Plan, execute and conduct your crisis management exercises
More than 3 years ago, we decided to build the OpenEx application which allows organizations to facilitate the planning of crisis management exercises, whatever the vertical or the type of drill they would like to schedule. This decision was made because of the obvious lack of such piece of software on the market, moreover in Open Source.
We are glad to announce that after 2 years without any release, we have finally published OpenEx Version 2, fully functional and upgraded with the latest technologies. The demonstration instance has been migrated and is now accessible to anyone.
Why this new version and why now
After the last release in 2018, the French National Cybersecurity Agency continued to work on the project and to implement new features. During this new development cycle, it was hard for Luatix team to follow the new contributions and integrate them properly with the Open Source basecode. In September 2020, we decided with Julien Richard to dedicate some time to finally merge the new features while rewriting the source code of the application, especially to upgrade libraries which were outdated.
Therefore, in OpenEx version 2, a lot of enhancements have been done within the product:
- upgrade all dependencies to fix vulnerabilities and bugs (Symfony 3 to Symfony 5, Material UI on last version, etc.);
- introduce geofencing to locate injects and players;
- create a global documents gallery to use attached files in exercises;
- enhance the dryruns and comchecks working;
- develop the capability to export and import exercises (including audiences and scenario);
- add enriched text fields and dynamic variables to be used in injects;
- implement Single Sign On and Kerberos authentication.
Main major enhancements
OpenEx version 2 source code is completely rewritten, as we had to upgrade the backend from Symfony 3 to Symfony 5 and the frontend was completely out-of-date. While bumping these dependencies, we also implemented a lot of features requested by the community during the past few months.
Geofencing of players and injects
Players and injects can now be geo-located using latitude and longitude attributes, allow planners to have a good overview of geographic distribution of the exercise. In the future, the usage of maps will be generalized to the rest of the application.
Global documents gallery
To allow planners to re-use the same documents across different exercises, OpenEx now has a global documents gallery. These documents can be used as attached files in the injects of all exercises. A system of tags and search is available to categorize files.
Enhanced dryruns and comchecks
All bugs found in previous versions around dryruns and comchecks of exercises have been solved. It is now possible to play a dryrun of the exercise to the planners group with different speeds.
Comchecks to verify email addresses of players has been reworked, for instance to be able to customize sender email address and content of the messages.
Capability to import and export exercises
It’s now possible to export a whole exercise in an Excel sheet but also just export injects to EML format in case the platform is down, so planners can send emails manually if necessary.
Enriched field and dynamic variables
When planning an exercise, it can be interesting to use variables from the player who will receive the inject such as his name or the organization he belongs to.
OpenEx 2.0 is just the beginning of a more long-term roadmap which includes exercises catalog and sharing, more customization in the planning, etc. Please join us on our #Slack channels if you need any more information on this new version.