Caldera injects
The Caldera framework, developed by MITRE, is a powerful framework designed to simulate cyberattacks. It enables security teams to conduct realistic and controlled simulations of adversary behavior, reducing the amount of time and resources needed for routine cybersecurity testing.
Injects
In OpenBAS, the Caldera framework has been fully integrated, offering users access to a comprehensive library of injects for conducting simulation exercises. With this integration, users can leverage the extensive capabilities of Caldera within OpenBAS.
Caldera offers 1600+ abilities, covering the full range of ATT&CK tactics and techniques. These capabilities equip security teams with an extensive toolkit to simulate various threats and assess defense mechanisms effectively.
Behavior
Injects within the Caldera framework can be played on both individual Endpoints and Asset groups. Prior to playing injects, Caldera agents need to be installed on the target machines to enable interaction with the platform.
Once the agents are deployed, simulations with Caldera injects can be executed. The platform will contact the Agent to start the ability. Subsequently, the agents will report the results to OpenBAS. Below is the workflow illustrating the behavior of injects.
Configuration variables
Below are the properties you'll need to set for OpenBAS:
| Property | application.properties | Docker environment variable | Mandatory | Description | 
|---|---|---|---|---|
| Enable Caldera collector | injector.caldera.enable | INJECTOR_CALDERA_ENABLE | Yes | Enable the Caldera injector. | 
| Injector ID | injector.caldera.id | INJECTOR_CALDERA_ID | Yes | The ID of the injector. | 
| Collector IDs | injector.caldera.collector-ids | INJECTOR_CALDERA_COLLECTOR_IDS | Yes | The collector IDs compatible with the injection process. | 
| Caldera URL | injector.caldera.url | INJECTOR_CALDERA_URL | Yes | The URL of the Caldera instance. | 
| Caldera API Key | injector.caldera.api-key | INJECTOR_CALDERA_API-KEY | Yes | The API Key for the rest API of the Caldera instance. | 
