API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| 5aee45138d935d8b | Artifact: MacOS.System.Plist Author: Wes Lambert - @therealwlambert Category: MacOS This artifact collects and/or parses MacOS .plist files. While simple, this artifact allows users to specify a… | velociraptor |
| 17650d10a8634d4d | Artifact: MacOS.System.TCC Author: Wes Lambert - @therealwlambert Category: MacOS This artifact provides details around the TCC (Transparency, Consent, and Control) database, and can help reveal when… | velociraptor |
| 32e282b9971425b6 | Artifact: MacOS.Applications.MRU Author: Category: MacOS Parse the MRU from MacOS users | velociraptor |
| 80e5366307fda79b | Artifact: MacOS.OSQuery.Generic Author: Category: MacOS OSQuery is an excellent tool for querying system state across the three supported Velociraptor platform (Windows/Linux/MacOS). You can read… | velociraptor |
| dd383f4c88ce49bd | Artifact: MacOS.Search.FileFinder Author: Category: MacOS Find files on the filesystem using the filename or content. ## Performance Note This artifact can be quite expensive, especially if we… | velociraptor |
| 51bdc2aa967ce819 | Artifact: MacOS.Applications.Chrome.History Author: Category: MacOS Read all User's chrome history. ## NOTES: This artifact is deprecated in favor of Generic.Forensic.SQLiteHunter and will be… | velociraptor |
| 9d248e16cae8960b | Artifact: Elastic.Flows.Upload Author: Category: Elastic This server side event monitoring artifact waits for new artifacts to be collected from endpoints and automatically uploads those to… | velociraptor |
| d046cf5773019b2e | Artifact: Elastic.EventLogs.Sysmon Author: Category: Elastic Ships the Sysmon event log in ECS schema. The Elastic Common Schema (ECS) is an open source specification, developed with support from… | velociraptor |
| be34dcf50db9341a | Artifact: Elastic.Events.Upload Author: Category: Elastic This server monitoring artifact will watch a selection of client or server monitoring artifacts for new events and push those to an elastic… | velociraptor |
| 3d0873c04f11815b | Artifact: Splunk.Flows.Upload Author: Category: Splunk This server side event monitoring artifact waits for new artifacts to be collected from endpoints and automatically uploads those to a Splunk… | velociraptor |
| 25017f1c1a8e9bfe | Artifact: Notebooks.Sigma.Studio Author: Category: Notebooks A notebook to help develop Sigma rules. | velociraptor |
| cd12e27d64ecc990 | Artifact: Server.Import.ArtifactBundle Author: Category: Server Imports a zipped package containing Velociraptor artifacts from a remote web server. By default this artifact will automatically… | velociraptor |
| 64b93f493a645329 | Artifact: Server.Import.PreviousReleases Author: Category: Server When upgrading the Velociraptor server, the built-in artifacts may change and use newer VQL features that are not present in older… | velociraptor |
| 739f6ba0368eba8f | Artifact: Server.Import.Extras Author: Category: Server This artifact imports additional artifacts maintained outside the Velociraptor tree. * [The Velociraptor Sigma… | velociraptor |
| c242c8859aca3334 | Artifact: Server.Enrichment.Virustotal Author: Wes Lambert -- @therealwlambert, Whitney Champion -- @shortxstack Category: Server Submit a file hash or IP to VirusTotal for details. Note that the… | velociraptor |
| f7c38919524c7ed3 | Artifact: Server.Enrichment.CortexAnalyzer Author: Wes Lambert - @therealwlambert Category: Server Run Cortex analyzer jobs across all enabled and applicable analyzers (based on supported analyzer… | velociraptor |
| 55a4d96a4e9b177f | Artifact: Server.Enrichment.GeoIP Author: Category: Server This artifact can use the MaxMind database to Geo resolve an IP address. You will need to provide a valid GeoIP database. You can obtain a… | velociraptor |
| 814c52175f978c2f | Artifact: Server.Enrichment.GeoIPISP Author: Category: Server Look up geo-information for an IP address using the MaxMind "GeoIP ISP" database. You can obtain a free-to-use (gratis but not libre)… | velociraptor |
| 63997aefff527af7 | Artifact: Server.Enrichment.GreyNoise Author: Wes Lambert -- @therealwlambert Category: Server Submit an IP to the GreyNoise API. https://developer.greynoise.io/reference/community-api This is a… | velociraptor |
| 3497933538f2d213 | Artifact: Server.Enrichment.HybridAnalysis Author: Wes Lambert -- @therealwlambert Category: Server Submit a file hash to Hybrid Analysis for a verdict. Default free API restriction is 200… | velociraptor |
| d381d400052f9a2e | Artifact: Server.Monitor.ClientConflict Author: Category: Server Forces conflicting clients to rekey themselves. Sometimes the Velociraptor client is installed into a VM template image with an… | velociraptor |
