Version 1.1.1

Bug Fixes:

• #1104 Caldera injector not working anymore
• #1102 Endpoints are not cleared properly
• #1101 Caldera executor not registering capabilities anymore
• #1044 When modifying an injector contract, the attack pattern field "+" is not in the right position
• #647 Login error after token expired

Pull Requests:

• Bump braces from 3.0.2 to 3.0.3 in /openbas-front by @dependabot in #1094
• Bump ws from 8.17.0 to 8.17.1 in /openbas-front by @dependabot in #1093
• [Frontend] Adjust plus sign on attack pattern field by @johanah29 in #1073
• Update dependency swagger-typescript-api to v13.0.6 by @renovate in #1098
• Update material-ui monorepo by @renovate in #1099
• Update dependency ramda to v0.30.1 by @renovate in #1097
• Update Yarn to v4.3.0 by @renovate in #1096
• Update Node.js to v20.14.0 by @renovate in #1095
• [backend] fix caldera by @RomuDeuxfois in #1103
• [backend] Fixing random login errors by @Dimfacion in #1085

Full Changelog: 1.1.0...1.1.1

Version 1.1.0

Hi dear community! Today we are proud to introduce the first upgrade of OpenBAS 🎉 leading the way to many other quick iterations we planned in order to provide you with the most complete Breach & Attack simulation solution to evaluate and validate your Security Posture! 🔥

Your feedbacks & requests will be very valuable to help us to shape this exciting new product. Please don’t hesitate to reach out. 🙂

OpenBAS Agent

With OpenBAS 1.1, we are introducing our own Agent in addition to Caldera and Tanium ones. The Agent is responsible for running your attack simulation on your endpoints. It aims to remain as neutral as possible, never directly executing malicious commands in order to stay operational and ensure the simulation flow, leaving that task to “injectors”. Until the 1.1, you could rely on a Caldera or a Tanium to be your Agent, both coming with inherent downsides, as they are not “real” BAS Agents. For example, Caldera is a well known implant, and is spotted and terminated by OS defenses right away, impacting your simulation flow.

We are planning to also provide a native OpenBAS injector, responsible for an enhanced malicious actions’ execution! 🚀

Breaking change: OpenBAS Agent is now the default Agent in platforms. If you previously used Caldera and want to continue to use it, you need to re-enabling it in the platform configuration file (documentation).

Custom payloads
We have introduced in OpenBAS 1.0.8 a key feature for our platform, and we wanted to celebrate this achievement in this major release ! 🎊 You can now create your own custom payloads inside OpenBAS and use them in your scenario, simulations and atomic testing. With this, you can integrate your carefully crafted scripts or even ones know to be used by threats meaningful to you! 🔥

Injects timeline in scenario

Until OpenBAS 1.1, it was not possible to easily see the injects’ time flow of your Scenario when defining it. We have brought the timeline to the inject page of your Scenario and simulations to let you see better when they will be played. The timeline is interactive and you can directly click on injects to edit them. 🧩

We will continue to facilitate Scenario creation, a tedious but really important phase for a relevant evaluation of your Security Posture!

Improvement of the time pickers and scheduling tool

Overall, the time picker was too clunky for efficient use. We have redesigned the UI to simplify and clarify the setup, providing you with a seamless scheduling experience.

Enhancements:

• #1089 Add timeline to the inject tab of scenario and simulation
• #919 Introducing OpenBAS Agent (Executor)
• #877 Empower the injects timeline with new interactions
• #860 Improvement of select date widget

Bug Fixes:

• #1067 Importing a simulation creates an error message or create the simulation completely empty
• #1022 Validation of manual expectation displayed in Validation screen even if the inject has failed at execution
• #1017 Full text search wrong indicators
• #1014 Error on Inject simulated emails
• #1005 Because of the sorting of simulation, it is impossible to find the recently created simulation
• #979 "Reply to" function doesn't send messages
• #944 Alignement issue in the MITRE results matrix
• #917 Inject Result for media pressure: image broken link
• #903 Imported scenario keeps the status / scheduling
• #868 Media Pressure articles are dissappearing

Pull Requests:

• [frontend] fix channels filter in definition by @guillaumejparis in #1049
• [backend/frontend] Fix reply to function in animation>mail section by @RomuDeuxfois in #1054
• [frontend]Updating the filters document by @johanah29 in #1063
• Issue/917 inject result for media pressure image broken link by @Christian-DONGMO in #1060
• Imported scenario keeps the status / scheduling by @RomuDeuxfois in #1050
• [backend] Improv performance on challenges by @RomuDeuxfois in #1066
• [backend] Improv performance on articles by @RomuDeuxfois in #1064
• [Backend] 1022 - Validation of manual expectation displayed in Valida… by @Christian-DONGMO in #1068
• [frontend] Refact timeline composant by @savacano28 in #1051
• [backend] Fix on get exercise details to have better performance by @Dimfacion in #1059
• [backend/frontend] Improv injects perf by @RomuDeuxfois in #1061
• [frontend] add timeline component into scenarios and exercise injects… by @savacano28 in #1072
• [frontend] fix by @savacano28 in #1076
• [Frontend]Improve select date widgets by @johanah29 in #1062
• [backend/frontend] Fix import by @RomuDeuxfois in #1069
• [frontend] Fix broken image by @RomuDeuxfois in #1077
• [frontend/backend] Fixing full text search wrong indicators by @Dimfacion in #1075
• [backend/frontend] Fix duplicate inject results by @RomuDeuxfois in #1074
• [backend/frontend] Adding feature flag by @Dimfacion in #1070
• [backend/frontend] Introduce the OpenBAS agent (#919) by @SamuelHassine in #1086
• Update V3_22__Endpoints.java by @RomuDeuxfois in #1088
• [frontend] Last fix before release by @johanah29 in #1083
• Issue/877 final improvements by @savacano28 in #1079

