Releases: google/grr
GRR Release 3.2.2.0
Download the server deb from here.
See release notes.
GRR Release 3.2.1.1
Download the server deb from here.
See release notes.
GRR Release 3.2.0.1
Download the server deb from here.
Please read the release notes before upgrading.
A number of features, bugfixes and improvements have been added since the last release. You can find more details in the release notes. Also note that components are now deprecated, and Rekall has been disabled by default.
GRR Release 3.2.0rc0
This is the first 3.2.0 release candidate. Release notes
The server deb, which includes client templates, can be downloaded from here.
GRR Server Release 3.1.0.2
There are significant changes in this release. Be sure to read the release notes carefully before attempting an upgrade.
New in this release:
- Powerful API: Anything you can do in the UI you can do with the HTTP API. This enables powerful automatic collection and export possibilities.
- Chrome desktop notifications. Click a notification to go straight to an
approval or flow results. - UI refresh: Complete rewrite under-the-hood to AngularJS. Host information view is much more usable and you can see basic machine information without requiring an approval. Recent activity view is the default landing page.
- Hunt UI: OR conditionals. Now you can target a hunt much more precisely and cut down on situations where you previously had to run multiple hunts.
- Ability to create a hunt from a flow: test on your machine first, then run it on the fleet
- Client components: easier client customization and updating without pushing a a whole new client, currently used by rekall and chipsec.
- Download individual files from a hunt
- Build system using pip. Much simpler to set up for development or try out new releases, see the install
instructions. - Rekall: faster acquisition, more linux profiles
- Approval ACLs: require different approvals based on client labels
- Bigquery output plugin: fast analysis at scale
- Lots of bugfixes and perf improvements
- Tons more forensic artifacts
GRR Server Release 3.1.0rc2
This is the second release candidate for 3.1.0. There's a bunch of great stuff in here, I talked about most of it in the meetup:
https://www.youtube.com/watch?v=EJAO9yWprmI#t=344
But there's even more since then:
- Ability to create a hunt from a flow: test on your machine first, then run it on the fleet.
- Chrome desktop notifications.
- Download individual files from a hunt.
I've also written some instructions for using pip:
https://github.com/google/grr-doc/blob/master/installfrompip.adoc
which is particularly handy for dev. Setting up client and server dev environments is very fast, and you can develop client or server code on Windows and Mac as well as Linux. Note that linux is still the only supported server platform for production.
A deb is available here:
https://storage.googleapis.com/releases.grr-response.com/grr-server_3.1.0-2_amd64.deb
We're aware of a few issues that need fixing before we remove the release candidate status, specifically:
- Download of very large hunt results ties up the admin ui process
- Some memory collection flows that have been obsoleted by rekall need to be removed
- Travis, docker, and the easy install script need to be updated
Once those are done we'll make a final release.
GRR Server Release 3.1.0rc1
This is the 3.1.0 release candidate. It's a release candidate because we still have some work to do building a debian package and updating install scripts to use the new build system.
See the release notes for important information about this release.
New in this release:
- Components: easier client customization
- Build system: pip install grr-{server|client}
- Rekall: faster acquisition, more linux profiles
- Approval ACLs: require different approvals based on client labels
- Powerful API: automatic collection and export
- Bigquery output plugin: fast analysis at scale
- Lots of bugfixes and perf improvements
- Hunt UI: OR conditionals
- Tons more forensic artifacts
GRR server release 0.3.0-6
Hello everyone,
I just updated the GRR downloads, we are releasing the GRR server
0.3.0-6 today!
Some of the features in this release (there are many small ones that
we can't list here):
The Rekall integration has been improved a lot since the last release,
live memory analysis should be a lot more stable now. Also GRR now
uses Rekall version 1.3.1 which means many new plugins and improved
analysis methods.
The have been lots of UI changes:
- Most of the UI is now written in AngularJS giving us better
performance. - We have improved hunt logging which helps when you run hunts on
thousands on clients. - Clients can be labeled in the UI so you can easily hunt on a subset
of machines. - We improved the client performance indicators so you can better
assess the impact of the GRR clients on the machines they are
installed on. - We also added some server performance monitoring.
- The UI now also provides an HTTP Api to directly query GRR data.
This release also comes with new datastores. The SqliteDataStore is a
fast, local data store that is very easy to use. It's a good choice
for quickly setting up an instance and it's the fastest data store we
have but it limits your GRR server to use only a single machine since
it stores files locally.
Also new are two highly scalable data stores, the
MySQLAdvancedDataStore and the HTTPDataStore. Both those backends are
aimed at hosting rather big GRR instances and should scale well up to
thousands of clients.
There have also been tons of small improvements and bug fixes so we'd
highly recommend upgrading to the new server. There are some minor
backwards compatibility issues, please have a look at
https://github.com/google/grr-doc/blob/master/releasenotes.adoc
before upgrading.
As always, the best way to install / upgrade is to use the install
script as described in
https://github.com/google/grr-doc/blob/master/quickstart.adoc
Cheers,
-Andy