OpenBAS Scenarios Available in XTM Hub!

XTM Hub is Filigran’s free knowledge-sharing platform designed for the community. Today, we’re expanding its content with ready-to-use OpenBAS Scenarios developed by our team to strengthen your cyber resilience. Whether you’re simulating an APT-led cyber crisis or validating technical configurations, these scenarios are immediately actionable. You can now download them and import them inside of your OpenBAS instance.

---

TL;DR

• Ready-made OpenBAS scenarios now in XTM Hub
• Realistic training based on APT threat actors
• Technical validation of security controls (e.g., LDAPS + Channel Binding)
• Free and open access for the community
• Ideal for simulation, awareness, and cyber maturity

OpenBAS + XTM Hub: Real-World Cyber Preparedness

Train your teams with cyber crisis simulations

Some scenarios are designed to simulate a cyberattack orchestrated by a known APT group. These help prepare operational teams (SOC, CERT, CISOs) in a realistic environment with:

• Incident response activation
• Privilege escalation chains
• Data exfiltration
• Crisis communication challenges

Example: A scenario based on Akira ransomware tactics puts your organization in a multi-vector attack where every decision counts.

Validate your Technical Security Posture

Other scenarios focus on testing specific security configurations.

One example: validating whether your Active Directory is hardened properly:

• LDAPS is enforced
• Channel Binding is enabled
• No fallback to insecure connections

These are ideal for IT, security, or GRC teams looking to automate posture validation.

Build awareness and good practices

These scenarios aren’t only for technical teams—they’re also great for raising awareness, improving reflexes, and testing decision-making under pressure.

→ Each scenario can be customized to match your specific threat landscape, business context, or compliance requirements.

How to use them?

Getting started with these scenarios is quick and easy. Here’s how to import them into your own OpenBAS instance:

1. Download the scenario file Head over to the XTM Hub, locate the scenario you want, and download the .zip file.

2. Open your OpenBAS instance Log in to your local OpenBAS environment. You need the right permissions to manage scenarios.
3. Go to the “Scenarios” section In the left-hand navigation menu, click on “Scenarios”.

4. Click “Import scenario”. Then, upload the ZIP file you previously downloaded. This Zip file contains a JSON file inside. You do not need to unzip it to import the scenario.

5. Review and launch After import, review the details, customize if needed, and run the scenario!

💡 Tip: You can duplicate and edit any imported scenario to better fit your internal processes or specific testing objectives. The simulated events must target your Assets.

If no asset has been designated as target, you will see a “Missing Content” status. Asset can be imported through OpenBAS agent, Caldera, CrowdStrike or Tanium. Click on update to add Asset as targets:

Then click on “Launch Now”:

For example, if you downloaded the Scenario “SMBV1 enumeration”, you will then find your SMBV1 servers into the “Findings tab” + Detection & Prevention by your security systems on this attack into the Simulation’s Overview:

As you can see there is 2 IP associated to SMB Servers with SMBV1 and below the simulation was neither Prevented nor Detected:

Conclusion

With these new, ready-to-use scenarios, OpenBAS becomes even more accessible via XTM Hub. Whether you’re an analyst, architect, or compliance officer, these resources will help you save time, train your teams, and strengthen your security posture.

→ Get started now by visiting XTM Hub and try them out in your OpenBAS instance!

Enjoy and feel free to ask any questions about it on our Slack community channel !