KB-Filigran-002 — Overview of OpenAEV Attack Emulation and Validation
Purpose
Provides a high-level overview of OpenAEV to support understanding of its role in cyber defence validation and attack emulation activities.
Overview
OpenAEV is an open-source Attack Emulation and Validation platform developed by Filigran. It is designed to help organizations assess and validate the effectiveness of security controls by safely emulating adversary behaviours in controlled environments.
OpenAEV supports threat-informed defence by enabling organizations to test detection, response, and resilience capabilities against realistic attack scenarios aligned to known threat techniques and adversary behaviours.
Scope
This article provides conceptual and reference information only. Configuration, deployment, scenario design, and execution are environment-specific and governed by organizational policies, authorization processes, and risk management requirements.This article does not provide:
- Step-by-step attack emulation instructions
- Exploitation techniques or payload details
- Operational playbooks or response procedures
Authoritative Documentation
Step-by-step attack emulation instructions
Exploitation techniques or payload details
Operational playbooks or response procedures
Authoritative Documentation
Official Filigran documentation for OpenAEV is available at:
Support & Escalation
For advisory, integration, or service-related assistance, submit a support request through this portal.
Compliance & Control Alignment (Informative)
This knowledge base article supports organizational awareness, documentation, and operational understanding related to cyber defence validation and security control testing. It may contribute to regulatory and compliance objectives depending on system design, deployment scope, and control implementation.
- ITSG-33 (Canada – GC / PBMM): PL-2, SA-9, SI-4, IR-1 / IR-4, CA-7
- CMMC (United States – DoD): SI.L2-3.14.1, IR.L2-3.6.1, CA.L2-3.12.1, RM.L2-3.11.1
- ISO/IEC 27001:2022: A.5.1, A.5.19, A.5.24, A.8.16, A.8.28
- FedRAMP (Moderate / High – Informative): SI-4, CA-7, IR-4, PL-2
- NIS2 (EU): Article 21(2)(a), (b), (e)
- DORA (EU – Financial Sector): Articles 6, 8, 10, 24
Important NoteThis article does not constitute evidence of compliance, certification, authorization, or accreditation. Compliance outcomes depend on implemented controls, governance processes, and independent assessment results.
Related Articles
KB-Filigran-003 — OpenCTI Integration and Data Sources
Purpose Provides a high-level overview of the types of integrations and data sources supported by OpenCTI to assist customers in understanding how the platform can consume, enrich, and correlate threat intelligence. Overview OpenCTI supports the ...KB-Filigran-001 — Overview of OpenCTI Threat Intelligence Platform
Purpose This article provides a high-level overview of the OpenCTI Threat Intelligence Platform to support customer understanding of its role in cyber threat intelligence (CTI) operations, analysis, and sharing. Overview OpenCTI is an open-source ...KB-OPSWAT-000 — Platform Overview
Purpose This article provides an overview of OPSWAT technologies and how they are used by C3SA to reduce malware, supply-chain, and data transfer risk across IT and OT environments. OPSWAT focuses on deep content inspection, file sanitization (CDR), ...KB-GoogleCloud-010 — Overview of Google Security Operations (SecOps)
Purpose Provides a high-level overview of Google Security Operations (SecOps) and its role in security monitoring, detection, and investigation. Overview Google Security Operations is a cloud-native security operations platform designed to ingest, ...KB-GoogleCloud-020 — Overview of Google Threat Intelligence (GTI)
Purpose Explains Google Threat Intelligence (GTI) and its role in threat hunting and incident investigation. Overview Google Threat Intelligence provides curated intelligence, including IOCs, malware analysis, and threat actor context to support ...