Version 1.9.0

Hello dear community! The OpenBAS 1.9.0 is out ! Hope you will enjoy it! 🎉

During this release, we put a strong focus on improving our technical simulation logic and the global performance of OpenBAS to offer the most seamless experience while testing your endpoints.

🗒️ Payloads Execution Improvements
We addressed several issues that prevented some payloads from executing correctly. Now, a significant number of payloads are fully functional, allowing you to build end-to-end, realistic attack simulations with greater reliability.

🔔 Detection/Prevention Enhancements
We improved our matching to accurately identify the alerts Blocked/Prevented for Detection/Prevention.
Microsoft Defender logic has been improved to ensure that all alerts are accurately detected and logged.
Microsoft Sentinel integration confirms that alerts from connected EDRs are transmitted and logged properly, offering clearer and more actionable insights.

🚀 Performance Boost
We resolved performance issues that caused the platform to lag when handling large amounts of data. With these fixes, openBAS is now faster and more responsive.
This work included many bugs bashed, some UI improvements and updated our documentation.

Enhancements:

• #1940 Simulations context - Rename 'exercices' in URL for 'simulations
• #1775 [security] Upgrade GA Dockerfile base image
• #1772 [security] Upgrade bcprov-jdk15on
• #1771 [security] Upgrade of postgresql JDBC driver
• #1725 clean up temporary apt list files in Dockerfiles
• #1518 UI improvement - Show prerequisites info in payloads drawer
• #1486 [ Unit testing - simulation scope ] - inject execution

Bug Fixes:

• #1939 Rename 'Status' for 'Execution status' for the execution of an inject
• #1928 Issue when importing a simulation
• #1903 Can't launch an http injector
• #1892 Simulations list skeleton is buggy in scenario overview
• #1888 Clicking on an inject popover open the edit panel too
• #1863 Injects execution blocked when an execution fails for a particular asset
• #1862 Actions are not allowed on the Inject Results list in the Exercise Overview
• #1840 "LaZagne.py - Dump Credentials from Firefox Browser" fails detection
• #1834 Fix ART payloads using the environment variable set at $PathToAtomicsFolder
• #1833 Fix technical Payload C2 Data Exfiltration giving us "need to analyze more"
• #1822 Update scenario drawer - merge 2 tabs overview and mail configuration together
• #1769 Inject still in Pending when I target an Asset and it's inactive
• #1758 Error when editing a challenge
• #1755 Prerequisites command failed but the status show success
• #1734 Latency - Improve taxonomics retrieval strategy
• #1729 Improve latency on simulation overview
• #1718 Improve latency on simulations list
• #1715 Charts simulations - team scores are too big
• #1686 Microsoft Defender collector not working
• #1685 Microsoft Sentinel collector not working
• #1662 Kill chain functional order is not taken into account in filter
• #1624 Lessons learned : the categories are not well diplayed
• #1621 Payload - Enforce required cleanup command AND executor when choosing one of the two
• #1515 Update of a simulation - update button should take infos from both tabs overview and mail config
• #854 TTPs are loading entirely in the app

Pull Requests:

