Google (GRR) Rapid Response – Incident Response Framework

GRR consists of an agent (client) that can be deployed to a target system, and
server infrastructure that can manage and talk to the agent.

Client Features:

  • Cross-platform support for Linux, Mac OS X and Windows clients.
  • Live remote memory analysis using open source memory drivers for Linux, Mac
    OS X and Windows, and the Rekall memory
    analysis framework.
  • Powerful search and download capabilities for files and the Windows registry.
  • Secure communication infrastructure designed for Internet deployment.
  • Client automatic update support.
  • Detailed monitoring of client CPU, memory, IO usage and self-imposed
    limits.

Server Features:

  • Fully fledged response capabilities handling most incident response and
    forensics tasks.
  • OS-level and raw file system access, using the SleuthKit (TSK).
  • Enterprise hunting (searching across a fleet of machines) support.
  • Fully scalable back-end to handle very large deployments.
  • Automated scheduling for recurring tasks.
  • Fast and simple collection of hundreds of digital forensic artifacts.
  • Asynchronous design allows future task scheduling for clients, designed to
    work with a large fleet of laptops.
  • Ajax Web UI.
  • Fully scriptable IPython console access.
  • Basic system timelining features.
  • Basic reporting infrastructure.

 

Requirements

  • A linux box. At the moment the full install is thoroughly tested end to end on Ubuntu Server 14.04 64-bit [1]. It works on other things fine [2], but that is what it’s tested on.

  • Recommend > 1GB Ram and a modern CPU if you want to run everything on one box
    (note that free Amazon EC2 instances don’t have enough RAM).

  • Some clients to talk to the server. OSX, Windows and Linux agents are
    supported.

Making it Go

Download the installation script e.g. using wget:

wget https://raw.githubusercontent.com/google/grr/master/scripts/install_script_ubuntu.sh

Run the installation script:

sudo bash install_script_ubuntu.sh

Read more at:

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used...

How to Install Parrot Security OS on VirtualBox in 2020

Parrot Security OS is a free GNU/LINUX distribution, released on 10th April 2013. It is a mixture of Kali Linux and Frozenbox OS, aims to...

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...