Filigran
Published in

Filigran

Plan, execute and conduct your crisis management exercises

More than 3 years ago, we decided to build the OpenEx application which allows organizations to facilitate the planning of crisis management exercises, whatever the vertical or the type of drill they would like to schedule. This decision was made because of the obvious lack of such piece of software on the market, moreover in Open Source.

We are glad to announce that after 2 years without any release, we have finally published OpenEx Version 2, fully functional and upgraded with the latest technologies. The demonstration instance has been migrated and is now accessible to anyone.

Why this new version and why now

After the last release in 2018, the French National Cybersecurity Agency continued to work on the project and to implement new features. During this new development cycle, it was hard for Luatix team to follow the new contributions and integrate them properly with the Open Source basecode. In September 2020, we decided with Julien Richard to dedicate some time to finally merge the new features while rewriting the source code of the application, especially to upgrade libraries which were outdated.

Therefore, in OpenEx version 2, a lot of enhancements have been done within the product:

  • upgrade all dependencies to fix vulnerabilities and bugs (Symfony 3 to Symfony 5, Material UI on last version, etc.);
  • introduce geofencing to locate injects and players;
  • create a global documents gallery to use attached files in exercises;
  • enhance the dryruns and comchecks working;
  • develop the capability to export and import exercises (including audiences and scenario);
  • add enriched text fields and dynamic variables to be used in injects;
  • implement Single Sign On and Kerberos authentication.
Execution of an exercise

Main major enhancements

OpenEx version 2 source code is completely rewritten, as we had to upgrade the backend from Symfony 3 to Symfony 5 and the frontend was completely out-of-date. While bumping these dependencies, we also implemented a lot of features requested by the community during the past few months.

Geofencing of players and injects

Players and injects can now be geo-located using latitude and longitude attributes, allow planners to have a good overview of geographic distribution of the exercise. In the future, the usage of maps will be generalized to the rest of the application.

Plot players on the map

Global documents gallery

To allow planners to re-use the same documents across different exercises, OpenEx now has a global documents gallery. These documents can be used as attached files in the injects of all exercises. A system of tags and search is available to categorize files.

The OpenEx documents gallery

Enhanced dryruns and comchecks

All bugs found in previous versions around dryruns and comchecks of exercises have been solved. It is now possible to play a dryrun of the exercise to the planners group with different speeds.

Launch a dryrun

Comchecks to verify email addresses of players has been reworked, for instance to be able to customize sender email address and content of the messages.

Comcheck overview

Capability to import and export exercises

It’s now possible to export a whole exercise in an Excel sheet but also just export injects to EML format in case the platform is down, so planners can send emails manually if necessary.

Export of an exercise

Enriched field and dynamic variables

When planning an exercise, it can be interesting to use variables from the player who will receive the inject such as his name or the organization he belongs to.

OpenEx 2.0 is just the beginning of a more long-term roadmap which includes exercises catalog and sharing, more customization in the planning, etc. Please join us on our #Slack channels if you need any more information on this new version.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store