• [backend] Format code with Spotless by @isselparra in #1634
• [frontend] Upgrade SheetJS (xlsx) because of vulnerability by @guillaumejparis in #1731
• Update eslint monorepo to v9 (major) by @renovate in #993
• [backend] Add condition when filters are null or empty by @johanah29 in #1764
• Update dependency @testing-library/react to v16 by @renovate in #1578
• [backend] Improve latency on atomicTestings by @savacano28 in #1733
• [frontend] Migrate CK Editor to 9.3 by @guillaumejparis in #1766
• [frontend/backend] fix and improve dashboard statistics (#1697) by @guillaumejparis in #1698
• [backend] Avoid NPE on calculate results by @RomuDeuxfois in #1779
• [backend] Add Kosovo country by @RomuDeuxfois in #1780
• [backend] Error 500 when updating Groups by @isselparra in #1791
• [backend] Improve latency on simulations list with filters by @savacano28 in #1665
• [frontend/backend] correct logout redirection by @MarineLeM in #1790
• [docker] Add pgadmin to docker compose by @RomuDeuxfois in #1789
• [frontend] improve eslint speed & logs (#1776) by @guillaumejparis in #1777
• [backend] fix computeExpectation when score is 0 (#1663) by @guillaumejparis in #1811
• [frontend] when refresh do not display login page by @MarineLeM in #1814
• [frontend] fix label for top attack pattern chart in dashboard (#1815) by @guillaumejparis in #1816
• [backend] fix inject status after execution by @MarineLeM in #1792
• [frontend] improve taxonomics retrieval strategy (#1734) by @guillaumejparis in #1735
• [frontend] Update dependency globals to v15.12.0 by @renovate in #1802
• [tool] Update eclipse-temurin Docker tag to v21.0.5_11-jre by @renovate in #1805
• [backend] Update dependency io.minio:minio to v8.5.13 by @renovate in #1804
• [frontend] Update dependency nyc to v17.1.0 - autoclosed by @renovate in #1803
• [frontend] Update dependency express to v4.21.1 by @renovate in #1801
• [frontend] Update dependency cronstrue to v2.51.0 by @renovate in #1800
• [frontend] Update dependency @stylistic/eslint-plugin to v2.10.1 by @renovate in #1798
• [backend] Add matching on parent process name for inject expectation signature by @RomuDeuxfois in #1826
• [backend] Allow for use of AWS IAM Role by @Dimfacion in #1808
• [backend] Updating dependencies by @Dimfacion in #1761
• [backend] Fix on upsert payload not updating the platform by @Dimfacion in #1823
• [frontend] Update dependency ckeditor5 to v43.3.0 by @renovate in #1799
• [backend/frontend] Properly generate types for chaining injects by @Dimfacion in #1830
• [frontend] add skeleton loader on main lists (#1409) by @guillaumejparis in #1841
• [frontend] Update material-ui monorepo to v6 (major) by @renovate in #1565
• [backend] test injects execution (#1486) by @johanah29 in #1690
• [backend] throw error when asset is inactive by @MarineLeM in #1817
• [frontend] use sx instead of useStyles in paylo...

Version 1.8.2

Enhancements:

• #1453 Ability to support IAM roles for Amazon S3 / MinIO configuration

Full Changelog: 1.8.1...1.8.2

Version 1.8.1

Bug Fixes:

• #1778 Non-admin user granted for a simulation not able to access it
• #1751 Add Kosovo country
• #1347 Error 500 when updating Groups

Full Changelog: 1.8.0...1.8.1

Version 1.8.0

The OpenBAS 1.8.0 is out ! Hope you will enjoy it! 🚀

📒 Customizable Debrief
Feeling like sharing the results of your simulation to enhance collaboration ? You can now generate a customizable report page and export it into nicely formatted and shareable PDFs, along with an overall summary to receive insights in a clear and accessible format.

⛓️ Conditional Inject Chaining
Building on version 1.7, seamlessly condition injects launch based on the expectations of previous ones, creating more dynamic simulations with multiple inject paths.

🏗️ Payload Categorization by Architecture
In need of precision regarding your architecture for your payloads ? We organized and categorized your payloads by binary architecture to facilitate the selection of your injects.

👓 Advanced Player and Asset Filtering
We added filters on the players and asset groups pages to streamline your analysis and focus on the most relevant data.

And we also solved a lot of bugs, made some UI improvements and updated our documentation.

