Friday, October 24, 2014

GRR Rapid Response Blog

Hey everyone,

Your favorite open source incident response project, GRR (https://github.com/google/grr) now has a blog!

We are going to use this blog to write about incident response, tricky technical challenges we have encountered, how you can use GRR to do amazing things, and whatever else comes to our minds.
 
We hope you'll find it interesting!
-The GRR team

4 comments:

  1. Hello, This might not be the area to post a question so forgive me if this is in the incorrect location. Has anyone figured out how to turn ON the HTTPS option in GRR? I have tried searching but have not found anything. If I understand it correctly GRR only uses HTTP for it's call backs. What if I want it to be secure. Any direction you can give me would be great. Thanks.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Hey Josh,

    The best place for this kind of questions is our user mailing list: https://groups.google.com/forum/#!forum/grr-users

    To answer your question, all data sent between the GRR client and server is of course encrypted. We just send the encrypted messages using HTTP since that might in some rare cases work where HTTPS is blocked for some reasons. Adding another layer of encryption on top by using HTTPS will not get you more security which is why we don't do it (it's pretty straightforward to set up if you really want to though).

    Cheers,
    -Andy


    ReplyDelete
  4. Thanks for responding Andreas. I think I found the mailing group after I posted my question. I will pass this onto my leadership and see what they say but I'm 99.9% sure they're going to come back with it has to be secure. At least they will get that fuzzy feeling of being secure even though they won't have anything past was already been implemented.

    ReplyDelete