http://open-source-security-software.net/project/grr/releases.atom 2024-05-02T03:18:04.733904+00:00 python-feedgen grr v0.3.0-6 2015-04-17T13:42:45+00:00 Hello everyone, I just updated the GRR downloads, we are releasing the GRR server 0.3.0-6 today! Some of the features in this release (there are many small ones that we can't list here): The Rekall integration has been improved a lot since the last release, live memory analysis should be a lot more stable now. Also GRR now uses Rekall version 1.3.1 which means many new plugins and improved analysis methods. The have been lots of UI changes: - Most of the UI is now written in AngularJS giving us better performance. - We have improved hunt logging which helps when you run hunts on thousands on clients. - Clients can be labeled in the UI so you can easily hunt on a subset of machines. - We improved the client performance indicators so you can better assess the impact of the GRR clients on the machines they are installed on. - We also added some server performance monitoring. - The UI now also provides an HTTP Api to directly query GRR data. This release also comes with new datastores. The SqliteDataStore is a fast, local data store that is very easy to use. It's a good choice for quickly setting up an instance and it's the fastest data store we have but it limits your GRR server to use only a single machine since it stores files locally. Also new are two highly scalable data stores, the MySQLAdvancedDataStore and the HTTPDataStore. Both those backends are aimed at hosting rather big GRR instances and should scale well up to thousands of clients. There have also been tons of small improvements and bug fixes so we'd highly recommend upgrading to the new server. There are some minor backwards compatibility issues, please have a look at https://github.com/google/grr-doc/blob/master/releasenotes.adoc before upgrading. As always, the best way to install / upgrade is to use the install script as described in https://github.com/google/grr-doc/blob/master/quickstart.adoc Cheers, -Andy 2015-04-17T13:42:45+00:00 grr v3.1.0rc1 2016-04-06T18:33:39+00:00 This is the 3.1.0 release candidate. It's a release candidate because we still have some work to do building a debian package and updating install scripts to use the new build system. See the [release notes](https://github.com/google/grr-doc/blob/master/releasenotes.adoc) for important information about this release. New in this release: - Components: easier client customization - Build system: pip install grr-{server|client} - Rekall: faster acquisition, more linux profiles - Approval ACLs: require different approvals based on client labels - Powerful API: automatic collection and export - Bigquery output plugin: fast analysis at scale - Lots of bugfixes and perf improvements - Hunt UI: OR conditionals - Tons more forensic artifacts 2016-04-06T18:33:39+00:00 grr 3.1.0rc2 2016-04-15T03:52:18+00:00 This is the second release candidate for 3.1.0. There's a bunch of great stuff in here, I talked about most of it in the meetup: https://www.youtube.com/watch?v=EJAO9yWprmI#t=344 But there's even more since then: - Ability to create a hunt from a flow: test on your machine first, then run it on the fleet. - Chrome desktop notifications. - Download individual files from a hunt. I've also written some instructions for using pip: https://github.com/google/grr-doc/blob/master/installfrompip.adoc which is particularly handy for dev. Setting up client and server dev environments is very fast, and you can develop client _or_ server code on Windows and Mac as well as Linux. Note that linux is still the only supported server platform for production. A deb is available here: https://storage.googleapis.com/releases.grr-response.com/grr-server_3.1.0-2_amd64.deb We're aware of a few issues that need fixing before we remove the release candidate status, specifically: - Download of very large hunt results ties up the admin ui process - Some memory collection flows that have been obsoleted by rekall need to be removed - Travis, docker, and the easy install script need to be updated Once those are done we'll make a final release. 2016-04-15T03:52:18+00:00 grr v3.1.0.2 2016-06-17T19:54:28+00:00 There are significant changes in this release. Be sure to read [the release notes](https://github.com/google/grr-doc/blob/master/releasenotes.adoc) carefully before attempting an upgrade. New in this release: - Powerful API: Anything you can do in the UI you can do with the HTTP API. This enables powerful automatic collection and export possibilities. - Chrome desktop notifications. Click a notification to go straight to an approval or flow results. - UI refresh: Complete rewrite under-the-hood to AngularJS. Host information view is much more usable and you can see basic machine information without requiring an approval. Recent activity view is the default landing page. - Hunt UI: OR conditionals. Now you can target a hunt much more precisely and cut down on situations where you