Enhancements:

• #1582 Improve latency on page: admin/scenarios/:id
• #1580 Improve latency on page: admin/scenarios/:id/injects
• #1555 Add filters to Players page
• #1554 Add filters to Asset group page
• #1487 [ Unit testing - simulation scope ] - lessons learned surveys
• #1485 [ Unit testing - simulation scope ] - inject creation/update
• #1385 Conditional inject chaining
• #1189 Categorize payload by architecture
• #1080 Create customizable debrief page - generate a report page with a global note

Bug Fixes:

• #1704 Message "internal error" + Error 500 occurring when creating a technical scenario
• #1701 Scenario & Simulation full reload when refetching
• #1699 Remove double fetch organizations in Groups
• #1682 Remove duplicate requests for pagination & filters
• #1678 Fix deprecated local method to start frontend
• #1670 MITRE ATT&CK matrix dashboard results is not working
• #1668 When deleting an endpoint in an inject, line is not removed but becomes empty
• #1666 Default value of payload argument is not taken into account when creating an atomic testing
• #1660 Images (logos) of security systems uploaded by collectors should not be deletable
• #1658 Mouse cursor is disappearing when mouse is going to the result by target in inject
• #1655 Putting expectation with the security platform is broken
• #1633 Import injects: Pagination hides injects over 100 + action only works if the user refreshes
• #1632 Labels in select inputs look broken
• #1610 Tags are not displayed in simulation overview
• #1603 Score max value on the scalebar is not coherent with default value or set value
• #1600 Can't update an inject without filling all mandatory fields
• #1586 Simulations never ends if no inject / disabled injects / deleted injects
• #1521 Removing a team from the context doesn't work
• #1473 [ UI improvement ] to display uri of a media pressure in an email inject

Pull Requests:

• Update dependency @mui/x-date-pickers to v7.18.0 by @renovate in #1537
• Update dependency esbuild to v0.24.0 by @renovate in #1542
• Update dependency chokidar to v4 by @renovate in #1560
• Update dependency date-fns to v4 by @renovate in #1561
• Update dependency vitest to v2 by @renovate in #1563
• Update maven Docker tag to v3.9.9 by @renovate in #1576
• Update dependency slack to v5 by @renovate in #1579
• Update eclipse-temurin Docker tag to v21.0.4_7-jre by @renovate in #1574
• Update docker/build-push-action action to v6 by @renovate in #1564
• [backend/frontend] Add filters on player page by @RomuDeuxfois in #1605
• [frontend/backend] add inject result inside report by @MarineLeM in #1519
• Improve latency on endpoint teams by @RomuDeuxfois in #1584
• Update dependency zustand to v4.5.5 by @renovate in #1598
• [backend] Add ID on expectation type by @RomuDeuxfois in #1613
• Update dependency http-proxy-middleware to v3 by @renovate in #1562
• Update dependency @types/react to v18.3.11 by @renovate in #1597
• Update dependency @types/node to v20.16.10 by @renovate in #1596
• Update eslint monorepo to v8.57.1 by @renovate in #1575
• [backend] Fix 401 when user not admin and go to page with filters by @damgouj in #1620
• [backend] Fix call to the management plugin not working when using ssl by @Dimfacion in #1622
• Bugfix/1478 fix filter order by @savacano28 in #1623
• [backend/frontend] fix bulk update injects by @savacano28 in #1628
• [backend] Use join map to avoid duplicate join by @RomuDeuxfois in #1619
• [frontend] Documents are not duplicated when an inject is duplicated by @isselparra in #1641
• [backend/frontend] Categorize payload by architecture by @isselparra in #1612
• [backend] Fix latency scenarioId by @savacano28 in #1606
• [backend/frontend] Add filters to Asset group page by @RomuDeuxfois in #1646
• Update dependency @babel/plugin-transform-modules-commonjs to v7.25.7 by @renovate in #1595
• [frontend] Fix deprecated start method to start frontend (#1678) by @guillaumejparis in #1679
• [frontend] Remove duplicate requests for pagination & filters by @guillaumejparis in #1683
• [frontend] fix import icon by @MarineLeM in #1695
• [backend/frontend] Fix removing a team from the context doesn't work by @RomuDeuxfois in #1544
• [backend] Inject creation/update in a simulation (#1485) by @johanah29 in #1636
• [frontend] Fix tags displayed and links to item exercises lists (#1610) by @damgouj in #1689
• [frontend] Improve scalebar component by @savacano28 in #1703
• [frontend] fix import openbas logo in pdf by @MarineLeM in #1705
• [frontend] avoid full reload of scenario & simulation when refetching… by @guillaumejparis in #1702
• [frontend] delete double fetch in groups (#1699) by @guillaumejparis in #1700
• [backend] Fix param to retrieve asset groups from a raw map by @savacano28 in #1710
• Update dependency http-proxy-middleware to v3.0.3 [SECURITY] by @renovate in #1724
• [backend] Fix raw teams request (#1704) by @guillaumejparis in #1721
• [backend] Add obfuscator base64 on expectation signature for OpenBAS agent by @RomuDeuxfois in #1712
• [frontend] create reportComment component by @MarineLeM in https://github.co...