Full Changelog: 1.0.9...1.1.0

Version 1.0.9

Enhancements:

• #391 Be able to have a login message

Bug Fixes:

• #1047 Security Posture on OpenCTI
• #904 Not possible to import simulation anymore

Pull Requests:

• [frontend] adding import button on exercises list page by @Christian-DONGMO in #1027
• [backend] Fix on get teams to have better performance by @Dimfacion in #1046
• [frontend] add a no translated string eslint check and add missing translations by @guillaumejparis in #1029
• [backend] add index by @savacano28 in #1001
• [frontend] Fix theme update twice by @RomuDeuxfois in #1052
• [backend/frontend] add policies page by @savacano28 in #1015
• [backend] Change external reference resolution for OpenCTI integration by @RomuDeuxfois in #1048

Full Changelog: 1.0.8...1.0.9

Version 1.0.8

Enhancements:

• #743 Ability to create custom payload for injects

Bug Fixes:

• #1041 Atomic testing can be launched even if mandatory fields are missing in the contract

Pull Requests:

• [backend/frontend] Improv scenario pagination by @RomuDeuxfois in #1042

Full Changelog: 1.0.7...1.0.8

Version 1.0.7

Enhancements:

• #1039 Introduce statuses maybe prevented / maybe partially prevented
• #1035 Expectation expiration manager should also fail human response expectation

Bug Fixes:

• #1038 Collection of alerts is not working properly due to API failures
• #1032 Caldera injector incoherent error logging / success logging

Full Changelog: 1.0.6...1.0.7

Version 1.0.6

Bug Fixes:

• #1028 In some cases, IMAP store of sent message can fail
• #1026 Asset groups not correctly updated when add/delete assets
• #1025 Caldera get killed by ATP, need to fix the Caldera build and provide with whitelist hashes
• #1018 In some cases, the Definition screen is broken
• #1004 When removing Filigran logos, login logo is broken

Pull Requests:

• [frontend] Fix warnings and fix linter by @guillaumejparis in #915
• [frontend] Fix error on definition screen by @RomuDeuxfois in #1020
• [frontend] fix assets group list update when add/delete asset by @guillaumejparis in #1023

Full Changelog: 1.0.5...1.0.6

Version 1.0.5

Bug Fixes:

• #1008 After upgrading to 1.0.4, simulations screen is broken
• #1007 Linux / MacOS installation snippet in copy / paste have incorrect paths
• #1006 Filter on assets group are not displayed at edit / cannot be edited
• #920 Translation of parameters is not correct
• #905 Assets and dynamic assets in groups are always 0
• #841 RabbitMQ version is not correct.

Pull Requests:

• [backend] Fix exercises list by @RomuDeuxfois in #1011
• [frontend/backend] improve asset groups table with new column rules a… by @guillaumejparis in #1012
• [backend/frontend] Little fix by @RomuDeuxfois in #1016

Full Changelog: 1.0.4...1.0.5

Version 1.0.4

Enhancements:

• #1000 Rename fake detector to Expectation Expiration Manager
• #999 Migrate Microsoft Sentinel collector in Python
• #976 Implement all necessary helpers and methods for Python collectors

Bug Fixes:

• #981 "Create player" form doesn't have all the field of "Update player" form
• #960 Connection error with Imap/Smtp server
• #957 Cannot Use AI to simulate attack from OCTI

Pull Requests:

