Version 1.0.3

Bug Fixes:

• #908 Error on Inject simulated emails
• #897 Manual Launch of mails "Déclencher maintenant" cannot be triggered in a simulation
• #896 In atomic testing, only compatible assets should be listed
• #867 Avoid raising stack trace when entity is not found, just returning 404
• #839 [Scenario] The import of Scenario is not working

Pull Requests:

• [backend/frontend] Fix import scenario by @RomuDeuxfois in #909
• [frontend] Fix ai button by @guillaumejparis in #913
• [backend/frontend] Fix trigger now by @RomuDeuxfois in #910
• [frontend] add filter to show only targets with the appropriate platform by @savacano28 in #916
• [backend] Avoid raising stack trace instead of returning a 404 by @Dimfacion in #885
• Issue/911 by @guillaumejparis in #912
• [backend] fix rabbit env variables by @guillaumejparis in #933
• Update dependency io.minio:minio to v8.5.10 by @renovate in #935
• Update dependency vite to v5.2.11 by @renovate in #936
• Update dependency zod to v3.23.8 by @renovate in #938
• Update slack orb to v4.13.3 by @renovate in #939
• Update dependency ramda to v0.30.0 by @renovate in #929
• Update dependency @playwright/test to v1.44.0 by @renovate in #927

Full Changelog: 1.0.2...1.0.3

Version 1.0.2

Bug Fixes:

• #902 Simulation cannot be correctly executed
• #895 In some cases, creating an inject can lead to frontend error
• #892 In list of users (settings), tags header is missing
• #874 Caldera injectors checks on results of execution can loop forever
• #861 Start button for simulations is not aligned
• #853 Wrong icon for asset groups in edition/creation forms

Pull Requests:

• [Frontend]Update assets and asset groups icons in inject forms by @johanah29 in #891
• [backend] Improving performance by @Dimfacion in #900
• [Frontend]Align simulations start button by @johanah29 in #872
• [frontend]Fix users list header by @johanah29 in #873

Full Changelog: 1.0.1...1.0.2

Version 1.0.1

Enhancements:

• #840 Add Tanium as an executor

Bug Fixes:

• #886 [Inject] Error when using "send individual mail"
• #871 After a certain amount of time, list of scenarios is broken
• #869 In some cases, Caldera injector is not associating platforms with inject contracts
• #868 Media Pressure articles are dissappearing
• #864 In list of users (settings), icon for admin is not aligned
• #845 Simulations count on dashboard is not accurate

Pull Requests:

• [backend] Remove null objects as a safety measure to avoid NPE by @Dimfacion in #875
• [frontend] Fixing the global counts on the admin page by @Dimfacion in #881
• [frontend/backend] Adding the correct version of RabbitMQ by @Dimfacion in #880
• [frontend] Fixing the filter disappearing when selecting an item by @Dimfacion in #882
• Revert "[frontend/backend] Adding the correct version of RabbitMQ" by @Dimfacion in #894

New Contributors:

• @Dimfacion made their first contribution in #875

Full Changelog: 1.0.0...1.0.1

Version 1.0.0

OpenBAS is finally out! 🎊 It is the first iteration of our new Breach and Attack simulation platform based on a profound improvement and restructuring of our previous Exercise planning platform, OpenEx. With OpenBAS, generate and manage your attack and crisis simulations, incorporate technical and contextual events together, and evaluate your security posture against real-world threats. 🛡️

OpenBAS is part of our eXtended Threats Management suite, and offer a strong integration with OpenCTI 🤝. Based on your qualified knowledge on threats in OpenCTI, you can generate OpenBAS’s simulations directly from OpenCTI and know if you are at risk facing them.

With OpenBAS, we want to include people skills into the equation. You can evaluate how your teams are responding to specific events, not only technical ones. It means you can include non-technical teams, like legal, crisis communication and so on into your security posture evaluation. 👥

Like OpenCTI, OpenBAS propose a python framework to help the Community to develop integrations with their own ecosystems. Executors (responsible for executing attacks), Injectors (responsible for injecting commands) and Collectors (responsible for collecting results and environment topography) helps you interact with your security environment and users. 🌐

OpenBAS simulations can be generated from templates, called Scenarios. Scenarios can be imported, created directly in the interface or even created automatically from OpenCTI. From them, you can scheduled recurring simulations to see the evolution of your security posture’s efficiency against a specific threat context. ⏰

