PowerGRR
0.2.0
The module allows the use of the GRR API from within PowerShell.
Minimum PowerShell version
3.0
Installation Options
Owners
Copyright
(c) 2017 Swisscom (Schweiz) AG
Package Details
Author(s)
- Swisscom (Schweiz) AG
Tags
GRR RemoteForensics ThreatHunting Security IncidentResponse Containment Malware
Functions
Get-GRRHuntResult Get-GRRHuntInfo Find-GRRClient Find-GRRClientByLabel Get-GRRComputerNameFromClientId Get-GRRClientIdFromComputerName Set-GRRLabel Remove-GRRLabel Invoke-GRRFlow Get-GRRLabel Get-GRRHunt Get-GRRFlowResult ConvertFrom-Base64 Invoke-GRRRequest Get-GRRSession New-GRRHunt Start-GRRHunt Stop-GRRHunt New-GRRHuntApproval New-GRRClientApproval Get-GRRFlowDescriptor Get-GRRArtifact
Dependencies
This module has no dependencies.
Release Notes
This version introduces the ArtifactCollectorFlow, the handling of forensic artifacts and the possibility to use the OS rule type within flows and hunts.
It's now possible with Get-GRRArtifact to filter and search for specific artifacts. The return object is a custom PowerShell objects with the most important fields. Similarly, use Get-GRRFlowDescriptor to get a list of all available flow types. Furthermore, various command examples were added to the help.
Create a Configuration.ps1 file in the root folder of the project. Set the following variables as needed:
**********************
# Ignore certificate errors - if set to $true certificate errors are ignored
$GRRIgnoreCertificateErrors = $false
# Client certificate issuer - if set the corresponding client certificate is used
# Otherwise the client certificate from the given issuer is used.
$GRRClientCertIssuer = "issuer of the certificate"
# GRR URL
$GRRUrl = ...
**********************
See CHANGELOG in Github (see link "Project Site" on the left) for full version information.
FileList
- PowerGRR.nuspec
- PowerGRR.psd1
- PowerGRR.psm1
- en-us\PowerGRR-help.xml
Version History
Version | Downloads | Last updated |
---|---|---|
0.12.0 | 202 | 7/7/2021 |