previously had to run multiple hunts. - Ability to create a hunt from a flow: test on your machine first, then run it on the fleet - Client components: easier client customization and updating without pushing a a whole new client, currently used by rekall and chipsec. - Download individual files from a hunt - Build system using pip. Much simpler to set up for development or try out new releases, see [the install instructions](https://github.com/google/grr-doc/blob/master/installfrompip.adoc). - Rekall: faster acquisition, more linux profiles - Approval ACLs: require different approvals based on client labels - Bigquery output plugin: fast analysis at scale - Lots of bugfixes and perf improvements - Tons more forensic artifacts 2016-06-17T19:54:28+00:00 grr v3.2.0rc0 2017-08-22T11:58:58+00:00 This is the first 3.2.0 release candidate. [Release notes](https://github.com/google/grr-doc/blob/master/releasenotes.adoc) The server deb, which includes client templates, can be downloaded from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.2.0-0_amd64.deb). 2017-08-22T11:58:58+00:00 grr v3.2.0.1 2017-09-05T15:12:52+00:00 Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.2.0-1_amd64.deb). Please read the [release notes](https://github.com/google/grr-doc/blob/master/releasenotes.adoc) before upgrading. A number of features, bugfixes and improvements have been added since the last release. You can find more details in the release notes. Also note that components are now deprecated, and Rekall has been disabled by default. 2017-09-05T15:12:52+00:00 grr v3.2.1.1 2017-12-06T14:52:33+00:00 Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.2.1-1_amd64.deb). See [release notes](http://grr-doc.readthedocs.io/en/v3.2.1/release-notes.html#dec-6-2017). 2017-12-06T14:52:33+00:00 grr v3.2.2.0 2018-03-12T09:59:18+00:00 Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.2.2-0_amd64.deb). See [release notes](http://grr-doc.readthedocs.io/en/v3.2.2/release-notes.html). 2018-03-12T09:59:18+00:00 grr v3.2.3.0 2018-06-25T12:48:56+00:00 Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.2.3-0_amd64.deb). See [release notes](https://grr-doc.readthedocs.io/en/v3.2.3/release-notes.html). 2018-06-25T12:48:56+00:00 grr v3.2.3.2 2018-06-28T11:04:46+00:00 This is an off-schedule release with a fix for a client-repacking bug introduced in v3.2.3.0. Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.2.3-2_amd64.deb). See [release notes](https://grr-doc.readthedocs.io/en/v3.2.3/release-notes.html). 2018-06-28T11:04:46+00:00 grr v3.2.4.5 2018-12-17T17:52:57+00:00 Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.2.4-5_amd64.deb). See [release notes](https://grr-doc.readthedocs.io/en/v3.2.4/release-notes.html). 2018-12-17T17:52:57+00:00 grr v3.2.4.6 2018-12-20T22:57:15+00:00 This is an off-schedule release with some fixes for bugs introduced in the previous one. Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.2.4-6_amd64.deb). See [release notes](https://grr-doc.readthedocs.io/en/v3.2.4/release-notes.html) for details. 2018-12-20T22:57:15+00:00 grr v3.3.0.0 2019-05-22T17:53:36+00:00 Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.3.0-0_amd64.deb). See [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#may-22-2019). 2019-05-22T17:53:36+00:00 grr v3.3.0.2 2019-06-28T14:26:01+00:00 Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.3.0-2_amd64.deb). See [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#june-28-2019). 2019-06-28T14:26:01+00:00 grr v3.3.0.3 2019-07-01T15:21:43+00:00 Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.3.0-3_amd64.deb). This is a minor bugfix release. See [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#july-1-2019). 2019-07-01T15:21:43+00:00 grr v3.3.0.4 2019-07-03T13:41:09+00:00 Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.3.0-4_amd64.deb). This is a minor bugfix release. See [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#july-3-2019). 2019-07-03T13:41:09+00:00 grr v3.3.0.8 2019-10-09T18:27:18+00:00 **NOTE: This is the last Python 2-based release: further releases are expected to be Python 3-only.** Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.3.0-8_amd64.deb). This is a minor bugfix release. Please see [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#october-9-2019). 2019-10-09T18:27:18+00:00 grr v3.4.0.1 2019-12-18T19:52:36+00:00 **First fully Python 3-based release.** Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.4.0-1_amd64.deb). Please see [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#december-18-2019). 2019-12-18T19:52:36+00:00 grr v3.4.2.0-release 2020-07-07T12:58:30+00:00 Quarterly release for Q2 2020. Download the server deb from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.4.2-0_amd64.deb). Please see the [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#july-06-2020). 2020-07-07T12:58:30+00:00 grr v3.4.2.3-release 2020-10-05T10:46:27+00:00 Quarterly release for Q3 2020. Download the server deb for Ubuntu 18.04 from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.4.2-3_amd64.deb). Please see the [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#october-01-2020). 