Scenarios, thus Simulations, are composed of Injects: events simulating attacker actions and contextual situations. Each inject targets players or endpoints and you can define what is expected from them. From these expectations’ successes is calculated how your security posture is performing. 💯

In OpenBAS, results are broken down into three main metrics: Prevention, Detection, and Human response. It helps you quickly understand where are your strengths, and your weaknesses. 💪

You will find much more in OpenBAS, like atomic testing, media pressure simulations, technical Challenges, etc. We are eager to see you play with it and give us feedback! This iteration is a first of many! Stay tuned! 👋

Enhancements:

• #292 Massive operations and filters in injects list
• #703 Change expectations validation strategy with alert types in injectors/collectors
• #508 Implement list numbers and change the export style button
• #571 Design rework for major release and integration with OpenCTI
• #562 OpenCTI integration for injecting case & incident
• #642 Atomic testing
• #646 Rework the Home screen
• #771 [platform] Implement Ask IA capability
• #561 New workflow for selecting Injects, based on ATT&CK matrices
• #644 Concatenate results from recurring simulations and display Results in Scenario
• #643 Rework of the Simulations list screen
• #565 Rework of the Overview screen of a Simulation
• #711 Rework of the Validation screen in Simulations
• #620 Ability to launch recurring Simulations based on a Scenario
• #622 Rename map server to map.openbas.io in config and in production
• #505 Implement a global search across the platform
• #510 Dynamic Asset Groups
• #559 Enhance the load time of thousand of Objects in list
• #507 Be able to customize theme in OpenEx
• #482 Remove ckeditor mentions
• #560 Rework of the left menu to correspond to new workflows
• #231 Be able to customize sender email address of system messages (lost password, registration, etc.)
• #563 Collector for Sentinel for catching inject and feeding expectations
• #566 Modelize inject types / contract in the database
• #569 Handle 404 properly within admin
• #566 Modelize inject types / contract in the database
• #513 Implement status for Caldera Agent
• #555 Implement Scenarios
• #511 Add technical expectations for Caldera injects
• #268 Be able to modelize asset and group in the platform

Bug Fixes:

• #270 Add a constraint on tag name uniqueness
• #654 [Lessons Learned] for players the survey page does not load
• #637 Migration to scenario and simulation break my exercise
• #626 Disable / enable player in a team is not correctly handled
• #614 Fix vite hmr on .js files
• #576 Ensure uniqueness of email field when creating a user account
• #573 I forgot my password display not look like a cliquable link
• #515 No check on landline phone numbers in the players edition form

Pull Requests:

• [backend] Changed unavailable variable in injects (#462) by @RomuDeuxfois in #470
• Add manual expectations list for an inject by @RomuDeuxfois in #456
• [backend] Handle empty content in inject migration by @RomuDeuxfois in #471
• [migration] Handle media content in inject by @RomuDeuxfois in #472
• [backend/frontend] Migrate audiences to teams (#475) by @SamuelHassine in #476
• Update dependency vitest to v1 by @renovate in #486
• Update actions/setup-java action to v4 by @renovate in #489
• Update github/codeql-action action to v3 by @renovate in #487
• Update dependency @hookform/resolvers to v3.3.4 by @renovate in #491
• Update dependency @emotion/react to v11.11.3 by @renovate in #490
• [backend/frontend] Migrate medias to channels by @SamuelHassine in #503
• Update dependency typescript to v5.3.3 by @renovate in #501
• Update dependency pdfmake to v0.2.9 - autoclosed by @renovate in #500
• Update dependency moment-timezone to v0.5.44 by @renovate in #498
• Update dependency html-react-parser to v5.0.11 by @renovate in #497
• Migration to Spring Boot v3 by @RomuDeuxfois in #467
• [backend] Fix default spring security http authorization by @RomuDeuxfois in #514
• Update dependency vite to v5.0.11 by @renovate in #493
• Update react monorepo by @renovate in #494
• Update dependency @eslint/eslintrc to v3 by @renovate in #483
• Update dependency date-fns to v3 by @renovate in #484
• Update dependency vite to v5.0.12 [SECURITY] by @renovate in #517
• Bump vite from 5.0.11 to 5.0.12 in /openex-front by @dependabot in #516
• Update Node.js to v20.11.0 by @renovate in #518
• Update dependency apexcharts to v3.45.1 by @renovate in #523
• Update dependency classnames to v2.5.1 by @renovate in #524
• Update dependency @vitejs/plugin-react to v4.2.1 by @renovate in #522
• Update dependency @eslint/js to v8.56.0 by @renovate in https://g...