Releases: swisscom/PowerGRR
v0.12.0
This release adds new commands for exporting (downloading) the files archive from a hunt (Get-GRRHuntExport) or from a flow (Get-GRRFlowExport), adds support in FileFinder flow for collecting locked files using raw file access and fixes the artifact upload implementation for newer GRR releases.
See CHANGELOG for full version information.
v0.11.0
v0.10.0
v0.9.1
v0.9.0
Improve password handling by allowing to set the $GRRCredential variable with the credential in the console which is then used by all subsequent command calls. The use of -Credential is therefore not needed anymore. For better converting the unix timestamp, the function ConvertFrom-EpocTime was added. Additionally, improve PowerShell help.
See CHANGELOG for full version information.
v0.8.0
Add the functionality for using a condition in RegistryFinder flow and add the Yara process memory scan flow. Extend and improve getting and displaying client information. Fix some issues within RegistryFinder flow, hunt definition and formatting in Invoke-GRRFlow.
See CHANGELOG for full version information.
v0.7.0
v0.6.0
Add support for reading client or hunt approvals and their state. This allows using a loop until an approval gets valid and starting the desired actions directly without the need for checking the state and starting the next command manually. What was the Splunk tag line again..."PowerGRR, because Ninjas are too busy".
See CHANGELOG for full version information.
v0.5.0
Add support for certificate authentication based on certificate files instead of relying only on the Windows certificate store. This allows using certificate authentication with PowerShell Core and especially on non-Windows platforms. Use the new config option to set the certificate file path. Furthermore, commands for uploading artifacts to GRR and removing them from GRR were added.
See CHANGELOG for full version information.