GRR 3.4.6.7
- GRR 3.4.6.7
- Posted Mar 23, 2023
- Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com
-
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
- Changes: Server DEB package now targets Ubuntu 22.04 LTS. Agents are now Python 3.9-based (server deb package is Python 3.10-based). MySQL-based datastore performance considerably improved. UIv2 supports majority of flows and hunts. Third-party dependencies updated. A lot of minor bugfixes and improvements.
- systems | unix
- SHA-256 |
83e33c64fdc4893402f4ce0e2cef221124b1c93f94e74a895f84c68e147491aa - Download | Favorite | View
Gloss