Releases: swisscom/PowerGRR
v0.4.1
v0.4.0
🎉 This version adds support for macOS and Linux 🎉
In general, the open source implementation of PowerShell for non-Windows platforms is mostly working in the exact same way as on Windows. However, some minor issues have been fixed in order to support 🍎 and 🐧 - a slightly different certificate error handling was implemented and the user profile environment variable changed...easy, isn't it?
Additionally, the ClientRate and ClientLimit parameters were added to New-GRRHunt and HuntDescription and RuleType were set to mandatory.
See CHANGELOG for full version information.
v0.3.0
This version changed the config file handling. PowerGRR supports now
the user profile or the module root as locations for the config file. This
is useful when updating PowerGRR through with Update-Module because each
version is stored in an own folder. Using the profile folder for the config
prevents from constantly moving your config file. Beside the file name change
different improvements were made in regards to config checks.
The dynamic parameters which are used in Invoke-GRRFlow and New-GRRHunt
are now autocompleted correctly. The change in the parameter handling
mitigates a PowerShell bug, see details below.
The dynamic parameters in New-GRRHunt were improved. The 'OS' and the
'Label' parameter are now defined as dynamic parameters and are only shown
based on the corresponding rule type. Furthermore, the label handling was
improved to only run a hunt if at least one label was valid (that means found
in GRR).
See CHANGELOG for full version information.
v0.2.1
v0.2.0
This version introduces the ArtifactCollectorFlow, the handling of forensic artifacts and the possibility to use the OS rule type within flows and hunts.
It's now possible with Get-GRRArtifact to filter and search for specific artifacts. The return object is a custom PowerShell objects with the most important fields. Similarly, use Get-GRRFlowDescriptor to get a list of all available flow types. Furthermore, various command examples were added to the help.
See CHANGELOG for full version information.
v0.1.0 - Initial Release
This initial version includes functions for handling hunts, flows, labels and allows using the search functionality. All function takes the computer name as input which is then converted to the needed client id internally. If multiple client id's are available for one client (e.g. after OS reinstall) then the functions use just the latest seen client (LastSeenOn property). This provides an easier integration of GRR into the whole tool chain because you often just have the host names and not the client ids.
Most functions allow returning plain JSON instead of the PowerShell object. However, using the PowerShell objects one is able to use the powerful filtering and object-oriented handling which PowerShell provides. Various functions has pipeline support. This allows using files with hostnames as input for different functions. See command help and the markdown documentation. The configuration allows using certificate authentication. The module supports creating client and hunt approvals.
See CHANGELOG for full version information.