Version 1.7.3

Bug Fixes:

• #1629 Documents are not duplicated when an inject is duplicated
• #1608 Results of OpenBAS scenarios are not displayed anymore in OpenCTI

Full Changelog: 1.7.2...1.7.3

Version 1.7.2

Bug Fixes:

• #1627 Adding / replacing / removing inject teams in bulk also remove all attached document

Full Changelog: 1.7.1...1.7.2

Version 1.7.1

Bug Fixes:

• #1618 Settings not populating when RabbitMQ is using SSL

Full Changelog: 1.7.0...1.7.1

Version 1.7.0

Hello dear community! The OpenBAS 1.7.0 is out ! Hope you will enjoy it! 🚀

In this release, we’ve focused on addressing key community pains and squashing bugs to enhance your overall experience.

Improve the readability in our platform logs for more efficient debugging

For better readability, efficiency in troubleshooting and allowing compatibility with an observability platform such as Grafana (filtering, graphs), we changed our logs from Java to JSON.🔍

Command Details in execution traces

Need to see your command information to follow what will be executed? It’s now possible to see what command lines have been executed in your inject details or atomic testing page. 📖

Self-signed certificate

Great news! Following a request from our community, our HTTP client now supports self-signed certificates, making it easier to authorize and connect securely in custom environments. 🚘

Customizable expiration time settings

Introducing customizable expiration settings! Now, you can manage the expiration time of your expectations in their setting and at platform level through your config file. Take full control and fine-tune your workflow like never before! 💥

Clearer insights for expectation score and validation

Say hello to clearer insights! We’ve refined our UI to clarify expectation scores settings and validation screens giving you instant clarity at a glance! 🧹

And we also solved a lot of bugs and made some UI improvements.

Enhancements:

• #1418 Better readability for platform logs: from java default stack traces to JSON
• #1218 Authorized platform self-signed ssl certificate
• #1171 For expectations, add the ability to customize the expiration time used by the expiration manager
• #1232 Command Details in execution traces
• #1198 Improve UI of score settings/validation

Bug Fixes:

• #1550 Error message of Caldera executor not responding when there is no Caldera config
• #1516 Delete a team from simulation works but generates an error in the interface
• #1508 open agent windows 10 invalid peer certificate unknown issuer
• #1503 in animation page, selecting a tag doesn't impact the graphs
• #1496 obas a gent on win11 arm
• #1482 Notify success & error from network requests are not translated
• #1476 When adding a team with multiple players, it can lead to duplicate inserted in database which generate an error
• #1471 bulk deletion of inject only delete the first one of the list
• #1456 Sorting on "executor" in "Endpoints" section triggers "Internal error"
• #1452 UI inconsistency: space separators in simulation list + height of the lines
• #1435 Mitre Attack Coverage is partially hidden on firefox
• #1371 Scenario result should not be interactive and show clearly that they have no data when no simulation has been played
• #1028 In some cases, IMAP store of sent message can fail
• #1425 Inject expectation is missing on atomic testing
• #1431 Consistent wording for UI in asset groups: Dynamic asset filter or rule

Pull Requests:

