def collect( self, artifact: Text, ) -> Sequence[Union[message.Message, api_utils.UnknownProtobuf]]: """Collects specified artifact. Args: artifact: A name of the artifact to collect. Returns: A list of results that artifact collection yielded. """ args = flows_pb2.ArtifactCollectorFlowArgs() args.artifact_list.append(artifact) args.apply_parsers = True try: ac = self._client.CreateFlow(name='ArtifactCollectorFlow', args=args) except api_errors.AccessForbiddenError as e: raise errors.ApprovalMissingError(self.id, e) _timeout.await_flow(ac) return [_.payload for _ in ac.ListResults()]
def _ProcessThread(self, client): """Processes a single GRR client. This function is used as a callback for the processing thread. Args: client (object): a GRR client object. """ system_type = client.data.os_info.system self.logger.info('System type: {0:s}'.format(system_type)) # If the list is supplied by the user via a flag, honor that. artifact_list = [] if self.artifacts: self.logger.info('Artifacts to be collected: {0!s}'.format( self.artifacts)) artifact_list = self.artifacts else: default_artifacts = self.artifact_registry.get(system_type, None) if default_artifacts: self.logger.info( 'Collecting default artifacts for {0:s}: {1:s}'.format( system_type, ', '.join(default_artifacts))) artifact_list.extend(default_artifacts) if self.extra_artifacts: self.logger.info('Throwing in an extra {0!s}'.format( self.extra_artifacts)) artifact_list.extend(self.extra_artifacts) artifact_list = list(set(artifact_list)) if not artifact_list: return flow_args = flows_pb2.ArtifactCollectorFlowArgs( artifact_list=artifact_list, use_tsk=self.use_tsk, ignore_interpolation_errors=True, apply_parsers=False) flow_id = self._LaunchFlow(client, 'ArtifactCollectorFlow', flow_args) if not flow_id: msg = 'Flow could not be launched on {0:s}.'.format( client.client_id) msg += '\nArtifactCollectorFlow args: {0!s}'.format(flow_args) self.ModuleError(msg, critical=True) self._AwaitFlow(client, flow_id) collected_flow_data = self._DownloadFiles(client, flow_id) if collected_flow_data: self.logger.info('{0!s}: Downloaded: {1:s}'.format( flow_id, collected_flow_data)) container = containers.File(name=client.data.os_info.fqdn.lower(), path=collected_flow_data) self.state.StoreContainer(container)
def Process(self): """Starts a new Artifact Collection GRR hunt. Raises: RuntimeError: if no items specified for collection. """ print('Artifacts to be collected: {0!s}'.format(self.artifacts)) hunt_args = grr_flows.ArtifactCollectorFlowArgs( artifact_list=self.artifacts, use_tsk=self.use_tsk, ignore_interpolation_errors=True, apply_parsers=False,) self._create_hunt('ArtifactCollectorFlow', hunt_args)
def process(self): """Collect the artifacts. Raises: RuntimeError: if no artifacts specified nor resolved by platform. """ # TODO(tomchop): Thread this for client in self._clients: # Create a list of artifacts to collect. system_type = client.data.os_info.system fqdn = client.data.os_info.fqdn.lower() client_dir = os.path.join(self.output_path) if not os.path.isdir(client_dir): os.makedirs(client_dir) print('System type: {0:s}'.format(system_type)) # If the list is supplied by the user via a flag, honor that. artifact_list = [] if self.artifacts: print('Artifacts to be collected: {0:s}'.format( self.artifacts)) artifact_list = self.artifacts else: default_artifacts = self.artifact_registry.get( system_type, None) print('Collecting default artifacts for {0:s}: {1:s}'.format( system_type, default_artifacts)) artifact_list.extend(default_artifacts) if self.extra_artifacts: print('Throwing in an extra {0:s}'.format( self.extra_artifacts)) artifact_list.extend(self.extra_artifacts) artifact_list = list(set(artifact_list)) if not artifact_list: raise RuntimeError('No artifacts to collect') flow_args = flows_pb2.ArtifactCollectorFlowArgs( artifact_list=artifact_list, use_tsk=self.use_tsk, ignore_interpolation_errors=True, apply_parsers=False) flow_id = self._launch_flow(client, 'ArtifactCollectorFlow', flow_args) self._await_flow(client, flow_id) self.state.output.append((fqdn, client_dir))
def process(self): """Construct and start new Artifact Collection hunt. Returns: The newly created GRR hunt object. Raises: RuntimeError: if no items specified for collection. """ print('Artifacts to be collected: {0:s}'.format(self.artifacts)) hunt_args = flows_pb2.ArtifactCollectorFlowArgs( artifact_list=self.artifacts, use_tsk=self.use_tsk, ignore_interpolation_errors=True, apply_parsers=False, ) return self._create_hunt('ArtifactCollectorFlow', hunt_args)
def _ProcessThread(self, client): """Processes a single GRR client. This function is used as a callback for the processing thread. Args: client (object): a GRR client object. """ system_type = client.data.os_info.system print('System type: {0:s}'.format(system_type)) # If the list is supplied by the user via a flag, honor that. artifact_list = [] if self.artifacts: print('Artifacts to be collected: {0!s}'.format(self.artifacts)) artifact_list = self.artifacts else: default_artifacts = self.artifact_registry.get(system_type, None) if default_artifacts: print('Collecting default artifacts for {0:s}: {1:s}'.format( system_type, ', '.join(default_artifacts))) artifact_list.extend(default_artifacts) if self.extra_artifacts: print('Throwing in an extra {0!s}'.format(self.extra_artifacts)) artifact_list.extend(self.extra_artifacts) artifact_list = list(set(artifact_list)) if not artifact_list: return flow_args = flows_pb2.ArtifactCollectorFlowArgs( artifact_list=artifact_list, use_tsk=self.use_tsk, ignore_interpolation_errors=True, apply_parsers=False) flow_id = self._LaunchFlow(client, 'ArtifactCollectorFlow', flow_args) self._AwaitFlow(client, flow_id) collected_flow_data = self._DownloadFiles(client, flow_id) if collected_flow_data: print('{0!s}: Downloaded: {1:s}'.format(flow_id, collected_flow_data)) fqdn = client.data.os_info.fqdn.lower() self.state.output.append((fqdn, collected_flow_data))