Views: 12
Introduction
In today’s rapidly evolving cybersecurity landscape, organizations need robust tools to test their security posture and validate their defenses. OpenBAS (Open Breach and Attack Simulation) emerges as a powerful open-source platform that enables security teams to conduct comprehensive security exercises, simulate realistic attack scenarios, and assess organizational resilience against cyber threats.
This guide will walk you through the complete installation process of OpenBAS using Docker, highlighting its capabilities and sharing real-world installation experiences to help you successfully deploy this valuable security tool.
What is OpenBAS?
OpenBAS is an open-source Breach and Attack Simulation (BAS) platform developed by Filigran, the same team behind OpenCTI (Cyber Threat Intelligence platform). It provides organizations with the ability to:
- Simulate realistic attack scenarios against their infrastructure
- Test detection and response capabilities of security teams
- Conduct tabletop exercises and crisis management simulations
- Assess security awareness through targeted phishing campaigns
- Generate comprehensive reports on organizational security posture
Key Features and Capabilities
1. Comprehensive Attack Simulation
- MITRE ATT&CK Integration: Leverages the MITRE ATT&CK framework to simulate real-world tactics, techniques, and procedures (TTPs)
- Multi-vector Attacks: Supports email, network, and endpoint-based attack simulations
- Customizable Scenarios: Create tailored attack scenarios based on your organization’s specific threat landscape
2. Security Awareness Training
- Phishing Simulations: Deploy realistic phishing campaigns to test and educate employees
- Social Engineering Tests: Simulate various social engineering attacks to assess human factor vulnerabilities
- Training Integration: Seamlessly integrate security awareness training based on simulation results
3. Crisis Management and Tabletop Exercises
- Scenario Planning: Design and execute crisis management scenarios
- Team Coordination: Test incident response procedures and team communication
- Decision Making: Evaluate decision-making processes under pressure
4. Advanced Reporting and Analytics
- Detailed Metrics: Comprehensive reporting on attack simulation results
- Performance Tracking: Monitor improvements in security posture over time
- Executive Dashboards: High-level summaries for leadership and stakeholders
5. Integration Capabilities
- SIEM Integration: Connect with Security Information and Event Management platforms
- Threat Intelligence: Leverage threat intelligence feeds for realistic attack scenarios
- API Support: Extensive API support for custom integrations and automation
Prerequisites
Before beginning the installation, ensure your system meets the following requirements:
System Requirements
- Operating System: Linux (Ubuntu 20.04+ recommended) or Docker-compatible OS
- RAM: Minimum 8GB, recommended 16GB+
- Storage: At least 50GB free disk space
- CPU: 4+ cores recommended
- Network: Internet connectivity for pulling Docker images and updates
Required Software
- Docker: Version 20.10+
- Docker Compose: Version 2.0+
- Git: For cloning the repository
Step-by-Step Installation Guide
Step 1: System Preparation
First, ensure Docker and Docker Compose are installed on your system:
# Install Docker (Ubuntu/Debian)
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# Install Docker Compose
sudo apt-get update
sudo apt-get install docker-compose-plugin
# Verify installations
docker --version
docker compose version
Step 2: Clone the OpenBAS Repository
# Clone the official OpenBAS repository
git clone https://github.com/OpenBAS-Platform/openbas.git
cd openbas
Step 3: Configure Environment Variables
Create and customize the .env file with your specific configuration:
# Copy the example environment file
cp .env.example .env
# Edit the configuration file
nano .env
Critical Configuration Parameters:
# PostgreSQL Configuration
POSTGRES_USER=admin
POSTGRES_PASSWORD=YourSecurePassword123!
POSTGRES_DB=openbas
# Spring Database Configuration
SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/openbas
SPRING_DATASOURCE_USERNAME=admin
SPRING_DATASOURCE_PASSWORD=YourSecurePassword123!
SPRING_DATASOURCE_DRIVER_CLASS_NAME=org.postgresql.Driver
SPRING_JPA_HIBERNATE_DDL_AUTO=none
# MinIO Configuration
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=YourSecurePassword123!
# RabbitMQ Configuration
RABBITMQ_DEFAULT_USER=admin
RABBITMQ_DEFAULT_PASS=YourSecurePassword123!
# ElasticSearch Configuration
ELASTIC_MEMORY_SIZE=4G
# OpenBAS General Configuration
OPENBAS_BASE_URL=http://your-server-ip:8080
OPENBAS_ADMIN_EMAIL=[email protected] #use a valid generic email address
OPENBAS_ADMIN_PASSWORD=YourSecurePassword123!
OPENBAS_ADMIN_TOKEN=your-unique-uuid-token-here
OPENBAS_HEALTHCHECK_KEY=your-healthcheck-key-here
# Email Configuration (Optional but recommended)
SPRING_MAIL_HOST=your-smtp-server.com
SPRING_MAIL_PORT=587
SPRING_MAIL_USERNAME=[email protected]
SPRING_MAIL_PASSWORD=YourEmailPassword
SPRING_MAIL_PROPERTIES_MAIL_SMTP_AUTH=true
SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE=true
Please use a valid generic email address. Email addresses ending with .local will be rejected because .local domains are typically reserved for local network resolution and may not pass email validation. If you don’t have a real domain, use a placeholder that passes validation (e.g., [email protected] instead of [email protected]).