• Update dependency swagger-typescript-api to v13.0.22 by @renovate in #1444
• Update dependency @playwright/test to v1.47.1 by @renovate in #1439
• Update dependency uuid to v10 by @renovate in #1446
• Update dependency jsdom to v25 by @renovate in #1445
• Update dependency mdi-material-ui to v7.9.2 by @renovate in #1443
• Update dependency html-react-parser to v5.1.16 by @renovate in #1442
• Update dependency axios to v1.7.7 by @renovate in #1441
• Update dependency qs to v6.13.0 by @renovate in #1440
• [backend/frontend] Add possibility to launch openbas agent on docker and linux image by @RomuDeuxfois in #1417
• Update dependency express to v4.20.0 [SECURITY] by @renovate in #1426
• [Frontend | Backend | Database] Improve UI of score settings/validation by @johanah29 in #1420
• Update Node.js to v20.17.0 by @renovate in #1437
• Update Yarn to v4.5.0 by @renovate in #1438
• [backend] Add payload elevation required by @savacano28 in #1410
• Update dependency vite to v5.3.6 [SECURITY] by @renovate in #1467
• [backend/frontend] fix trigger now injects by @savacano28 in #1424
• Bump vite from 5.3.6 to 5.4.6 in /openbas-front by @dependabot in #1469
• [backend/frontend] Improv filters UI by @RomuDeuxfois in #1462
• [frontend] can done and trigger inject only in animation tab by @MarineLeM in #1428
• [frontend] change wording for dynamic asset filter by @MarineLeM in #1472
• [backend] Add tracing with OpenTelemetry by @RomuDeuxfois in #1404
• [frontend] Add teams in a scenario for multiple injects (#1464) by @damgouj in #1474
• [backend] Fix expectations in injects (#1425) by @damgouj in #1463
• [backend/frontend] Command Details in execution traces (#1232) by @damgouj in #1449
• [frontend] Fix abnormal space and height in lists by @johanah29 in #1479
• [backend/frontend] add exercise report by @MarineLeM in #1419
• [frontend] Keep commands lines shown if another element is updated in atomic testing page by @damgouj in #1493
• [frontend] Fix Mitre Att&ck Coverage display on Firefox by @isselparra in #1484
• [frontend/backend] remove updateAttributes and isListened from api-ty… by @MarineLeM in #1510
• [frontend] fix translation in network success or fail messages (#1482) by @guillaumejparis in #1483
• Update dependency typescript to v5.6.2 by @renovate in #1288
• [frontend/backend] add isListened in api-types file by @MarineLeM in #1511
• Update dependency @types/qs to v6.9.16 by @renovate in #1526
• Update dependency @types/node to v20.16.6 by @renovate in #1525
• Update dependency @playwright/test to v1.47.2 by @renovate in #1524
• Update dependency @emotion/react to v11.13.3 by @renovate in #1523
• Update dependency @dagrejs/dagre to v1.1.4 by @renovate in #1522
• [backend/frontend] Sorting on "executor" in "Endpoints" section triggers "Internal error" by @isselparra in #1514
• [backend] Add retry on imap connexion by @RomuDeuxfois in #1497
• [backend] Fix wrong count for pagination by @RomuDeuxfois in #1529
• [frontend]Fix the display of the result of injects bulk deletion by @johanah29 in #1481
• Bump rollup from 4.13.0 to 4.22.4 in /openbas-front by @dependabot in #1520
• Update dependency vite to v5.4.7 [SECURITY] by @renovate in #1535
• Update dependency commons-io:commons-io to v2.17.0 by @renovate in #1541
• Update dependency com.rabbitmq:amqp-client to v5.22.0 by @renovate in #1540
• Update dependency @xyflow/react to v12.3.0 by @renovate in #1538
• [frontend] update teamsIds state by @savacano28 in https://githu...

