Merge branch 'markdown-new' of https://github.com/google/grr-doc into…

… markdown-new

docs/developing-grr/contributing.md

@@ -26,12 +26,12 @@ we recommend these as good starting points:
   - Add a new parser to parse a new filetype, e.g. if you have a
     different Anti-virus or HIDS log you want to parse.
 
-## Contributor License Agreement
+## License Agreement
 
-GRR is an opensource project released under the [Apache
+GRR is an opensource project released under the [Apache 2.0
 License](https://github.com/google/grr/blob/master/LICENSE) and you should feel
 free to use it in any way compatible with this.  However, in order to accept
-changes into the GRR mainline repository we must ask that keep a signed a
+changes into the GRR mainline repository we must ask that you keep a signed
 [Google Contributor License Agreement](https://cla.developers.google.com/clas)
 on file.
 

docs/faq.md

@@ -343,8 +343,9 @@ is not your average pet python project.
 Having said that, the most common action of just collecting something
 from machines and parsing what you get back has been made significantly
 easier with [the artifacts
-system](user_manual.md#artifacts).
-This allows you to specify complex multi-operating system collection
+system](investigating-with-grr/artifacts/overview.md).
+This allows you 
+to specify complex multi-operating system collection
 tasks with just a few lines of YAML, and collect any of the hundreds of
 pre-defined forensic artifacts with the click of a button.
 
@@ -366,11 +367,10 @@ happy to see others use GRR in their commercial consulting practices.
 
 There isn’t one. We ship with basic auth which [doesn’t really handle
 logout](http://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication),
-you need to close the browser. This is OK for testing, but for
-production we expect you to sit a reverse proxy in front of the UI that
-handles auth, or write a webauth module for GRR. See the [Authentication
-to the
-AdminUI](admin.md#authentication-to-the-admin-ui)
+you need to close the browser. This is OK for testing, but for production we
+expect you to sit a reverse proxy in front of the UI that handles auth, or write
+a webauth module for GRR. See the [Authentication to the
+AdminUI](maintaining-and-tuning/user-management/authentication.md#authentication)
 section for more details.
 
 # How do I change the timezone from UTC?

docs/investigating-with-grr/searching-for-client.md

@@ -0,0 +1,74 @@
+# Searching For A Client
+
+In order to start interfacing with a client, we first need to search for
+it in the GUI. The GRR search bar is located at the top of the GUI and
+allows you to search clients based on:
+
+  - **Hostname:** "host:myhost-name"
+
+  - **Fully Qualified Domain Name (FQDN):**
+    "fqdn:myhost-name.organization.com", also prefixes of components,
+    e.g. "fqdn:myhost-name.organization"
+
+  - **MAC address:** "mac:eeffaabbccdd".
+
+  - **IP address:** "ip:10.10.10.10", also prefixes of bytes "ip:10.10".
+    Note that IP address is only collected during interrogate, which by
+    default is run once per week.
+
+  - **User:** "user:john"
+
+  - **Label:** "label:testmachines". Finds hosts with a particular GRR
+    label.
+
+  - **Time of Last Data Update:** Time ranges can be given using
+    "start\_date:" and "end\_date:" prefixes. The data is interpreted as
+    a human readable timestamp. Examples: start\_date:2015,
+    end\_date:2018-01-01.
+
+All of these keywords also work without the type specifier, though with
+less precision. For example "johnsmith" is both a user name and a
+hostname name, it will match both.
+
+Furthermore there are additional keywords such as OS and OS version. So
+"Windows" will find all windows machines and "6.1.7601SP1" will match
+Windows 7 machines with SP1 installed, "6.1.7601" will match those
+without a service pack.
+
+**By default, the search index only considers clients that have checked
+in during the last six months.** To override this behavior, use an
+explicit "start\_date:" directive as specified above.
+
+## Interpreting Client Search Results
+
+Searching returns a list of clients with the following information about
+each one:
+
+  - **Online**: An icon indicating whether the host is online or not.
+    Green means online; yellow, offline for some time; red, offline for
+    a long time.
+
+  - **Subject**: The client IDentifier. This is how GRR refers
+    internally to the system.
+
+  - **Host**: The name of the host as the operating system sees it.
+
+  - **Version**: The operating system version.
+
+  - **MAC**: A list of MAC addresses of the system.
+
+  - **Usernames**: A list of user accounts the operating system knows
+    about (usually users local to the system or that have logged in).
+
+  - **First Seen**: The time when the client first talked to the server.
+
+  - **OS install time**: The timestamp for the operating system install.
+
+  - **Labels**: Any labels applied to this client.
+
+  - **Last Checkin**: The last time the client communicated with the
+    server.
+
+Once you’ve found the client you were looking for, click on it and both
+the left panel and main panel will change to reflect you’re now working
+with a client.

mkdocs.yml

@@ -28,6 +28,7 @@ pages:
   - Overview: 'investigating-with-grr/overview.md'
   - Client-Server communication: 'investigating-with-grr/client-server-communication.md'
   - Security considerations: 'investigating-with-grr/security-considerations.md'
+  - Searching for a client: 'investigating-with-grr/searching-for-client.md'
   - Flows:
     - What are Flows and how to use them: 'investigating-with-grr/flows/what-are-flows.md'
     - Starting Flows: 'investigating-with-grr/flows/starting.md'