GRR Rapid Response is an incident response framework focused on remote live forensics.
It consists of a python client (agent) that is installed on target systems, and python server infrastructure that can manage and talk to clients.
The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely.
GRR on GitHub
GRR is open source (Apache License 2.0) and is developed on GitHub: github.com/google/grr
Table of contents
- What is GRR?
- Installing GRR server
- Deploying GRR clients
- Investigating with GRR
- Maintaining and tuning GRR deployment
- Changing GRR server configuration
- Key management
- User management
- Email configuration
- Approval-based access control
- Repacking GRR clients
- Low-level maintenance with grr_console
- GRR datastore
- Scaling GRR within a single server
- Large Scale Deployment
- Component Performance Needs
- Building custom client templates
- GRR and Fleetspeak setup
- Developing GRR
- Release Notes
- Who wrote GRR and Why?
- Why is the project called GRR?
- Is GRR production ready?
- Should I expect to be able to install and just start running GRR?
- Can the GRR team provide me with assistance in getting it setup?
- I’m interested in GRR but I, or my team need some more convincing. Can you help?
- I’ve heard that there are secret internal versions of GRR that aren’t open sourced that may have additional capabilities. Is that true?
- Why was support for SQLite dropped?
- I heard GRR was designed for Bigtable and now Google has a Cloud Bigtable service. Can I use it?
- What operating system versions does the client support?
- What operating system versions does the server support?
- What hardware do I need to run GRR?
- How do I handle multi-organisational deployments?
- Which cloud should I deploy in? GCE? EC2? Azure?
- Where/how do you do your data analysis?
- When will feature X be ready?
- Who is working on GRR?
- Why aren’t you developing directly on open source?
- Why is GRR so complicated?
- What are the commercial competitors to GRR?
- Where is the logout button?
- How do I change the timezone from UTC?
- Is there any relation between the grr pip package and Google’s GRR?