Skip to content

GRR release 4.0.0.0

Latest
Latest

Choose a tag to compare

View all tags
@s-westphal s-westphal released this 15 Dec 17:12
· 3 commits to master since this release
v.4.0.0.0-release
442d023
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • API Changes:
    • Added a new endpoint to ApiListAllFlowOutputPluginLogs.
  • Server-side support for the new agent (RRG)
    written in Rust. Both agents, the Python one and the Rust one, are currently
    supported. Actions are scheduled on either of the two agents, depending on
    their availability and the supported features.

Removed

  • Legacy UI code completely removed, along with reflection API endpoints used in
    it.
  • The Podman based dev environment was removed, docker compose watch can be
    used instead.

Changed

  • API Changes:

    • Legacy HTTP API removed (v1 - /api/...), in favor of v2 (/api/v2/...).
      The v2 API is 100% protocol buffers-based, and the json format is not the
      same as the legacy RDF-based version.
    • All API Routers and Handlers now 100% protocol-buffer based. If you have
      custom router implementations, you'll need to update them. You can use the
      current implementations as guides.
    • Added argument to configure ListGRRBinaries API method. Only if
      include_metadata is set to true metadata (binary size, valid_signature and
      timestamp) is included in the API response.
    • ListFlows API method (/api/clients/<client_id>/flows) now also contains
      progress data when top_flows_only is set to false.
    • Stopped supporting outdated artifact types
    • Removed stats/reports API Handlers (used only in the legacy UI).

  • New UI changes:

    • Upgraded Angular and Material libraries to version 19.
    • New layout/design.
    • Improved loading speed of several API endpoints and improved overall
      performace by preloading and caching data.
    • Dark mode.
    • Display of nested flows.
    • Added debugging information for flows: logs, additional flow information.
    • Added debugging information for fleet collections: logs, additional fleet
      collection information.
    • Added missing flows, details about client startups, fleet collection
      configuration, more compact representation, and much more!

  • Flows:

    • Refactored to use protocol buffers in the child classes. If you have your
      own custom flow implementations, you'll need to adapt and can use the
      existing classes as a guide. Further refactorings will come in new
      releases.
    • Flow states refactored to be protocol-buffer based stores.
    • Flow progress refactored to be protocol-buffer based.
    • Refactored to use RRG agent when available.
    • Return type of the Interrogate flow changed from ClientSummary to
      ClientSnapshot. ClientSnapshot contains a superset of the information
      contained in ClientSummary.
    • Removed GetFile flow.

  • Fleet collections (fka Hunts):

    • Variable hunts no longer supported.

  • Other:

    • ExportConverters are now protocol-buffer based, and no longer
      automatically convert values automatically if the data was never seen before
      or there's no exported definition. We now provide well-defined protocol buffer
      messages for all the results we have from our flows. If you have custom ones,
      you'll need to implement converters for them and provide a well defined type
      for the output.
    • OutputPlugins - most implementations are removed, except the
      EmailOutputPlugin. This is part of an ongoing migration out of RDF-values
      and towards protocol buffers. The new interface OutputPluginProto no
      longer has a state. If you rely on the previously provided OutputPlugins,
      you'll need to add an equivalent OutputPluginProto implementation - we're
      happy to receive contributions!
Assets 2
Loading