Step 4: Deploy OpenBAS
Launch the OpenBAS platform using Docker Compose:
# Start all services
docker compose up -d
# Monitor the deployment
docker compose logs -f openbas
Step 5: Verify Installation
Check that all services are running correctly:
# Check service status
docker compose ps
# Verify container health
docker compose logs openbas | grep "Started App"
Common Installation Issues and Solutions
Issue 1: Database Authentication Errors
Problem: FATAL: password authentication failed for user "admin"
Solution: Ensure database credentials match between PostgreSQL and Spring configuration:
# These must match exactly
POSTGRES_USER=admin
SPRING_DATASOURCE_USERNAME=admin
POSTGRES_PASSWORD=YourPassword
SPRING_DATASOURCE_PASSWORD=YourPassword
Issue 2: Email Validation Errors
Problem: Config properties 'openbas.admin.email' should be a valid email address
Solution: Use a proper email domain (avoid .local domains):
# Change from:
OPENBAS_ADMIN_EMAIL=[email protected]
# To:
OPENBAS_ADMIN_EMAIL=[email protected]
Issue 3: Container Health Check Failures
Problem: Containers marked as “unhealthy”
Solutions:
- Check available system resources (RAM, disk space)
- Verify network connectivity between containers
- Review container logs for specific error messages
- Ensure all required ports are available
Issue 4: Memory Issues
Problem: Services crashing due to insufficient memory
Solution: Adjust memory allocations in your .env file:
ELASTIC_MEMORY_SIZE=2G # Reduce if system has limited RAM
Post-Installation Configuration
Initial Login
- Navigate to
http://your-server-ip:8080 - Login with the credentials configured in your
.envfile:- Email: Value of
OPENBAS_ADMIN_EMAIL - Password: Value of
OPENBAS_ADMIN_PASSWORD
- Email: Value of
Essential First Steps
- Change Default Passwords: Update all default passwords immediately
- Configure Email Settings: Set up SMTP for notifications and phishing simulations
- Import MITRE ATT&CK Data: Enable the MITRE ATT&CK collector for framework integration
- Create User Accounts: Set up additional user accounts for your security team
- Configure Organizations: Define your organizational structure within the platform
Best Practices for Production Deployment
Security Hardening
- Use Strong Passwords: Implement complex passwords for all services
- Enable HTTPS: Configure SSL/TLS certificates for secure communication
- Network Segmentation: Deploy OpenBAS in a dedicated network segment
- Regular Backups: Implement automated backup procedures for database and configurations
- Update Management: Establish a process for regular updates and patches
Performance Optimization
- Resource Monitoring: Monitor system resources and scale as needed
- Database Tuning: Optimize PostgreSQL configuration for your workload
- Storage Performance: Use SSD storage for better I/O performance
- Load Balancing: Consider load balancing for high-availability deployments
Maintenance Procedures
# Regular maintenance commands
docker compose down
docker system prune -f
docker compose pull
docker compose up -d
# Backup procedures
docker exec postgres pg_dump -U admin openbas > backup_$(date +%Y%m%d).sql
Integration with Security Stack
SIEM Integration
OpenBAS can integrate with popular SIEM solutions:
- Splunk: Forward simulation logs and results
- IBM QRadar: Correlate attack simulations with real events
- Elastic SIEM: Leverage Elasticsearch integration
- Microsoft Sentinel: Connect via API for comprehensive visibility
Threat Intelligence Integration
- OpenCTI Integration: Seamless integration with OpenCTI for threat intelligence
- MISP Integration: Connect with MISP instances for threat data
- Commercial Feeds: Support for various commercial threat intelligence feeds
Use Cases and Applications
1. Red Team Exercises
- Simulate advanced persistent threats (APTs)
- Test detection capabilities across the kill chain
- Validate security control effectiveness
- Assess incident response procedures
2. Security Awareness Programs
- Conduct regular phishing simulations
- Test social engineering susceptibility
- Track improvement metrics over time
- Provide targeted training based on results
3. Compliance Testing
- Demonstrate security testing capabilities for auditors
- Validate compliance with security frameworks
- Generate reports for regulatory requirements
- Document security improvement efforts
4. Crisis Management Training
- Simulate major security incidents
- Test communication procedures
- Evaluate decision-making under pressure
- Improve coordination between teams
Measuring Success
Key Performance Indicators (KPIs)
- Detection Rate: Percentage of simulated attacks detected
- Response Time: Time to detect and respond to simulations
- False Positive Rate: Accuracy of security alerts
- User Awareness: Improvement in phishing click rates
- Process Efficiency: Incident response process improvements
Reporting and Documentation
OpenBAS provides comprehensive reporting capabilities:
- Executive summaries for leadership
- Technical details for security teams
- Trend analysis over time
- Benchmark comparisons
- Remediation recommendations
Conclusion
OpenBAS represents a significant advancement in open-source security testing tools, providing organizations with enterprise-grade breach and attack simulation capabilities without the associated licensing costs. Its comprehensive feature set, MITRE ATT&CK integration, and extensive customization options make it an invaluable tool for any security-conscious organization.
The installation process, while requiring careful attention to configuration details, is straightforward and well-documented. By following this guide and implementing the recommended best practices, you’ll have a powerful platform for testing, improving, and demonstrating your organization’s security posture.
Remember that OpenBAS is not just a tool but a platform for building a culture of continuous security improvement. Regular use of its simulation and training capabilities will help strengthen your organization’s defenses and better prepare your team for real-world threats.
Additional Resources
- Official Documentation: OpenBAS Documentation
- GitHub Repository: OpenBAS on GitHub
- Community Support: OpenBAS Community Forum
- Professional Services: Filigran Professional Services
This installation guide is based on real-world deployment experience and community feedback. For the latest updates and version-specific information, always refer to the official OpenBAS documentation.