Caldera injects

The Caldera framework, developed by MITRE, is a powerful framework designed to simulate cyberattacks. It enables security teams to conduct realistic and controlled simulations of adversary behavior, reducing the amount of time and resources needed for routine cybersecurity testing.

Injects

In OpenBAS, the Caldera framework has been fully integrated, offering users access to a comprehensive library of injects for conducting simulation exercises. With this integration, users can leverage the extensive capabilities of Caldera within OpenBAS.

Caldera offers 1600+ abilities, covering the full range of ATT&CK tactics and techniques. These capabilities equip security teams with an extensive toolkit to simulate various threats and assess defense mechanisms effectively.

Behavior

Injects within the Caldera framework can be played on both individual Endpoints and Asset groups. Prior to playing injects, Caldera agents need to be installed on the target machines to enable interaction with the platform.

Once the agents are deployed, simulations with Caldera injects can be executed. The platform will contact the agent to start the ability. Subsequently, the agents will report the results to OpenBAS. Below is the workflow illustrating the behavior of injects.

Configuration variables

Below are the properties you'll need to set for OpenBAS:

Property	application.properties	Docker environment variable	Mandatory	Description
Enable Caldera collector	injector.caldera.enable	`INJECTOR_CALDERA_ENABLE`	Yes	Enable the Caldera injector.
Injector ID	injector.caldera.id	`INJECTOR_CALDERA_ID`	Yes	The ID of the injector.
Collector IDs	injector.caldera.collector-ids	`INJECTOR_CALDERA_COLLECTOR_IDS`	Yes	The collector IDs compatible with the injection process.
Caldera URL	injector.caldera.url	`INJECTOR_CALDERA_URL`	Yes	The URL of the Caldera instance.
Caldera API Key	injector.caldera.api-key	`INJECTOR_CALDERA_API-KEY`	Yes	The API Key for the rest API of the Caldera instance.