OpenAEV by Filigran
Breach and attack simulation (BAS) software
System security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if OpenAEV by Filigran and its alternatives fit your requirements.
Contact the product provider
Free Trial unavailable
Free version
Small
Medium
Large
-
What is OpenAEV by Filigran
OpenAEV by Filigran is an open-source security validation tool used to emulate adversary behaviors and test defensive controls in a controlled environment. Security teams use it to run attack scenarios, observe detection and response coverage, and identify gaps in endpoint and network monitoring. It focuses on repeatable, scenario-based execution aligned to common attacker techniques and is designed to be integrated into security engineering and purple-team workflows.
Open-source and extensible
OpenAEV is available as open source, which allows teams to inspect how scenarios are implemented and adapt them to internal requirements. This can reduce vendor lock-in compared with closed BAS platforms. It also enables contributions and customization for specific environments, such as adding new techniques or tailoring execution steps. For organizations with engineering capacity, this can accelerate iteration on validation content.
Technique-driven validation approach
The product is oriented around emulating attacker behaviors rather than only running generic vulnerability checks. This supports mapping tests to common adversary techniques and validating whether telemetry and detections trigger as expected. It is useful for purple-team exercises and for validating changes to EDR/SIEM rules. The approach aligns well with continuous control validation practices.
Automation-friendly workflows
OpenAEV is designed to run repeatable scenarios, which supports regression testing after security tool changes or policy updates. Teams can incorporate runs into scheduled validation cycles and document outcomes for remediation tracking. This helps operationalize security validation beyond one-off assessments. It can complement broader security operations processes when paired with logging and case management tools.
Higher operational setup effort
As an open-source tool, OpenAEV typically requires more hands-on deployment, configuration, and maintenance than fully managed BAS offerings. Teams may need to build supporting processes for scheduling, reporting, and environment preparation. This can increase time-to-value for smaller security teams. Ongoing upkeep (updates, content curation, and compatibility testing) may also fall on the user.
Reporting and governance depth varies
Open-source BAS tools often provide less out-of-the-box executive reporting, benchmarking, and audit-ready governance features than enterprise BAS platforms. Organizations may need to create their own dashboards and standardized metrics. This can make it harder to compare results across business units or over time without additional tooling. Formal compliance reporting may require extra integration work.
Content breadth may be uneven
The breadth of prebuilt scenarios and technique coverage may be narrower or less curated than commercial validation libraries that ship with extensive, regularly updated content. Teams may need to author or adapt scenarios to match their threat model and technology stack. This can be a constraint for organizations seeking immediate, comprehensive coverage. Effectiveness depends on how well scenarios are maintained and aligned to the environment.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Community Edition (CE) | $0 — Free (Apache License 2.0) | Open-source Community Edition available for on‑premise deployment (download/enable from GitHub); includes core OpenAEV functionality, integrations and community support. |
| Enterprise Edition (EE) | Custom pricing — Contact sales | Paid Enterprise Edition (open‑core licensed) with AI-powered scenario generation, AI‑augmented remediation, Filigran‑hosted SaaS option and dedicated customer support; pricing is not published and requires contacting Filigran. |
Seller details
Filigran
Paris, France
2022
Private
https://filigran.io/
https://x.com/FiligranHQ
https://www.linkedin.com/company/filigran/
