Where communities thrive

Join over 1.5M+ people
Join over 100K+ communities
Free without limits
Create your own community

Explore more communities

google/grr

GRR Rapid Response: remote live forensics for incident response

People

Repo info

Activity

nd patel

@nd50095800_gitlab

but i did not get the grr client

in my dashboard

Tarek

@tee2015

@nd50095800_gitlab do u still facing same issue ?

kjeom

@kjeom

hi Im wondering what is a benefit of integrating grr and osquery

Tarek

@tee2015

U can run OSQuery directly from grr console and create hunt tasks without the need to be on the machine itself so U do it remotely

Sankar

@knsankar

@burakatabay Hi, did you manage to install grr in centOS? I am also facing issues building from source on CentOS

Sankar

@knsankar

Never mind it worked 🙂

Sankar

@knsankar

Is there a option to apply dynamic label on hosts based on OS or name prefix?

mbushkov

@mbushkov

@knsankar - GRR doesn't support dynamic labels. But note that, when creating hunts, you can limit the scope of a hunt to a particular OS or hostname prefix, using "OS" or "Regex" hunt rules.

Sankar

@knsankar

@mbushkov Yeah, the regex option is really useful

Sankar

@knsankar

How can I add a new output plugin

i dont have CSV output plugin

Sankar

@knsankar

Never mind. I found out that the CSV plugin is deprecated google/grr#537

mbushkov

@mbushkov

@knsankar you can download results in a CSV format (or SQLite or YAML) for any flow or hunt if you click on "Download as" button in the Results tab.

Sankar

@knsankar

Yeah. Thanks

sudoAche

@sudoAche

Hello Guys , I have a problem is there any one here can assist

After Successful installation of new release of grr 3.4.0.1 AT Ubuntu 18 using Virtual Box with a bridged network adapter. After the successful installation i am able to open the admin Ui interface successfully but at any time I restart the VM , I am no able to connect any more to my grr server.

Note: My Ip doesn't change during Restart . I also ensured the configuration for admin ui port as 8000 and forntend port as 8080 but they are still in-accessible after restarting.

Sankar

@knsankar

I am trying to intergrate GRR with Timesketch.

Found few guides that suggests grr_fuse to mount grr files and run dftimewolf on them.

The problem is I couldn’t find grr_fuse. I think, its deprecated.

Is there anyother better way to integrate with Timesketch?

5 replies

Sankar

@knsankar

I was facing some stability issue with mysql community server, so I tried to use MariaDB with grr.
I am facing following error

‘''MySQLdb._exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '6)\n )' at line 3”)’''

Is mariaDB not supported by grr?

16 replies

Sankar

@knsankar

In GRR, once the machine is approved, how long the access remains?
Is there a way to revoke the access?

9 replies

Sankar

@knsankar

Hi,
what is the canary mode in GRR UI?

Tory Clasen

@tclasen

Hello all. I just installed the server, but I can't seem to get the UI working. Did I do something wrong?

Literally only installed the deb file and started the services.

Tory Clasen

@tclasen

It actually looks like the server is failing to start due to a python error:
I0919 17:02:24.834474 139862652036928 server_logging.py:186] Writing log file to /usr/share/grr-server/lib/python3.6/site-packages/grr_response_core/var/log//GRRlog.txt
Traceback (most recent call last):
File "/usr/share/grr-server/bin/grr_console", line 8, in <module>
sys.exit(Console())
File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/distro_entry.py", line 15, in Console
app.run(console.main)
File "/usr/share/grr-server/lib/python3.6/site-packages/absl/app.py", line 299, in run
_run_main(main, args)
File "/usr/share/grr-server/lib/python3.6/site-packages/absl/app.py", line 250, in _run_main
sys.exit(main(argv))
File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/bin/console.py", line 72, in main
server_startup.Init()
File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_core/lib/utils.py", line 1329, in _OneTimeFunction
_OneTimeFunction.result = fn(args, kwargs)
File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/server_startup.py", line 88, in Init
data_store.InitializeDataStore()
File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/data_store.py", line 100, in InitializeDataStore
REL_DB = db.DatabaseValidationWrapper(cls())
File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql.py", line 502, in init
_SetupDatabase(self._connect_args)
File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql.py", line 305, in _SetupDatabase
ca_cert_path=ca_cert_path)) as conn:
File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql.py", line 400, in _Connect
_SetSqlMode(cursor)
File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql.py", line 154, in _SetSqlMode
cursor.execute("SET SESSION sql_mode = %s", [",".join(filtered_components)])
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 253, in execute
self._warning_check()
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 155, in _warning_check
warn(self.Warning(w[1:3]), stacklevel=3)

1 reply

⭕Alexander Rymdeko-Harvey

@killswitch-GUI

Hey guys I'm trying to look for a specific file extensions through out the environment.

1 reply

ANy tips on how to use the file finder I keep getting issues

viszsec

@viszsec

anyone know how can we fix the fleetspeak installation error with exit status 1? tokenize . import sys setup tool with pip2?

Maciej Duda

@MadDud

hello guys,
I don't understand what "interrogation" button does in the interface. is it something like IoC aquisition in fireeye HX?

2 replies

Sankar

@knsankar

Do we have any documentation around capacity planning of GRR?

1 reply

uskwarrior

@uskwarrior

Hi Folks, I have been trying to install GRR on Ubuntu 20.04 the steps here (https://grr-doc.readthedocs.io/en/latest/installing-grr-server/from-release-deb.html) but got an error "Sub-process /usr/bin/dpkg returned an error code" when installing. Does anyone know how to fix it ?

When trying the docker image I get error 500

Gunjan Yadu

@yaduu572

Hello. Myself Gunjan Yadu from IIT ( BHU ), Varanasi. I would like to contribute to GRR Rapid Response and participate in GSOC 2021. I am facing issues in setting up the project https://github.com/google/grr . Please guide me as I am new to open source

puneetahuja03

@puneetahuja03

Hey everybody.

I tried to install the GRR server using Nginx. It is installed and shows the status active but I am not able to see anything on the browser. It just says unable to load the page.. any ideas what should I do ??

1 reply

mittulmandhan

@mittulmandhan

Hello Everyone! I'm Mittul and I am pursuing master's in CS.
I am interested in Modern user interface for YARA memory scans project idea.
I want to know more about the tasks and challenges involved in this project.

Can anyone Help?

1 reply

Ahamed Aaqib

@aaqibwiki_gitlab

Hi Guys

damien3221

@damien3221

Hi, I have been playing around with this tool, I would like the ability to push tools to a system, run them and then pull back the results, is this possible? or is there an easy method to build in the functionality?

1 reply

Sankar

@knsankar

Is there a way to update the clients version once the server version is update?

2 replies