frontend] Display problem not updated on Groups (#1348) by @damgouj in #1359
• [frontend] Feature flag for filters V2 (#1294) by @RomuDeuxfois in #1363
• [backend] Fix executors by @RomuDeuxfois in #1370
• [frontend] Fix url for exercise by @Dimfacion in #1374
• [backend/frontend] Fix inject test condition by @RomuDeuxfois in #1377

New Contributors:

• @MarineLeM made their first contribution in #1334
• @damgouj made their first contribution in #1359

Full Changelog: 1.4.1...1.5.0

Version 1.4.1

Bug Fixes:

• #1360 Update simulation launch time not working

Full Changelog: 1.4.0...1.4.1

Version 1.4.0

Hello dear community! We are happy to announce a new version for OpenBAS! The OpenBAS 1.4.0! Hope you will enjoy it! 🚀

Be able to choose if expectation must be individually validated

For more granularity to manual expectations: you can now rate the performance of your players, the individual performances will impact automatically your team score based on the following expectations: a team is successful if one member of a team is successful OR if all members of a team are successful. 🫸🫷

Ability to import / export XLS mappers

Repeating the same configurations are never fun. To save you precious time on repetitive tasks, you can now import/export your XLS mappers ✌️

At XLS import, allow user to configure a launch time for the Scenario/Simulation

Scheduling means that you need to know when to start, in your XLS file you can now configure a launch time ! 📅

Emails UX improvement

We noticed some small UX issues that could lead to error in your emails injects. The overall experience have been improved to help you make sure that Filigran’s postal service always the right address to deliver to. 💌

Enhancements:

• #1260 Ability to import / export XLS mappers
• #1246 At XLS import, allow user to configure a launch time for the Scenario/Simulation
• #1220 Add a comprehensive error message when email addresses are not well formated
• #1219 triming email addresses of their starting and ending spaces
• #1205 Delete an item from a list (inject, atomic testing, scenario, simlation)
• #184 Be able to choose if expectation must be individually validated

Bug Fixes:

• #1313 Cancel button doesn't work for "export a scenario"
• #1310 Icons in circles in result are not aligned anymore
• #1307 Expectations are not properly set when creating inject based on a contract that contain some
• #1304 fields randomly deleted
• #1234 Lessons learned can't be submit with 0
• #1231 Translations En->Fr
• #1181 In atomic testing, update the manual set expectation, the security platform is not filled after full reload (and crashes if removed)
• #1138 Drawer effect is not correct when opening an inject from the list

Pull Requests:

• Delete an item from a list (inject, atomic testing, scenario, simlation) by @RomuDeuxfois in #1254
• Update typescript-eslint monorepo to v7.18.0 by @renovate in #1300
• Update dependency react-hook-form to v7.52.1 by @renovate in #1297
• Update dependency globals to v15.9.0 by @renovate in #1296
• Update dependency react-router-dom to v6.26.0 by @renovate in #1298
• Update springdoc.version to v2.6.0 by @renovate in #1299
• In atomic testing, update the manual set expectation, the security platform is not filled after full reload (and crashes if removed) by @RomuDeuxfois in #1270
• [backend/frontend] Fix on player not properly displayed by @Dimfacion in #1312
• Drawer effect is not correct when opening an inject from the list by @johanah29 in #1301
• [frontend] Fix on email adresses by @Dimfacion in #1314
• [backend/frontend] Allow user to configure a launch time during import if needed by @Dimfacion in #1249
• [backend] Fix expectations are not properly set (#1307) by @savacano28 in #1315
• [frontend] add translations by @savacano28 in #1317
• [frontend/backend]Adding the ability to import/export mappers by @Dimfacion in #1263
• [backend/frontend] Fix score in learned lessons by @savacano28 in #1316
• [frontend] Add validation mode to manual expectations by @savacano28 in #1245
• [frontend] Add info message of starting date mandatory on scenario by @savacano28 in #1319

Full Changelog: 1.3.1...1.4.0

Version 1.3.1

Enhancements:

• #1106 Be able to test emails and sms related injects

Bug Fixes:

• #1286 Scenario with filled email create simulation without email content
• #1269 If IMAP is enabled and IMAP is down or misconfigured, the platform should NOT fail to start
• #1261 Trigger time with some letters in it might lead to the date being not correctly set
• #1209 Wrong title and breadcrumb for inject details in a simultaion
• #1143 Payload form attack patterns / tags fields not correctly displayed
• #1141 After deleting a payload, atomic testing is throwing an error when accessing

Pull Requests:

• [frontend] Change header on inject details by @RomuDeuxfois in #1239
• [frontend] Manage screens when a payload is deleted by @savacano28 in #1193
• [Frontend|Backend]Rewriting payloadForm by @johanah29 in #1251
• Add multi-language&simplified chinese translation by @yolylight in #1265
• Update Node.js to v20.16.0 by @renovate in #1271
• Update dependency apexcharts to v3.51.0 by @renovate in #1274
• Update dependency @playwright/test to v1.45.3 by @renovate in #1273
• Update dependency esbuild to v0.23.0 by @renovate in #1276
• Update dependency eslint-plugin-playwright to v1.6.2 by @renovate in #1277
• Update dependency @hookform/resolvers to v3.9.0 by @renovate in #1272
• Update dependency commons-validator:commons-validator to v1.9.0 by @renovate in #1275
• Update dependency reactflow to v11.11.4 by @renovate in #1283
• Update dependency jsdom to v24.1.1 - autoclosed by @renovate in #1282
• Update dependency io.minio:minio to v8.5.11 by @renovate in #1281
• Update dependency html-react-parser to v5.1.12 by @renovate in #1280
• Update dependency eslint-plugin-i18next to v6.0.9 by @renovate in #1279
• Update dependency dompurify to v3.1.6 by @renovate in #1278
• [frontend/backend] Adding platform messages if imap is not reachable by @Dimfacion in #1284
• Update Yarn to v4.3.1 by @renovate in #1292
• Update material-ui monorepo by @renovate in #1291
• Update emotion monorepo to v11.13.0 by @renovate in #1290
• Update dependency vite to v5.3.5 by @renovate in #1289
• Update dependency react-router-dom to v6.25.1 by @renovate in #1287
• [backend] Fix inject content when create simulation from scenario by @RomuDeuxfois in #1293
• Adding Test inject in scenario and simulations by @johanah29 in #1267
• [backend] Fix on date being incorrectly set as relative by @Dimfacion in #1262

New Contributors:

• @yolylight made their first contribution in #1265

Full Changelog: 1.3.0...1.3.1

Version 1.3.0

Hello dear community! We are happy to announce a new version for OpenBAS! The OpenBAS 1.3.0! Hope you will enjoy it! 🚀

Import a timeline of Injects from an XLS file

With OpenBAS 1.3.0, you can now save a tremendous amount of your time when building your Scenario in the platform. Let’s say you are preparing a tabletop exercice in the context of a big event, something related to cyber incident in the context of a massive sport event in a beautiful city for example… 😉 The chronology of events your exercice planning team has prepared is massive: hundred of events to simulate! Everything has been prepared and is stored in an Excel. With OpenBAS, you can create a specific mapper that will automatically ingest the content of the file and populate immediately the Scenario for you! Injects, their time of execution, the expectations! 🔥

Duplicate things!

This release focuses on saving time for users. With this new version, you can duplicate Scenarios, Simulations, Atomic testing, Injects and Payloads to help you create new things slightly different from previous ones in a matter of seconds! 🥳

Custom Lessons Learned template

In a Simulation, you can apply a template of survey to send to players and collect their feedback. Until now, only one template was available. It is now possible to create your own survey! You simply have to go to the left menu of the platform in a new section called Lessons Learned, under Components. 🛠️

Delete injects in bulk

To ease your Scenario creation (after duplicating a previous one for example), we just add a way to delete multiple injects you do not need anymore. You only need to select them and use the bottom toolbar to delete them! How convenient! ❤️

And we also solved a lot of bugs and made some UI improvements!

Here the complete list of enhancements and bug fixes

Enhancements:

• #1157 Delete injects in bulk in scenario and simulation
• #1081 Bring back custom lesson learned templates
• #290 Import a xls chronogram as a scenario
• #1161 Enhance the files field in Payloads and Security Platforms
• #1057 Duplicate an Inject, Scenario, Simulation & Atomic testing

Bug Fixes:

• #1233 Issue with Duplication of Payload
• #1208 Wrong format when exporting injects in XLS
• #1203 timelines is not clickable anymore
• #1185 List of inject is pretty slow on demo environment
• #1140 Icons are not vertically aligned when creating an inject
• #1135 The score field should be deactivated after a validation
• #1131 Impossible to load a document from the Documents list
• #1034 If Caldera executor is enabled and Caldera is down, the platform should fail to start

Pull Requests:

