Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Andreas Moser
    @grrrrrrrrr
    This works
    Sorry, this is for hunts
    hunt labels
    Brian Olson
    @brian-olson
    yes, correct Greg
    cybercuffs
    @cybercuffs
    in response to above answer: csv export does not work for every flow, for example - csv export option is not available for processes
    kudowins
    @kudowins
    no worries, thanks guys
    Andreas Moser
    @grrrrrrrrr
    What's the problem with processes?
    Should work
    JoePilk
    @JoePilk
    csv output has worked on processes for us
    cybercuffs
    @cybercuffs
    i don't see a generate tar option for processes hunt flow
    Maxime Nadeau
    @MaxNad

    There was a couple of problem with the ArtifactCollector where it could not find new artifacts and the server had to be restarted before he could find them.

    Was this fixed in this version ?

    cybercuffs
    @cybercuffs
    ok, thanks
    Andreas Moser
    @grrrrrrrrr
    Tar would just be for files
    csv output should still work
    MaxNad, new artifacts in files?
    Or uploaded?
    Maxime Nadeau
    @MaxNad
    ".yaml" artifact definitions uploaded by the UI
    Andreas Moser
    @grrrrrrrrr
    ok I think Greg addressed this one, it should be ok
    please ping us if this still exists
    Maxime Nadeau
    @MaxNad
    Great, Thanks
    cybercuffs
    @cybercuffs
    where can we find the information on how to create the ACL
    Brian Olson
    @brian-olson
    Thanks
    Andreas Moser
    @grrrrrrrrr
    hm Greg promised a blog post
    Greg Castle
    @destijl
    I did :)
    bobbypistol
    @bobbypistol
    Thanks, looking forward to it
    cybercuffs
    @cybercuffs
    great - waiting :)
    Greg Castle
    @destijl
    If others want to +1 yaml on-disk, this is the FR: google/grr#226
    sorry, yara
    Greg Castle
    @destijl
    @cybercuffs keith saved us the trouble and wrote some API code snippets :) http://informationonsecurity.blogspot.com/2015/10/automating-forensic-artifact-collection.html
    Christophe Vandeplas
    @cvandeplas
    hello, I'm (urgently) looking for a way to execute a command to a Grr client. Any hint? (I'm in a cyber exercise, lost admin control over the system, but still have grr as 'backdoor') .
    (the grr client = windows)
    (sorry if this is not the right place for this question)
    Andreas Moser
    @grrrrrrrrr
    Hey, the best place for such questions is probably the grr-users mailing list, there are more people looking at it
    for your problem, it's probably the easiest if you execute a script on the machine
    for that, you have to sign it and upload to the database
    and run executebinary
    sorry, the correct name is LaunchBinary
    You could also do a python hack, works the same but with a python script instead of an executable/script
    Christophe Vandeplas
    @cvandeplas
    @grrrrrrrrr hello Andreas, thanks, I simply can't get LaunchBinary to work. Each tentative fails with a crash of executable binary not found. I tried various (case sensitive) variations on the remote (windows) machine, and on my local grr server. ( C:/Windows/System32/net.exe , c:\windows\system32 , /C:/Windows/System32/net.exe , /cases/grr/net.exe )
    Andreas Moser
    @grrrrrrrrr
    this is not how this flow works
    you can only run binaries that you send from the server
    have a look at
    and
    Justin Kwon
    @yskwon0830_twitter
    hello, I'm looking for a way to change a GRR's locale and time. Do you have any hints? It is as JST(in Tokyo). (sorry if this is not the right place for this question)
    gcddym
    @gcddym
    This message was deleted
    Carl Henrik Lunde
    @chlunde
    How many concurrently open files should I expect on a data server? I'm seeing ~700 now, it looks like systemd defaults to 1024 as I limit and at some point I've reached that. Ref. google/grr#395
    I'm wondering if there's a third issue with my setup, that I should not be close to 1024 anyway with just a handfull clients for testing. Now (with 700 files open on two data nodes) I have 700 files/sockets open.