Version 1.9.0

Hello dear community! The OpenBAS 1.9.0 is out ! Hope you will enjoy it! 🎉

During this release, we put a strong focus on improving our technical simulation logic and the global performance of OpenBAS to offer the most seamless experience while testing your endpoints.

🗒️ Payloads Execution Improvements
We addressed several issues that prevented some payloads from executing correctly. Now, a significant number of payloads are fully functional, allowing you to build end-to-end, realistic attack simulations with greater reliability.

🔔 Detection/Prevention Enhancements
We improved our matching to accurately identify the alerts Blocked/Prevented for Detection/Prevention.
Microsoft Defender logic has been improved to ensure that all alerts are accurately detected and logged.
Microsoft Sentinel integration confirms that alerts from connected EDRs are transmitted and logged properly, offering clearer and more actionable insights.

🚀 Performance Boost
We resolved performance issues that caused the platform to lag when handling large amounts of data. With these fixes, openBAS is now faster and more responsive.
This work included many bugs bashed, some UI improvements and updated our documentation.

Enhancements:

• #1940 Simulations context - Rename 'exercices' in URL for 'simulations
• #1775 [security] Upgrade GA Dockerfile base image
• #1772 [security] Upgrade bcprov-jdk15on
• #1771 [security] Upgrade of postgresql JDBC driver
• #1725 clean up temporary apt list files in Dockerfiles
• #1518 UI improvement - Show prerequisites info in payloads drawer
• #1486 [ Unit testing - simulation scope ] - inject execution

Bug Fixes:

• #1939 Rename 'Status' for 'Execution status' for the execution of an inject
• #1928 Issue when importing a simulation
• #1903 Can't launch an http injector
• #1892 Simulations list skeleton is buggy in scenario overview
• #1888 Clicking on an inject popover open the edit panel too
• #1863 Injects execution blocked when an execution fails for a particular asset
• #1862 Actions are not allowed on the Inject Results list in the Exercise Overview
• #1840 "LaZagne.py - Dump Credentials from Firefox Browser" fails detection
• #1834 Fix ART payloads using the environment variable set at $PathToAtomicsFolder
• #1833 Fix technical Payload C2 Data Exfiltration giving us "need to analyze more"
• #1822 Update scenario drawer - merge 2 tabs overview and mail configuration together
• #1769 Inject still in Pending when I target an Asset and it's inactive
• #1758 Error when editing a challenge
• #1755 Prerequisites command failed but the status show success
• #1734 Latency - Improve taxonomics retrieval strategy
• #1729 Improve latency on simulation overview
• #1718 Improve latency on simulations list
• #1715 Charts simulations - team scores are too big
• #1686 Microsoft Defender collector not working
• #1685 Microsoft Sentinel collector not working
• #1662 Kill chain functional order is not taken into account in filter
• #1624 Lessons learned : the categories are not well diplayed
• #1621 Payload - Enforce required cleanup command AND executor when choosing one of the two
• #1515 Update of a simulation - update button should take infos from both tabs overview and mail config
• #854 TTPs are loading entirely in the app

Pull Requests:

• [backend] Format code with Spotless by @isselparra in #1634
• [frontend] Upgrade SheetJS (xlsx) because of vulnerability by @guillaumejparis in #1731
• Update eslint monorepo to v9 (major) by @renovate in #993
• [backend] Add condition when filters are null or empty by @johanah29 in #1764
• Update dependency @testing-library/react to v16 by @renovate in #1578
• [backend] Improve latency on atomicTestings by @savacano28 in #1733
• [frontend] Migrate CK Editor to 9.3 by @guillaumejparis in #1766
• [frontend/backend] fix and improve dashboard statistics (#1697) by @guillaumejparis in #1698
• [backend] Avoid NPE on calculate results by @RomuDeuxfois in #1779
• [backend] Add Kosovo country by @RomuDeuxfois in #1780
• [backend] Error 500 when updating Groups by @isselparra in #1791
• [backend] Improve latency on simulations list with filters by @savacano28 in #1665
• [frontend/backend] correct logout redirection by @MarineLeM in #1790
• [docker] Add pgadmin to docker compose by @RomuDeuxfois in #1789
• [frontend] improve eslint speed & logs (#1776) by @guillaumejparis in #1777
• [backend] fix computeExpectation when score is 0 (#1663) by @guillaumejparis in #1811
• [frontend] when refresh do not display login page by @MarineLeM in #1814
• [frontend] fix label for top attack pattern chart in dashboard (#1815) by @guillaumejparis in #1816
• [backend] fix inject status after execution by @MarineLeM in #1792
• [frontend] improve taxonomics retrieval strategy (#1734) by @guillaumejparis in #1735
• [frontend] Update dependency globals to v15.12.0 by @renovate in #1802
• [tool] Update eclipse-temurin Docker tag to v21.0.5_11-jre by @renovate in #1805
• [backend] Update dependency io.minio:minio to v8.5.13 by @renovate in #1804
• [frontend] Update dependency nyc to v17.1.0 - autoclosed by @renovate in #1803
• [frontend] Update dependency express to v4.21.1 by @renovate in #1801
• [frontend] Update dependency cronstrue to v2.51.0 by @renovate in #1800
• [frontend] Update dependency @stylistic/eslint-plugin to v2.10.1 by @renovate in #1798
• [backend] Add matching on parent process name for inject expectation signature by @RomuDeuxfois in #1826
• [backend] Allow for use of AWS IAM Role by @Dimfacion in #1808
• [backend] Updating dependencies by @Dimfacion in #1761
• [backend] Fix on upsert payload not updating the platform by @Dimfacion in #1823
• [frontend] Update dependency ckeditor5 to v43.3.0 by @renovate in #1799
• [backend/frontend] Properly generate types for chaining injects by @Dimfacion in #1830
• [frontend] add skeleton loader on main lists (#1409) by @guillaumejparis in #1841
• [frontend] Update material-ui monorepo to v6 (major) by @renovate in #1565
• [backend] test injects execution (#1486) by @johanah29 in #1690
• [backend] throw error when asset is inactive by @MarineLeM in #1817
• [frontend] use sx instead of useStyles in payloads (#1821) by @guillaumejparis in #1853
• [backend] Fix enum comparison on inject status by @savacano28 in #1854
• [frontend] Display more payload informations (#1518) by @johanah29 in #1787
• [backend] Update dependency io.opentelemetry:opentelemetry-bom to v1.44.1 by @renovate in #1797
• [backend/frontend] Improve latency on exercise overview by @savacano28 in #1767
• [docker] clean up temporary apt list files in Dockerfiles by @RomuDeuxfois in #1865
• [backend] catch error when execution fails for some asset (#1863) by @guillaumejparis in #1864
• [frontend] Update react monorepo by @renovate in #1876
• [frontend] Update material-ui monorepo by @renovate in #1875
• [frontend] Update dependency zustand to v4.5.5 by @renovate in #1874
• [frontend] Update dependency uuid to v11 by @renovate in #1871
• Bump @eslint/plugin-kit from 0.2.2 to 0.2.3 in /openbas-front by @dependabot in #1869
• Bump cross-spawn from 7.0.3 to 7.0.5 in /openbas-front by @dependabot in #1881
• [frontend] Delete actions are not allowed on the injectresult list by @savacano28 in #1884
• [backend/frontend] enforce null consistency with executor and command (#1621) by @antoinemzs in #1825
• [frontend] Update dependency redux to v5 by @renovate in #1880
• [backend/frontend] Fix editing challenge by @RomuDeuxfois in #1886
• [frontend] Update eslint monorepo to v9.15.0 by @renovate in #1889
• [backend/frontend] Merge tabs in scenario form (#1822) by @johanah29 in #1828
• [backend/frontend] Some payloads coming from Atomic Red team are marked as "Manual" by @isselparra in #1867
• [frontend] fix skeleton loading list for simulations in scenario over… by @guillaumejparis in #1893
• [frontend] Update dependency zustand to v5 by @renovate in #1872
• [backend] Fix NoSuchBeanDefinitionException in retrieving command line by @RomuDeuxfois in #1902
• [frontend] Fix popover atomic testing by @savacano28 in #1904
• [backend] Fix status traces comparisons by @savacano28 in #1907
• [frontend] correct inject list popover by @MarineLeM in #1899
• [frontend] Update dependency @playwright/test to v1.49.0 by @renovate in #1916
• [frontend] fixed Lessons Learned screen by @heditar in #1920
• [frontend] Remove the labels from the points on the line chart to imp… by @savacano28 in #1913
• [backend] Microsoft Defender collector not working (#1686) by @antoinemzs in #1912
• [backend/frontend] Merge tabs in simulation form (#1515) by @johanah29 in #1827
• [backend] Allowing metadata to inject expectation result by @RomuDeuxfois in #1905
• [backend] update kill chain phase options api to sort by order by @heditar in #1921
• [frontend] Payload - Enforce required cleanup command AND executor when choosing one of the two (#1621) by @antoinemzs in #1926
• Bugfix for release 1.9 by @RomuDeuxfois in #1924
• [frontend] Display teams on quick inject by @RomuDeuxfois in #1925
• [backend] Improv tracing for tanium endpoint by @RomuDeuxfois in #1927
• [backend] Delete notblank annotation by @savacano28 in #1931
• [backend] Fix on importing simulations (#1928) by @Dimfacion in #1929
• [backend] Removing placeholder on sts endpoint by @Dimfacion in #1932
• [frontend] change app routing /exercises to /simulations (#1940) by @guillaumejparis in #1944
• [frontend] Rename 'Status' for 'Execution status' for the execution of an inject by @RomuDeuxfois in #1945

New Contributors:

• @antoinemzs made their first contribution in #1825
• @heditar made their first contribution in #1920

Full Changelog: 1.8.2...1.9.0