• [dev] Add testing DB by @RomuDeuxfois in #1147
• [frontend] Fix spacing for tags (#1112) by @savacano28 in #1166
• [Frontend]Fix alignment of platform icons in add assets to inject by @johanah29 in #1117
• [frontend] 1111 - Full reload of the endpoints list, no tags displayed by @Christian-DONGMO in #1202
• [frontend] Lint by @RomuDeuxfois in #1204
• [frontend] Enable AI button on media pressure article (#1128) by @savacano28 in #1175
• [Frontend][Backend] duplicate an exercise by @Christian-DONGMO in #1159
• [frontend] Change pagination row per page options by @RomuDeuxfois in #1214
• [frontend] Fix form update expectation by @RomuDeuxfois in #1213
• [backend] Change trace level when store message in imap by @RomuDeuxfois in #1212
• [frontend] add DocumentLoader composant by @savacano28 in #1199
• [frontend] Fix result on challenge flag by @RomuDeuxfois in #1227
• Wrong format when exporting injects in XLS by @RomuDeuxfois in #1215
• If Caldera executor is enabled and Caldera is down, the platform should fail to start by @RomuDeuxfois in #1201
• [Frontend]Correcting inject icons alignment in inject creation by @johanah29 in #1228
• [backend/frontend] Improv performance on injector contract list (#1185) by @RomuDeuxfois in #1207
• [frontend/backend] Import a xls chronogram as a scenario by @Dimfacion in #1229
• [backend] Fixing an error when column is empty on expectations by @Dimfacion in #1235
• Bring back custom lesson learned templates by @RomuDeuxfois in #1230
• Bugfix/import xls fix by @Dimfacion in #1236
• [backend/frontend] import xls fix by @Dimfacion in #1237
• [frontend] add delete option for scenarios/exercises by @savacano28 in #1216
• [backend/frontend] Last fixes on import by @Dimfacion in #1243
• Bugfix/release 1.3.0 by @RomuDeuxfois in #1238
• [frontend] Fix timelines is not clickable anymore by @RomuDeuxfois in #1242
• [backend/frontend] Fix duplicate payload by @RomuDeuxfois in #1241
• [frontend] Remove formatter mention & fix icon by @RomuDeuxfois in #1244

Full Changelog: 1.2.2...1.3.0

Version 1.2.2

Bug Fixes:

• #1226 OpenBAS challenge issue

Full Changelog: 1.2.1...1.2.2

Version 1.2.1

Bug Fixes:

• #1180 Inject is marked ready even if assets are not set
• #1170 Assets group are not selectable in Scenario, Simulation, Atomic Testing
• #1055 Assets from a group of assets are not indented anymore
• #898 OBAS performances are too slow to be used

Pull Requests:

• [backend] Apply dynamic asset groups filter just on assets type endpoint (#1170) by @savacano28 in #1169
• [backend] Add dynamic assets as children in group asset if applicable (#1055) by @savacano28 in #1154

Full Changelog: 1.2.0...1.2.1

Version 1.2.0

Hi dear community! It is release time for OpenBAS! We’re happy to introduce new great functionalities, some of them suggested by community members! 🤜🤛

As always, your feedbacks & requests will be very valuable to help us shape this exciting new product. Please let us know how you would see the product evolve and what feature would be game changing for your industry! ✨

OpenBAS Implant

We celebrated the introduction of our own OpenBAS Agent in 1.1. To fulfill the workflow and as promised, we are proud to introduce our own Implant. A quick reminder: The Agent ensures the completion of the whole simulation by spawning temporary Implants responsible for executing payloads and ultimately being caught by your security systems! The new OpenBAS implant will allow us an enhanced malicious actions’ execution and less likeliness to be detected than the Caldera one, improving our overall capacity to test evaluate your systems’ response! 🚀

Security platforms

Integrating OpenBAS with security platforms will be a long road. We’ve already integrated with some of the most popular, but what if your integration is not there yet? You may want to assess manually if they catch your payloads… With OpenBAS 1.2, you now can define security platforms through the UI and add manual expectations for them in your injects, while we keep working on more integration and automatization of your favorite tools. 🥳

Verified Payloads

OpenBAS 1.2 also introduces the Unverified/Verified custom Payloads. Integrations, like the one with Atomic Red Team, can generate a lot of custom payloads to be used into your Simulations. Such integrations are a really great way to get immediate value through OpenBAS. But some payloads imported through integration might not be up-to-date. Filigran team is dedicated to bring the most value possible and will work on verifying payloads imported through official integrations! ✅

Duplicate Payloads

Having a library of Payloads through integration is great, but editing them to fit your exact use cases is better ! With the duplication of payloads, you can now create custom payload based on our existing one to customize them following your needs, and not to have to reinvent the wheel. 😎

Enhancements:

