Adding nsrl importing.

docs/investigating-with-grr/importing-nsrl.md

@@ -0,0 +1,28 @@
+## Importing the NSRL
+
+The National Software Registry List (NSRL) is a collection of known
+software managed by NIST. It is commonly used in forensics to reduce the
+scope of analysis of already known software. This is typically done by
+whitelisting anything on the NSRL by hash.
+
+GRR has the ability to import the NSRL. This function prepopulates the
+GRR datastore with all known hashes and reduces the need for GRR to
+collect these from the client systems. This can be done by downloading
+the latest quarterly release of the NSRL from
+[NIST](http://www.nsrl.nist.gov/Downloads.htm#isos).
+
+1.  Download NSRL from NIST
+
+2.  Expand the zipped file containing hashes
+
+3.  Run "import\_nsrl\_hashes.py" with the appropriate configuration
+    options
+
+<!-- end list -->
+
+    ~/grr/tools# python import_nsrl_hashes.py --config /etc/grr/grr-server.yaml --filename /media/<path to expanded NSRL>/NSRLFile.txt
+    Imported 5000 hashes
+    Imported 10000 hashes
+    Imported 15000 hashes
+    Imported 20000 hashes
+    Imported 25000 hashes

mkdocs.yml

@@ -25,7 +25,6 @@ pages:
   - Troubleshooting ("I don't see my clients"): 'deploying-grr-clients/troubleshooting.md'
 - Investigating with GRR:
   - Overview: 'investigating-with-grr/overview.md'
-  - Glossary: 'investigating-with-grr/glossary.md'
   - Client-Server communication: 'investigating-with-grr/client-server-communication.md'
   - Security considerations: 'investigating-with-grr/security-considerations.md'
   - Flows:
@@ -54,6 +53,7 @@ pages:
   - Cron Jobs in GRR: 'investigating-with-grr/cron-jobs.md'
   - Automation with GRR API: 'investigating-with-grr/automation-with-api.md'
   - Emergency Code and Binary Pushes: 'investigating-with-grr/pushing-code.md'
+  - Importing the NSRL: 'investigating-with-grr/importing-nsrl.md'
   - Glossary: 'investigating-with-grr/glossary.md'
 - Maintaining and tuning GRR deployment:
   - Overview: 'maintaining-and-tuning/overview.md'