GRR Files

Added

• API Changes:
• Added a new endpoint to ApiListAllFlowOutputPluginLogs.
• Server-side support for the new agent (RRG) written in Rust. Both agents, the Python one and the Rust one, are currently supported. Actions are scheduled on either of the two agents, depending on their availability and the supported features.

Removed

• Legacy UI code completely removed, along with reflection API endpoints used in it.
• The Podman based dev environment was removed, docker compose watch can be used instead.

Changed

• API Changes:
• Legacy HTTP API removed (v1 - /api/...), in favor of v2 (/api/v2/...). The v2 API is 100% protocol buffers-based, and the json format is not the same as the legacy RDF-based version.
• All API Routers and Handlers now 100% protocol-buffer based. If you have custom router implementations, you'll need to update them. You can use the current implementations as guides.
• Added argument to configure ListGRRBinaries API method. Only if include_metadata is set to true metadata (binary size, valid_signature and timestamp) is included in the API response.
• ListFlows API method (/api/clients/<client_id>/flows) now also contains progress data when top_flows_only is set to false.
• Stopped supporting outdated artifact types

• Removed stats/reports API Handlers (used only in the legacy UI).

• New UI changes:

• Upgraded Angular and Material libraries to version 19.
• New layout/design.
• Improved loading speed of several API endpoints and improved overall performace by preloading and caching data.
• Dark mode.
• Display of nested flows.
• Added debugging information for flows: logs, additional flow information.
• Added debugging information for fleet collections: logs, additional fleet collection information.

• Added missing flows, details about client startups, fleet collection configuration, more compact representation, and much more!

• Flows:

• Refactored to use protocol buffers in the child classes. If you have your own custom flow implementations, you'll need to adapt and can use the existing classes as a guide. Further refactorings will come in new releases.
• Flow states refactored to be protocol-buffer based stores.
• Flow progress refactored to be protocol-buffer based.
• Refactored to use RRG agent when available.
• Return type of the Interrogate flow changed from ClientSummary to ClientSnapshot. ClientSnapshot contains a superset of the information contained in ClientSummary.

• Removed GetFile flow.

• Fleet collections (fka Hunts):

• Variable hunts no longer supported.

• Other:

• ExportConverters are now protocol-buffer based, and no longer automatically convert values automatically if the data was never seen before or there's no exported definition. We now provide well-defined protocol buffer messages for all the results we have from our flows. If you have custom ones, you'll need to implement converters for them and provide a well defined type for the output.
• OutputPlugins - most implementations are removed, except the EmailOutputPlugin. This is part of an ongoing migration out of RDF-values and towards protocol buffers. The new interface OutputPluginProto no longer has a state. If you rely on the previously provided OutputPlugins, you'll need to add an equivalent OutputPluginProto implementation - we're happy to receive contributions!