• #1173 Be able to duplicate payloads
• #1165 Implement security platform assets associated to collectors
• #1105 Create dummy collectors placeholder and be able to validate manually its technical expectation
• #1087 Introducing OpenBAS Implant (Injector)
• #1065 Sort simulation by updated date
• #1058 Creating an Scenario, simulation or atomic testing should redirect you to the page of the element created
• #1056 UI - In the navigation group scenario with simulation and atomic testing

Bug Fixes:

• #1141 After deleting a payload, atomic testing is throwing an error when accessing
• #1132 Be able to filter users on admin property
• #1130 Import simulation error 500 - Not working
• #1129 When exporting then importing a scenario, all expectations are lost
• #1126 Using change tone for an existing email is displaying wrong options
• #1121 the select inject panel can make a scenario page crash
• #1110 When editing an endpoint without description, form cannot be validated
• #1091 Scenario scores go up to 200% when they have no result to show
• #1045 Team score over time in % of expectations is not correctly computed
• #1040 When scheduling a scenario once, then simulation is done, scenario is still marked as "scheduled"
• #1021 Expectations cumulating in front in the validations screen
• #950 Inject: Broken filter for the ATT&CK matrix
• #883 [Inject] The layout of the image in an email body doesn't seem to work

Pull Requests:

• [backend/frontend] Add pagination in exercise list and improv performance by @RomuDeuxfois in #1090
• Update test-feature-branch workflow to use new AWX endpoint by @sbocahu in #1114
• [backend] fix accumulation score of expectations by @savacano28 in #1108
• [backend] fix null pointer by @savacano28 in #1134
• [backend] filter data null by @savacano28 in #1136
• [backend] Add last seen when asset is registered through agent by @RomuDeuxfois in #1120
• [backend] Make the admin property filterable by @Dimfacion in #1133
• [backend] fix null pointer exc by @savacano28 in #1144
• Issue/950 inject broken filter for the attck matrix by @Christian-DONGMO in #1082
• [Frontend] 1058 - Creating an Scenario, simulation or atomic testing … by @Christian-DONGMO in #1124
• [backend] fix export tags in scenarios and show expectations by @savacano28 in #1146
• [frontend] Move scenarios with simulations and AT in the menu by @Dimfacion in #1152
• [backend/frontend] Sort simulation by updated date by @RomuDeuxfois in #1153
• [frontend] Fix on layout of the image no working by @Dimfacion in #1149
• [backend] Fix recurring scenario not cleaned by @RomuDeuxfois in #1116
• [Frontend]Scenario scores display by @johanah29 in #1115
• [backend] Improv performance on atomic testing pagination list by @RomuDeuxfois in #1084
• When editing an endpoint without description, form cannot be validated by @RomuDeuxfois in #1148
• Update dependency dompurify to v3.1.5 by @renovate in #1162
• Update dependency esbuild to v0.21.5 by @renovate in #1163
• [backend] Fix on count in atomic testing search by @Dimfacion in #1168
• [backend] Validate contracts undefined, null or empty (#1121) by @savacano28 in #1156
• [frontend] fix crash page atomic testing after deleting a payload by @savacano28 in #1160
• [frontend] Fix options for tone in message (#1126) by @savacano28 in #1155
• [backend/frontend] Implement the OpenBAS Implant (injector) for custom payloads (#1087) by @SamuelHassine in #1172

New Contributors:

• @sbocahu made their first contribution in #1114

Full Changelog: 1.1.1...1.2.0

Version 1.1.1

Bug Fixes:

• #1104 Caldera injector not working anymore
• #1102 Endpoints are not cleared properly
• #1101 Caldera executor not registering capabilities anymore
• #1044 When modifying an injector contract, the attack pattern field "+" is not in the right position
• #647 Login error after token expired

Pull Requests:

• Bump braces from 3.0.2 to 3.0.3 in /openbas-front by @dependabot in #1094
• Bump ws from 8.17.0 to 8.17.1 in /openbas-front by @dependabot in #1093
• [Frontend] Adjust plus sign on attack pattern field by @johanah29 in #1073
• Update dependency swagger-typescript-api to v13.0.6 by @renovate in #1098
• Update material-ui monorepo by @renovate in #1099
• Update dependency ramda to v0.30.1 by @renovate in #1097
• Update Yarn to v4.3.0 by @renovate in #1096
• Update Node.js to v20.14.0 by @renovate in #1095
• [backend] fix caldera by @RomuDeuxfois in #1103
• [backend] Fixing random login errors by @Dimfacion in #1085

Full Changelog: 1.1.0...1.1.1