PowerGRR
0.4.1
PowerGRR cre
PowerGRR creates a comfortable, cli-based workflow for incident response. Working directly with PowerShell objects enables you to sift quickly through flow and hunt data. This object-oriented approach gives you a fast way to analyze output within PowerShell, e.g. get all unique registry paths from a hunt or show a list of unique clients where a file was found.
Some of the use cases where PowerGRR could speed up the work:
* Start a flow on one or multiple clients and get flow results as PowerShell object for easier filtering.
* Create and start a new hunt and get the hunt info or results as PowerShell objects
* Add or remove a label on one or multiple clients based on a list of computer names.
* List hunts, labels or clients and filter them in different ways.
* Build scripts for common forensic workflows and start multiple hunts or flows inside a script.
----
Release Notes: https://github.com/swisscom/PowerGRR/releases
Configuration: https://github.com/swisscom/PowerGRR#configuration
Changelog: https://github.com/swisscom/PowerGRR/blob/master/CHANGELOG.md
Minimum PowerShell version
3.0
Installation Options
Owners
Copyright
(c) 2017 Swisscom (Schweiz) AG
Package Details
Author(s)
- Swisscom (Schweiz) AG
Tags
IncidentResponse RemoteForensics Forensics GRR
Functions
Get-GRRHuntResult Get-GRRHuntInfo Find-GRRClient Find-GRRClientByLabel Get-GRRComputerNameFromClientId Get-GRRClientIdFromComputerName Set-GRRLabel Remove-GRRLabel Invoke-GRRFlow Get-GRRLabel Get-GRRHunt Get-GRRFlowResult ConvertFrom-Base64 Invoke-GRRRequest Get-GRRSession New-GRRHunt Start-GRRHunt Stop-GRRHunt New-GRRHuntApproval New-GRRClientApproval Get-GRRFlowDescriptor Get-GRRArtifact Get-GRRConfig
Dependencies
This module has no dependencies.
Release Notes
v0.4.1
------
Hotfix release due to typo in variable name in Invoke-GRRFlow.
v0.4.0
------
🎉 This version adds support for macOS and Linux 🎉
In general, the open source implementation of PowerShell for non-Windows platforms is mostly working in the exact same way as on Windows. However, some minor issues have been fixed in order to support 🍎 and 🐧 - a slightly different certificate error handling was implemented and the user profile environment variable changed...easy, isn't it?
Additionally, the ClientRate and ClientLimit parameters were added to New-GRRHunt and HuntDescription and RuleType were set to mandatory.
See CHANGELOG in Github for full version information.
FileList
- PowerGRR.nuspec
- PowerGRR.psd1
- PowerGRR.psm1
- en-us\PowerGRR-help.xml
Version History
Version | Downloads | Last updated |
---|---|---|
0.12.0 | 202 | 7/7/2021 |