History

WebJob was initially written to assist Incident Response Handlers in their efforts to investigate potentially compromised systems. Often, these Handlers must work around the constraints imposed by the surrounding environment. For example, lack of physical or shell access, untrusted diagnostic programs, lack of encryption, many machines in need of investigation, and so on. Therefore, I felt that Handlers, or their eyes and ears in the field, needed an efficient way to import and run known good diagnostic tools when investigating live systems.

WebJob is lightweight, portable, and easy to use. This makes it a good candidate for establishing a foothold on the target system. Once there, all that is needed to begin diagnostics is a small configuration file and access to a remote WebJob server. When there are many machines to investigate, WebJob can be deployed in parallel, and all harvested output can be directed to and aggregated on a single server. This reduces the amount of manual data processing involved in collecting, tagging, and storing evidence. It also significantly reduces the amount time, effort, and resources needed to arrive at a determination.

Message digest (i.e., --hashsum) support first appeared in WebJob 1.3.0.

GetHook and Jid (Job ID) support first appeared in WebJob 1.4.0.

Digital Signature Verification (DSV) support and server-side GET/PUT triggers first appeared in WebJob 1.6.0.

Proxy support, get URL (i.e., --get-url) support, and dynamic content via server-side GET hooks first appeared in WebJob 1.7.0.

Queueing support via Job Queue Directories (JQD) and embedded Perl scripting (i.e., --run-embedded) first appeared in WebJob 1.8.0.