Document toolboxDocument toolbox

GRR

Owned by Jonas Gonzalez
Last updated: Nov 29, 2024
14 min read
[ 1 Connect GRR Authentication Information with Devo SOAR ] [ 2 Actions for GRR Authentication Information ] [ 2.1 List Hunts ] [ 2.1.1 Input Field ] [ 2.1.2 Output ] [ 2.2 Get Client ] [ 2.2.1 Input Field ] [ 2.2.2 Output ] [ 2.3 Create a Hunt ] [ 2.3.1 Input Field ] [ 2.3.2 Output ] [ 3 Release Notes ]

GRR Rapid Response is an incident response framework focused on remote live forensics.

Connect GRR Authentication Information with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for GRR Rapid Response.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. End Point: The URI of your GRR server.

  9. Username: Username for the GRR server.

  10. Password: Password for the GRR server.

  11. After you've entered all the details, click Connect.

Actions for GRR Authentication Information

List Hunts

Retrieve all the hunts.

Input Field

Choose a connection that you have previously created to complete the connection.

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Runs thorough analysis.

``` {json}{ "has_error": false, "results": [ { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1611292558530927", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:7C6B11F9", "isRobot": true, "huntId": "H:7C6B11F9", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1610687599751721", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:AE8B5617", "isRobot": true, "huntId": "H:AE8B5617", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1610082709345848", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:862C8EDA", "isRobot": true, "huntId": "H:862C8EDA", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1609477806512844", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:B447D00B", "isRobot": true, "huntId": "H:B447D00B", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1608872932791601", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:5A2CE614", "isRobot": true, "huntId": "H:5A2CE614", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1608268087045480", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:75203EFD", "isRobot": true, "huntId": "H:75203EFD", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1607663277947203", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:92B387DC", "isRobot": true, "huntId": "H:92B387DC", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1607058318005482", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:212D46B4", "isRobot": true, "huntId": "H:212D46B4", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1606453388159662", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:6D3A5C86", "isRobot": true, "huntId": "H:6D3A5C86", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1605848470571387", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:79D67F34", "isRobot": true, "huntId": "H:79D67F34", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1605243573906389", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:B411B97D", "isRobot": true, "huntId": "H:B411B97D", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1604638727516701", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:DFBF392", "isRobot": true, "huntId": "H:DFBF392", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1604033891283618", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:7F32F7AC", "isRobot": true, "huntId": "H:7F32F7AC", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1603429076438226", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:210FC002", "isRobot": true, "huntId": "H:210FC002", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1602824275244959", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:6B24A7F3", "isRobot": true, "huntId": "H:6B24A7F3", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1602219260109136", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:49A086B1", "isRobot": true, "huntId": "H:49A086B1", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1601614439321280", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:251CD19C", "isRobot": true, "huntId": "H:251CD19C", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1601009502020898", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:9F8F224A", "isRobot": true, "huntId": "H:9F8F224A", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1600404681243083", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:CC18B0A7", "isRobot": true, "huntId": "H:CC18B0A7", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1599799730594210", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:2B5C294A", "isRobot": true, "huntId": "H:2B5C294A", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1599194930320260", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:37DB75E5", "isRobot": true, "huntId": "H:37DB75E5", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1598590004978922", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:B6292DF9", "isRobot": true, "huntId": "H:B6292DF9", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1597985047082265", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:8B8593D6", "isRobot": true, "huntId": "H:8B8593D6", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1597380106241883", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:32C35A5F", "isRobot": true, "huntId": "H:32C35A5F", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1596775191063844", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:79ECD30D", "isRobot": true, "huntId": "H:79ECD30D", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1596170280927853", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:3397BCF3", "isRobot": true, "huntId": "H:3397BCF3", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1595565390773649", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:9D8C3578", "isRobot": true, "huntId": "H:9D8C3578", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1594960382844155", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:A2999B02", "isRobot": true, "huntId": "H:A2999B02", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1594355577224897", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:5D2C6584", "isRobot": true, "huntId": "H:5D2C6584", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1593750735039424", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:D6635800", "isRobot": true, "huntId": "H:D6635800", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1593145912502496", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:13BA5488", "isRobot": true, "huntId": "H:13BA5488", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1592541110374129", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:DEA586DA", "isRobot": true, "huntId": "H:DEA586DA", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1591936142636404", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:B3C996C8", "isRobot": true, "huntId": "H:B3C996C8", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1591331307366035", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:9A6A4156", "isRobot": true, "huntId": "H:9A6A4156", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1590726334841924", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:FFD1FF3C", "isRobot": true, "huntId": "H:FFD1FF3C", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1590121300362758", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:415E7313", "isRobot": true, "huntId": "H:415E7313", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1589516305553250", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:ADA4E758", "isRobot": true, "huntId": "H:ADA4E758", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1588911309980007", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:65BCA25D", "isRobot": true, "huntId": "H:65BCA25D", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1588306379935197", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:2E05B7EA", "isRobot": true, "huntId": "H:2E05B7EA", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1587701413694968", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:216A3226", "isRobot": true, "huntId": "H:216A3226", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1587096491593326", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:F6387A53", "isRobot": true, "huntId": "H:F6387A53", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1586491580481402", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:25F19A15", "isRobot": true, "huntId": "H:25F19A15", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1585886680811353", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:95483725", "isRobot": true, "huntId": "H:95483725", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1585281790430823", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:892376C3", "isRobot": true, "huntId": "H:892376C3", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1584676912500267", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:68F9C9AD", "isRobot": true, "huntId": "H:68F9C9AD", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1584072082810107", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:3FABE0F0", "isRobot": true, "huntId": "H:3FABE0F0", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1583467272628928", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:191EA8E5", "isRobot": true, "huntId": "H:191EA8E5", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1582862472697919", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:B907F246", "isRobot": true, "huntId": "H:B907F246", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1582257387413218", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:535ABEE0", "isRobot": true, "huntId": "H:535ABEE0", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1581652320662200", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:7193F2AC", "isRobot": true, "huntId": "H:7193F2AC", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1581047267770513", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:24CB1587", "isRobot": true, "huntId": "H:24CB1587", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1580442244314320", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:20BFC641", "isRobot": true, "huntId": "H:20BFC641", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1579837225215904", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:214A1D93", "isRobot": true, "huntId": "H:214A1D93", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1579232225517664", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:8F8044C6", "isRobot": true, "huntId": "H:8F8044C6", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1578627250163919", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:5D0648CA", "isRobot": true, "huntId": "H:5D0648CA", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1578022283523996", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:B7151968", "isRobot": true, "huntId": "H:B7151968", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1577417343077075", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:3FB8C569", "isRobot": true, "huntId": "H:3FB8C569", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1576812416718393", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:50E5D109", "isRobot": true, "huntId": "H:50E5D109", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1576207504148655", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:58145FC1", "isRobot": true, "huntId": "H:58145FC1", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1575602609545281", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:37427662", "isRobot": true, "huntId": "H:37427662", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1574997734355694", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:FF98AC45", "isRobot": true, "huntId": "H:FF98AC45", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1574392875121768", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:41C859E5", "isRobot": true, "huntId": "H:41C859E5", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1573788034125771", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:97506ECE", "isRobot": true, "huntId": "H:97506ECE", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1573183206900029", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:82105047", "isRobot": true, "huntId": "H:82105047", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1572578394332167", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:93CC3D9E", "isRobot": true, "huntId": "H:93CC3D9E", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1571973297834358", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:8A936991", "isRobot": true, "huntId": "H:8A936991", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1571368217797222", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:99A2D4C7", "isRobot": true, "huntId": "H:99A2D4C7", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1570763152080356", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:846ACF17", "isRobot": true, "huntId": "H:846ACF17", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." }, { "crashLimit": "100", "clientsWithResultsCount": "0", "clientLimit": "100", "name": "GenericHunt", "created": "1570506575043948", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:E3D9A43", "isRobot": false, "huntId": "H:E3D9A43", "clientRate": 20.5, "state": "PAUSED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "admin", "totalNetUsage": "0", "description": "A1007_2 des" }, { "crashLimit": "100", "clientsWithResultsCount": "0", "clientLimit": "50", "name": "GenericHunt", "created": "1570506538591731", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:F5946E7E", "isRobot": false, "huntId": "H:F5946E7E", "clientRate": 20.5, "state": "PAUSED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "admin", "totalNetUsage": "0", "description": "A1007_1 des" }, { "crashLimit": "500", "clientsWithResultsCount": "0", "clientLimit": "0", "name": "GenericHunt", "created": "1570158101015213", "totalCpuUsage": 0, "urn": "aff4:/hunts/H:A232CC80", "isRobot": true, "huntId": "H:A232CC80", "clientRate": 50, "state": "STARTED", "resultsCount": "0", "clientsQueuedCount": "0", "creator": "GRRWorker", "totalNetUsage": "0", "description": "Interrogate run by cron to keep hostinfo fresh." } ], "error": null }

## Search Clients Retrieve the clients using an optional query. ### Input Field | Input Name | Description | Required | | :--------- | :-------------------------------------------------------------------------------------------------------- | :------- | | Query | A query that will be used to filter clients, such as 'host:suspicious.corp.com' (default is Empty value). | Required | ### Output A JSON object containing multiple rows of result: - has_error: True/False - error: message/null - result: Runs a query. ``` {json}{ "has_error": false, "results": [], "error": null }

Get Client

Retrieves the properties of a client by ID.

Input Field

Input Name

Description

Required

Input Name

Description

Required

Column Name

The name of the column holding the id of the client to retrieve.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

``` {json}{ "has_error": true, "error": "An error occurred: client_id can't be empty." }

## Get Hunt Retrieves the properties of a hunt by ID. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | :---------- | :------------------------------------------------------------- | :------- | | Column Name | The name of the column holding the id of the hunt to retrieve. | Required | ### Output A JSON object containing multiple rows of result: - has_error: True/False - error: message/null ``` {json}{ "has_error": true, "error": "An error occurred: hunt_id can't be empty." }

Create a Hunt

Create a Hunt.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Flow Name Column

The name of the column that holds the name of the flow.

Required

Flow Args Template

A Jinja template of the JSON representation of the flow arguments.

Required

Flow Name Template

A Jinja template of the JSON representation of the flow arguments.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

Release Notes

  • v2.0.6 - Changed from python2 to python3 for vulnerability fix.

  • v2.0.0 - Updated architecture to support IO via filesystem

  • v1.0.10 - Added documentation link in the automation library.