Complimentary Webhook for Collect? In this economy?
Sep 04, 2024
New month, new things.
I'll admit that while I've always been a fan of automation, we've been a little bit behind the times with how we've offered it in the past. In the early days of F-Response, one of the first things we did was develop an Active-X/COM object to allow you to script F-Response from COM aware applications. This was in the early 2000s.
Photo by Simon Kadula on Unsplash
Was anyone really using COM in the early 2000s?
Narrator: No. No, they were not.
Still, I believed in automation. I also might have been a little too mired in the late 90s and the scripting options of the day. I always thought late-binding binary objects was a pretty cool idea, but in practice it was hard to get people to use them. Not every COM aware platform supported all the features and there were so many little "black box" frustrations inside Windows that made the entire thing difficult to deliver.
We tried, but COM wasn't it.
Still, we didn't give up on automation. We just changed how we did it. Starting in F-Response v8, we shifted to an internal web remote procedure call system. Armed with our programming guide and any tool capable of making HTTP POST requests to localhost, you could automate actions with properly formatted JSON posts to a URL bound on your examiner machine.
It didn't happen over night, but before long there wasn't a single part of the F-Response that couldn't be automated using JSON posts.
Still, we wanted more.
We've been watching the space and reading the tea leaves. Organizations are leveraging EDR solutions at a staggering pace. The recent Crowdstrike issue only underscored what most of you already know. EDR is everywhere. That being said, we feel like there's a place for F-Response in this new world, specifically F-Response Collect, but we need to help that integration along.
So, that's what we did. It's in testing now, but should all go according to plan, F-Response Collect will include a webhook option in the next release.
Great, but what does that mean?
It means that, once configured, you'll be able to automate the creation of F-Response Collect tasks directly from solutions that support webhooks.
Imagine creating an alert/event in your EDR solution, then having that event trigger the creation of a physical memory image, or a volume image, or a disk image? It's all possible thanks to this webhook that's coming in the next release of F-Response Collect.
We like automation, always have, and hope this new feature gets you thinking about F-Response Collect and how to solve those last mile imaging challenges.
Thanks!
Matt