PowerGRR
0.2.1
PowerGRR creates a comfortable, cli-based workfl
PowerGRR creates a comfortable, cli-based workflow for incident response. Working directly with PowerShell objects enables you to sift quickly through flow and hunt data. This object-oriented approach gives you a fast way to analyze output within PowerShell, e.g. get all unique registry paths from a hunt or show a list of unique clients where a file was found.
Some of the use cases where PowerGRR could speed up the work:
* Start a flow on one or multiple clients and get flow results as PowerShell object for easier filtering.
* Create and start a new hunt and get the hunt info or results as PowerShell objects
* Add or remove a label on one or multiple clients based on a list of computer names.
* List hunts, labels or clients and filter them in different ways.
* Build scripts for common forensic workflows and start multiple hunts or flows inside a script.
----
Release Notes: https://github.com/swisscom/PowerGRR/releases
Configuration: https://github.com/swisscom/PowerGRR#configuration
Changelog: https://github.com/swisscom/PowerGRR/blob/master/CHANGELOG.md
Minimum PowerShell version
3.0
Installation Options
Owners
Copyright
(c) 2017 Swisscom (Schweiz) AG
Package Details
Author(s)
- Swisscom (Schweiz) AG
Tags
GRR Security IncidentResponse Containment Malware
Functions
Get-GRRHuntResult Get-GRRHuntInfo Find-GRRClient Find-GRRClientByLabel Get-GRRComputerNameFromClientId Get-GRRClientIdFromComputerName Set-GRRLabel Remove-GRRLabel Invoke-GRRFlow Get-GRRLabel Get-GRRHunt Get-GRRFlowResult ConvertFrom-Base64 Invoke-GRRRequest Get-GRRSession New-GRRHunt Start-GRRHunt Stop-GRRHunt New-GRRHuntApproval New-GRRClientApproval Get-GRRFlowDescriptor Get-GRRArtifact
Dependencies
This module has no dependencies.
Release Notes
v0.2.1
------
Hotfix for Invoke-GRRFlow and ExecutePythonHack flow.
v0.2.0
------
This version introduces the ArtifactCollectorFlow, the handling of forensic artifacts and the possibility to use the OS rule type within flows and hunts.
It's now possible with Get-GRRArtifact to filter and search for specific artifacts. The return object is a custom PowerShell objects with the most important fields. Similarly, use Get-GRRFlowDescriptor to get a list of all available flow types. Furthermore, various command examples were added to the help.
FileList
- PowerGRR.nuspec
- PowerGRR.psd1
- PowerGRR.psm1
- en-us\PowerGRR-help.xml
Version History
Version | Downloads | Last updated |
---|---|---|
0.12.0 | 202 | 7/7/2021 |