• Update fontsource monorepo by @renovate in #949
• Update dependency react-hook-form to v7.51.5 by @renovate in #948
• Update dependency @testing-library/react to v14.3.1 by @renovate in #943
• [backend] fix rabbit env variables by @guillaumejparis in #952
• Update react monorepo by @renovate in #946
• Update dependency @eslint/eslintrc to v3.1.0 by @renovate in #940
• Update material-ui monorepo by @renovate in #930
• Update typescript-eslint monorepo to v7.10.0 by @renovate in #947
• [backend] add query to fecth users by @savacano28 in #951
• [backend] fix connection at rabbitmq to publish by @guillaumejparis in #959
• [backend] Fix scenario import by @RomuDeuxfois in #961
• Issue/performance native queries by @Dimfacion in #968
• [backend/frontend] add search exercises capability by @guillaumejparis in #966
• [backend/frontend] Add trace on email and fix document error on atomic by @RomuDeuxfois in #964
• [frontend] remove some useless duplicate requests calls by @guillaumejparis in #965
• Update dependency esbuild to v0.21.4 by @renovate in #975
• Update dependency @mui/x-date-pickers to v6.20.0 by @renovate in #971
• Update dependency @vitejs/plugin-react to v4.3.0 - autoclosed by @renovate in #972
• Update dependency cronstrue to v2.50.0 by @renovate in #974
• [backend] add query to fetch documents by @Christian-DONGMO in #962
• [backend] Add more info for openbas admin email misconfiguration by @RomuDeuxfois in #956
• [Frontend]Updating platform translations by @johanah29 in #963
• [backend] remove duplicated targets in simulations by @savacano28 in #918
• Update Node.js to v20.13.1 by @renovate in #923
• Update Yarn to v4.2.2 by @renovate in #924
• Update dependency apexcharts to v3.49.1 by @renovate in #925
• Update dependency axios to v1.7.2 by @renovate in #926
• Update dependency mdi-material-ui to v7.9.1 by @renovate in #928
• Update dependency vite-plugin-istanbul to v6.0.2 by @renovate in #937
• Update dependency @stylistic/eslint-plugin to v1.8.1 by @renovate in #942
• Update dependency @hookform/resolvers to v3.4.2 by @renovate in #941
• Update opensaml.version to v4.3.2 by @renovate in #931
• [backend/frontend] get rabbitmq version and fix value in frontend by @guillaumejparis in #980
• Issue/players by @Christian-DONGMO in #982
• Update eclipse-temurin Docker tag to v21.0.3_9-jre by @renovate in #985
• Update dependency @playwright/test to v1.44.1 by @renovate in #987
• Update dependency @types/react to v18.3.3 by @renovate in #988
• Update dependency @babel/plugin-transform-modules-commonjs to v7.24.6 by @renovate in #986
• Update dependency commons-io:commons-io to v2.16.1 - autoclosed by @renovate in #989
• Update dependency react-intl to v6.6.8 by @renovate in #994
• Update dependency jsdom to v24.1.0 by @renovate in #995
• Update dependency vitest to v1.6.0 by @renovate in #996
• Update dependency react-router-dom to v6.23.1 by @renovate in #992
• Update dependency dompurify to v3.1.4 - autoclosed by @renovate in #990
• [frontend] Limit retries when sse in error by @guillaumejparis in #914
• [backend/frontend] Fix tests by @RomuDeuxfois in #998
• [Frontend|Backend]Align 'create player' form with 'update player' form by @johanah29 in #983
• Issue/performance native queries by @Dimfacion in #997
• Improvment : pagination perf by @RomuDeuxfois in #984
• [backend] Adding a timeout on the call to rabbitMQ by @Dimfacion in #1002
• Update dependency mini-css-extract-plugin to v2.9.0 by @renovate in #991

New Contributors:

• @Christian-DONGMO made their first contribution in #962

Full Changelog: 1.0.3...1.0.4

Version 1.0.3

Bug Fixes:

• #908 Error on Inject simulated emails
• #897 Manual Launch of mails "Déclencher maintenant" cannot be triggered in a simulation
• #896 In atomic testing, only compatible assets should be listed
• #867 Avoid raising stack trace when entity is not found, just returning 404
• #839 [Scenario] The import of Scenario is not working

Pull Requests:

• [backend/frontend] Fix import scenario by @RomuDeuxfois in #909
• [frontend] Fix ai button by @guillaumejparis in #913
• [backend/frontend] Fix trigger now by @RomuDeuxfois in #910
• [frontend] add filter to show only targets with the appropriate platform by @savacano28 in #916
• [backend] Avoid raising stack trace instead of returning a 404 by @Dimfacion in #885
• Issue/911 by @guillaumejparis in #912
• [backend] fix rabbit env variables by @guillaumejparis in #933
• Update dependency io.minio:minio to v8.5.10 by @renovate in #935
• Update dependency vite to v5.2.11 by @renovate in #936
• Update dependency zod to v3.23.8 by @renovate in #938
• Update slack orb to v4.13.3 by @renovate in #939
• Update dependency ramda to v0.30.0 by @renovate in #929
• Update dependency @playwright/test to v1.44.0 by @renovate in #927

Full Changelog: 1.0.2...1.0.3

Version 1.0.2

Bug Fixes:

• #902 Simulation cannot be correctly executed
• #895 In some cases, creating an inject can lead to frontend error
• #892 In list of users (settings), tags header is missing
• #874 Caldera injectors checks on results of execution can loop forever
• #861 Start button for simulations is not aligned
• #853 Wrong icon for asset groups in edition/creation forms

Pull Requests:

• [Frontend]Update assets and asset groups icons in inject forms by @johanah29 in #891
• [backend] Improving performance by @Dimfacion in #900
• [Frontend]Align simulations start button by @johanah29 in #872
• [frontend]Fix users list header by @johanah29 in #873

Full Changelog: 1.0.1...1.0.2