PowerGRR
0.5.0
P
PowerGRR creates a comfortable, cli-based workflow for incident response. Working directly with PowerShell objects enables you to sift quickly through flow and hunt data. This object-oriented approach gives you a fast way to analyze output within PowerShell, e.g. get all unique registry paths from a hunt or show a list of unique clients where a file was found.
Some of the use cases where PowerGRR could speed up the work:
* Start a flow on one or multiple clients and get flow results as PowerShell object for easier filtering.
* Create and start a new hunt and get the hunt info or results as PowerShell objects.
* Create a hunt or a client approval request.
* Add or remove a label on one or multiple clients based on a list of computer names.
* Add artifacts to or remove artifacts from the GRR artifact repository.
* List hunts, labels or clients and filter them in different ways.
* Build scripts for common forensic workflows and start multiple hunts or flows inside a script.
----
Release Notes: https://github.com/swisscom/PowerGRR/releases
Configuration: https://github.com/swisscom/PowerGRR#configuration
Changelog: https://github.com/swisscom/PowerGRR/blob/master/CHANGELOG.md
Minimum PowerShell version
3.0
Installation Options
Owners
Copyright
(c) 2017 Swisscom (Schweiz) AG
Package Details
Author(s)
- Swisscom (Schweiz) AG
Tags
IncidentResponse RemoteForensics Forensics GRR
Functions
Get-GRRHuntResult Get-GRRHuntInfo Find-GRRClient Find-GRRClientByLabel Get-GRRComputerNameFromClientId Get-GRRClientIdFromComputerName Set-GRRLabel Remove-GRRLabel Invoke-GRRFlow Get-GRRLabel Get-GRRHunt Get-GRRFlowResult ConvertFrom-Base64 Invoke-GRRRequest Get-GRRSession New-GRRHunt Start-GRRHunt Stop-GRRHunt New-GRRHuntApproval New-GRRClientApproval Get-GRRFlowDescriptor Get-GRRArtifact Get-GRRConfig ConvertTo-Base64 Add-GRRArtifact Remove-GRRArtifact
Dependencies
This module has no dependencies.
Release Notes
Add support for certificate authentication based on certificate files. This allows using certificate authentication with PowerShell Core and especially on non-Windows platforms. Use the new config option to set the certificate file path. Furthermore, commands for uploading artifacts to GRR and removing them from GRR were added.
See CHANGELOG in Github for full version information.
FileList
- PowerGRR.nuspec
- PowerGRR.psd1
- PowerGRR.psm1
- en-us\PowerGRR-help.xml
Version History
Version | Downloads | Last updated |
---|---|---|
0.12.0 | 202 | 7/7/2021 |