2020-10-05T10:46:27+00:00 grr v3.4.2.4-release 2020-10-15T09:41:45+00:00 Minor bug-fix release on top of v3.4.2.3. Download the server deb for Ubuntu 18.04 from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.4.2-4_amd64.deb). Please see the [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#october-14-2020). 2020-10-15T09:41:45+00:00 grr v3.4.3.1-release 2021-05-19T21:01:59+00:00 Regular release for Q2 2021. Download the server deb for Ubuntu 18.04 from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.4.3-1_amd64.deb). Please see the [release notes](https://grr-doc.readthedocs.io/en/v3.4.3/release-notes.html#may-19-2021). 2021-05-19T21:01:59+00:00 grr v3.4.5.1-release 2021-08-23T09:37:22+00:00 Mid-quarter release for Q3 2021. Download the server deb for Ubuntu 18.04 from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.4.5-1_amd64.deb). Please see the [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#august-19-2021). 2021-08-23T09:37:22+00:00 grr v3.4.6.0-release 2022-05-30T09:19:42+00:00 Regular release for Q2 2022. Download the server deb for Ubuntu 18.04 from [here](https://storage.googleapis.com/releases.grr-response.com/grr-server_3.4.6-0_amd64.deb). Please see the [release notes](https://grr-doc.readthedocs.io/en/latest/release-notes.html#may-30-2022). 2022-05-30T09:19:42+00:00 grr v3.4.6.7-release 2023-03-22T22:25:00+00:00 Updates: - Server DEB package now targets Ubuntu 22.04 LTS. - Agents are now Python 3.9-based (server deb package is Python 3.10-based). - MySQL-based datastore performance considerably improved. - UIv2 supports majority of flows and hunts. - Third-party dependencies updated. - A lot of minor bugfixes and improvements. 2023-03-22T22:25:00+00:00 grr v3.4.7.1-release 2023-10-25T21:46:43+00:00 Note: this is the **last release** containing the following features: * **Artifact parsers**. ArtifactCollector flow supports parsing collected files and output of executed commands. Its parsers are not properly maintained, are often outdated and fragile. We're going to convert selected parsers into standalone flows and remove the artifact parsing subsystem: the ArtifactCollector will always work as if "apply_parsers" arguments attribute is set to False. Afterwards the "apply_parsers" attribute will be deprecated completely. We will provide documentation on integrating GRR and ArtifactCollector with well-maintained parsing frameworks like [Plaso](https://plaso.readthedocs.io/en/latest/index.html). * **Built-in cron jobs**. Built-in cron jobs are primarily used for periodic hunts. We will provide documentation on how to easily replicate the current functionality using external scheduling systems (like Linux cron, for example). If your workflow depends on GRR built in cron jobs and you anticipate problems when migrating it to external schedulers, please reach out to us via email or GitHub. * **GRR server Debian package**. We will stop providing the GRR server Debian package as the main way of distributing GRR server and client binaries. Instead we will make GRR Docker image a preferred way for running GRR in a demo or production environment. If your workflow depends on any of the above, please feel free reach out to us via [grr-users](https://groups.google.com/forum/#!forum/grr-users) Google Group or [GitHub](https://github.com/google/grr/issues). ### Added * Created a flow for collecting an identifier of the CrowdStrike agent. * Podman-based zero-setup development environment. * Added StatMultipleFiles and HashMultipleFiles flows to be used in UIv2. ### Changed * Renamed AdminUI.new_hunt_wizard.default_output_plugin to AdminUI.new_hunt_wizard.default_output_plugins (note the "s" in the end). The new option accepts a comma-separated list of names. * Newly interrogated clients now pick up active hunts automatically. * Hunts workflow is now available in the new UI: creating hunts from a flow, duplicating existing hunts, monitoring hunt progress and inspecting results. ### Removed * Fully removed deprecated use_tsk flag. * Removed deprecated plugin_args field from OutputPluginDescriptor. * Removed deprecated flows: FingerprintFile, KeepAlive, FingerprintFile, FindFiles, SendFile, Uninstall, UpdateClient, CollectEfiHashes, DumpEfiImage. * Deprecated GetFile flow in favor of MultiGetFile. * Made FileFinder an alias to ClientFileFinder, using ClientFileFinder by default everywhere. Legacy FileFinder is still available as LegacyFileFinder. Fixed several inconsistencies in ClientFileFinder client action. Same for RegistryFinder. * Removed deprecated client actions: EficheckCollectHashes, EficheckDumpImage, Uninstall, SendFile. * Removed "Checks" functionality. ### API removed * Deprecated no-op "keep_client_alive" attribute in ApiCreateClientApprovalArgs. * Deprecated ListClientActionRequests API call (was no-op after Fleetspeak migration). 2023-10-25T21:46:43+00:00