Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Hilko Bengen
    @hillu
    I always assumed that using HTTP + the GRR-specific protocol instead of HTTPS for client/server communication was about avoiding trouble with middle-boxes that MITM TLS connections. (Was that not the main design choice there?) Why are you switching away from that model for fleetspeak?
    Keith Tyler
    @keithtyler
    With ~30K the mysql backend doesn't seem to work for enterprise hunts, are you planning on making this a bit more scalable?
    Hilko Bengen
    @hillu
    will there be a tool for migrating the existing data to the new DS?
    Keith Tyler
    @keithtyler
    memory imaging is pretty useful, any possibility of keeping in that functionality ?
    Hilko Bengen
    @hillu
    keeping rekall around would probably need somebody who wants to take care of it.
    (somebody outside Google?)
    (Is Michael Cohen no longer working on Rekall?)
    or on pmem for that matter?
    thank you, that was the information I was looking for.
    briareosiso
    @briareosiso
    Hey all, i have a question for the authentication with GRR
    can i use LDAP ?
    Hilko Bengen
    @hillu
    not out of the box. You'd have to add your own webauth manager. See "Authentication to the Admin UI" in the documentation.
    Shion
    @ShionAt
    I shamelessly show ShionKeys to everyone
    https://vimeo.com/250953988
    gohelravi99
    @gohelravi99
    Installed grr properly in windows system, but how to run?
    GalacticMaster
    @GalacticMaster
    Hey , I am using client API to capture last_seen_at, but it is giving me 16 digit number
    API doc shows it is RDFdatetime data type
    how to convert it to normal date time ?
    Flipthemouse
    @flipthemouse_twitter
    Hi folks. I need your help. How can I get the memory with AnalyzeClientMemory and Memory Collector on the GRR Server?Saw it in several videos but missing some component I think. As well is there a way to enable or get "volatility" running on the GRR server ? Many thanks
    Andreas Moser
    @grrrrrrrrr
    what is the actual issue you see? In order to make Rekall (so AnalyzeClientMemory and MemoryCollector) work, you need to enable it during installation or with the config_updater. Note that Rekall is not supported in GRR at this time
    jayboyY1
    @jayboyY1
    file:///storage/emulated/0/Download/images.jpeg
    Braz
    @b2az
    Hi Guys, is here somebody who deployed grr agents on > 100k clients?
    Sanh Phan Van
    @SanhPhanVan1_twitter
    hi everyone, I had just installed grr on Centos 7 by using PIP packages, but where is grr_client_build ?
    mbushkov
    @mbushkov
    @SanhPhanVan1_twitter , you need to install grr-response-client package in order to have grr_client_build.
    Sanh Phan Van
    @SanhPhanVan1_twitter
    Thank for you response @mbushkov. However, I had followed this link https://grr-doc.readthedocs.io/en/v3.2.1/installing-grr-server/from-released-pip.html, and didn't see anything about grr-response-client package.
    mbushkov
    @mbushkov
    @SanhPhanVan1_twitter , you're right. Thing is - you don't need to grr-response-client and grr_client_build unless you want to build GRR clients yourself. GRR is shipped with a few prebuilt client templates that are downloaded when you run "grr_config_updater initialize". I guess we should update the docs and mention, that you need grr-response-client if your also need to build clients from scratch.
    Sanh Phan Van
    @SanhPhanVan1_twitter
    thank you so much @mbushkov
    image.png
    I wanna use Recall for remoting memory forensics, however Recall is disabled on my configuration
    image.png
    Sanh Phan Van
    @SanhPhanVan1_twitter
    How can I enable it? There are not much resources about GRR.
    Sanh Phan Van
    @SanhPhanVan1_twitter
    what is the actual issue you see? In order to make Rekall (so AnalyzeClientMemory and MemoryCollector) work, you need to enable it during installation or with the config_updater. Note that Rekall is not supported in GRR at this time
    @grrrrrrrrr How to "enable it during installation or with the config_updater" ?
    Andreas Moser
    @grrrrrrrrr
    have you gone through the installation process? It will ask you a few questions at some point, one is about Rekall.
    Sanh Phan Van
    @SanhPhanVan1_twitter
    I had followed this link https://grr-doc.readthedocs.io/en/v3.2.1/installing-grr-server/from-released-pip.html
    Screen Shot 2018-09-28 at 7.50.55 PM.png
    Andreas Moser
    @grrrrrrrrr
    right, there is this step: "After installation, you will need to initialize the GRR configuration with grr_config_updater initialize"
    Sanh Phan Van
    @SanhPhanVan1_twitter
    Screen Shot 2018-09-28 at 7.52.48 PM.png
    There is nothing about Rekall.
    Andreas Moser
    @grrrrrrrrr
    you are running a super old version there. Are you using the 3.2.3.post2 that is current on pip?
    Sanh Phan Van
    @SanhPhanVan1_twitter
    oh, I don't understand ".post2" there. The lastest release is 3.2.3.2 (https://github.com/google/grr/releases). What is the difference between them?
    Andreas Moser
    @grrrrrrrrr
    don't worry about that, it's just the second or third upload of the 3.2.3.2 version
    is that the one you are using?
    Sanh Phan Van
    @SanhPhanVan1_twitter
    Yes
    Screen Shot 2018-09-28 at 8.02.46 PM.png
    Andreas Moser
    @grrrrrrrrr
    you can always just edit the config and set Rekall.enabled: True
    Sanh Phan Van
    @SanhPhanVan1_twitter
    Screen Shot 2018-09-28 at 8.10.24 PM.png
    where is the config file you are talking about?
    Andreas Moser
    @grrrrrrrrr
    https://grr-doc.readthedocs.io/en/latest/maintaining-and-tuning/configuration/file-organization.html
    e6e5psj
    @zsinba
    hi
    anybody here