Version 1.6.1

Bug Fixes:

• #1466 Creating challenges or media pressure inject does not work
• #1465 Broken variable in media pressure inject
• #1464 Add teams in a scenario for multiple injects not working

Full Changelog: 1.6.0...1.6.1

Version 1.6.0

Hello dear community! The OpenBAS 1.6.0 is out ! Hope you will enjoy it! 🚀

Interactive Timeline Display for injects
Our brand-new timeline is getting fancier ! On top of being able to create and modify your injects more intuitively, you can now chain your injects, opening the way to our future exciting feature: conditional inject launch ! 🛤️

Filters implementation
Find More, Faster: unleash the Power of Filters for a Seamless Experience! You can now leverage filtering on the most important lists of OpenBAS to better understand various kinds of situation for your scenarios, simulations, atomic testing etc. 👀

Test emails and SMS related injects
Not sure if your email or SMS was sent ? You can replay a test for a single inject or do it in bulk. 📬

Launch a scenario now as we do in simulation
No time to waste ? Feeling like launching your scenario right away without scheduling ? It’s now possible with the start now button on the scenario level. ⛷️

Caldera is removed from the default OpenBAS stack
Caldera was complicated to use for the community. We’ve heard you! OpenBAS has reached a good level of maturity by integrating atomic red team so we decided to remove it from our default stack. 👏

Enhancements:

• #1421 Remove Caldera from default stack
• #1368 Ability to launch a scenario - same as we do for simulations - with a start now
• #1336 Be able to replay test for sms and email injects
• #1294 Implement filters on atomic testing, inject and payload lists
• #1194 Chaining injects logically
• #124 Implement filters on injector contract, scenario & simulation lists

Bug Fixes:

• #1400 In scenario tab, anormal spaces between overlay and separators
• #1397 Lessons learned survey are never received
• #1361 Avoid deadlocks during Flyway migrations (>9.0.)
• #1350 When updating an expectation score, the expectation status doesn't change
• #859 Login UI should be iso with OCTI
• #844 404 errors are not correctly handles, leading to spinning forever

Pull Requests:

• [backend/frontend] fix expectation status when updating score by @MarineLeM in #1379
• [github] Adding a way to have the labels automatically set by @Dimfacion in #1372
• [github] Fixing the branch name by @Dimfacion in #1381
• [frontend/backend] align login page with octi (#859) by @guillaumejparis in #1373
• [frontend] add a warning instead of loading indefinitely on 404 for s… by @guillaumejparis in #1369
• Add quick filters on scenarios, simulations and atomic testing by @RomuDeuxfois in #1352
• [backend] fix deadlock flyway migration on 9.22.3 by @savacano28 in #1358
• [frontend] Fix on moving an inject deletes it's content by @Dimfacion in #1393
• [backend] fix obas injector for linux & mac (#1388) by @guillaumejparis in #1391
• [backend] Add sortable property to team_name by @savacano28 in #1399
• [backend/frontend] Add missing sortable by @RomuDeuxfois in #1401
• [frontend/backend] Be able to replay test by @johanah29 in #1364
• [backend/frontend] Fix team creation by @RomuDeuxfois in #1402
• Atomic testing list is slow on demo environment by @RomuDeuxfois in #1389
• [backend/frontend] Add quick filters on scenarios injects & simulations injects by @RomuDeuxfois in #1383
• [Frontend] Fix spaces between overlay and separators in scenario tab by @johanah29 in #1406
• [readme] fix readme screenshot and links by @guillaumejparis in #1407
• [backend/frontend] Add quick filters on assets & asset groups when inject creation by @RomuDeuxfois in #1394
• [frontend] Fix inject action update in inject list by @RomuDeuxfois in #1411
• [frontend/backend] add a start now for scenario (#1368) by @guillaumejparis in #1405
• [frontend/backend] Chaining injects logically by @Dimfacion in #1380
• [backend/frontend] Filters options should not be limit to 10 by @RomuDeuxfois in #1430
• [frontend] Error display when a survey is send by @RomuDeuxfois in #1429
• [frontend] Fix missing filter on dynamic asset group by @RomuDeuxfois in #1434
• [frontend] Change some wordings by @RomuDeuxfois in #1432
• [frontend] Improv filter style by @RomuDeuxfois in #1433
• [frontend] Small fix on chaining UI by @Dimfacion in #1448
• [backend] Fix inject status delete cascading by @RomuDeuxfois in #1447

Full Changelog: 1.5.1...1.6.0