Skip to content

Latest commit

 

History

History
125 lines (88 loc) · 3.74 KB

PowerGRR.md

File metadata and controls

125 lines (88 loc) · 3.74 KB
Module Name Module Guid Download Help Link Help Version Locale
PowerGRR
5bdf023f-fe8a-4748-bd73-43a449791ba8
1.0.0.0
en-US

PowerGRR Module

Description

PowerGRR is a PowerShell module for working with the GRR API. It allows working with flows, hunts, labels and the GRR search. Furthermore, it allows working with the computer names instead of the GRR internal client id. This makes the handling and working with other tools more easy because often you just have the computer names.

PowerGRR Cmdlets

Add-GRRArtifact

Upload artifact to GRR.

ConvertFrom-Base64

Decode a base64 encoded string.

ConvertFrom-EpocTime

Convert a unix timestamp into UTC.

Get-GRRArtifact

Get the list of available artifacts.

Find-GRRClient

Use the GRR search function to search for clients. The function returns only the computername or the whole GRR object.

Find-GRRClientByLabel

Search for clients with a given label.

Get-GRRClientApproval

Get client approvals identified by the given filters.

Get-GRRClientIdFromComputerName

Convert a computername into the corresponding GRR client id.

Get-GRRClientInfo

Get various information about a specific host.

Get-GRRComputerNameFromClientId

Search for a specific client id and return the computername.

Get-GRRConfig

Get the current PowerGRR config.

Get-GRRFlow

List flows for specific client.

Get-GRRFlowDescriptor

Get a list of all available flows.

Get-GRRFlowInfo

Read informationen and state for specific flow.

Get-GRRFlowExport

Export files archive from a flow.

Get-GRRFlowResult

Get flow results for a specific client and a flow.

Get-GRRHunt

Get a list of available hunts. Filter the list with the parameter or afterwards with PowerShell.

Get-GRRHuntApproval

Get hunt approvals identified by the given filters.

Get-GRRHuntExport

Export files archive from a hunt.

Get-GRRHuntInfo

Get hunt info for a specific hunt.

Get-GRRHuntResult

Get hunt results for a specific hunt.

Get-GRRLabel

Get all labels.

Get-GRRSession

Return the headers and the websession for a specific GRR server.

Invoke-GRRFlow

Invoke a flow on one or multiple clients.

Invoke-GRRRequest

Helper function for GRR requests. If a function you need is not available you can use this function to run the needed request.

New-GRRClientApproval

Create a new client approval.

New-GRRHunt

Create a new hunt.

New-GRRHuntApproval

Create a new hunt approval.

Remove-GRRArtifact

Remove artifact in GRR.

Remove-GRRLabel

Remove a label on a range of clients.

Set-GRRLabel

Set a label on one or multiple clients. The function has pipeline support.

Start-GRRHunt

Start a GRR hunt based on the hunt id.

Stop-GRRHunt

Stop a GRR hunt based on the hunt id.

Wait-GRRClientApproval

Wait for client approval.

Wait-GRRHuntApproval

Wait for hunt approval.