| 8c264730f12cb0c3 | Artifact: Server.Monitor.VeloMetrics Author: Category: Server Get Velociraptor server metrics. | velociraptor |
| 34c3a600b0881cf5 | Artifact: Server.Monitor.Health Author: Category: Server This is the main server health dashboard. It is shown on the homescreen and enabled by default on all new installs. You may edit this… | velociraptor |
| 85c37086443eb4ca | Artifact: Server.Monitor.Profile Author: Category: Server This artifact collects profiling information from the running server. This is useful when you notice a high CPU load in the server and want… | velociraptor |
| 6c5e586a178eb001 | Artifact: Server.Monitor.Shell Author: Category: Server Velociraptor can get an interactive shell on the endpoint by using the shell command. To use it, the user must be directly logged on the… | velociraptor |
| d9460bb0124e0c9a | Artifact: Server.Audit.Logs Author: Category: Server This internal event artifact collects relevant audit events from the server. Audit events are significant auditable actions that a user takes,… | velociraptor |
| c6e8ce6f78bf00d6 | Artifact: Server.Orgs.ListOrgs Author: Category: Server This server artifact will list all currently configured orgs on the server. NOTE: This artifact is only available to users with the… | velociraptor |
| 4c1b16ffc3aa98f2 | Artifact: Server.Orgs.NewOrg Author: Category: Server This server artifact will create a new org and assign the current user as an admin to it. NOTE: This artifact is only available to users with… | velociraptor |
| 66cbed664121e7a0 | Artifact: Server.Alerts.ProcessCreation Author: Jos Clephas - @DfirJos Category: Server This artifact alerts when a process was detected with the artifact 'Windows.Detection.ProcessCreation' (which… | velociraptor |
| 0b3108965a09801c | Artifact: Server.Alerts.WinPmem Author: Category: Server Send an email if the pmem service has been installed on any of the endpoints. Note this requires that the… | velociraptor |
| c0526cb5a3fb177b | Artifact: Server.Alerts.PsExec Author: Category: Server Send an email if execution of the PsExec service was detected on any client. This is a server side artifact. Note this requires that the… | velociraptor |
| 2b2e2153938c515a | Artifact: Server.Alerts.Trackaccount Author: Jos Clephas - @DfirJos Category: Server This artifact alerts when account usage of a monitored account is detected. This is a server-side artifact, please… | velociraptor |
| beba88b6bb99afd2 | Artifact: Server.Alerts.Notification Author: Jos Clephas - @DfirJos Category: Server This artifact forwards alerts from Server.Internal.Alerts to a Slack/Teams/Discord via a Webhook. | velociraptor |
| 75abb8b83bbad503 | Artifact: Server.Hunts.AddFlow Author: Category: Server This artifact adds an existing flow to a running hunt. This helps in the case where the original flow in the hunt timed out. The user then… | velociraptor |
| 378afe427e1ba3fb | Artifact: Server.Hunts.CancelAndDelete Author: Category: Server Velociraptor Hunts are a way of running the same flow on many endpoints at once. Hunts issue very quickly and wait until each endpoint… | velociraptor |
| 9dd0cc2c75d44e77 | Artifact: Server.Hunts.Results Author: Category: Server Show the results from each artifact collection hunt. | velociraptor |
| 6221a0a8c9f9f30d | Artifact: Server.Hunts.List Author: Category: Server List Hunts currently scheduled on the server. | velociraptor |
| bf4d6845f129ec49 | Artifact: Server.Information.Users Author: Category: Server List the user names and SIDs on each machine. We get this information from the last time we collected Windows.Sys.Users. If we never… | velociraptor |
| cb88459f37372c2c | Artifact: Server.Internal.ClientConflict Author: Category: Server This event artifact is an internal event stream receiving events about client conflict. When two clients attempt to connect to the… | velociraptor |
| fdec8a03f35543b3 | Artifact: Server.Internal.ToolDependencies Author: Category: Server An internal artifact that defines some tool dependencies. Velociraptor releases for offline collector NOTE: Do not modify - this… | velociraptor |
| e2f27e20014e720c | Artifact: Server.Internal.ResumedUploads Author: Category: Server An internal artifact that display all resumed uploads | velociraptor |
| c06462bafd1532e1 | Artifact: Server.Internal.ClientInfo Author: Category: Server An internal artifact collecting client information. This is used to update the client info indexes. Clients send this automatically… | velociraptor |
| 94ff4cdb3898b691 | Artifact: Server.Internal.Interrogate Author: Category: Server An internal artifact used track new client interrogations by the Interrogation service. | velociraptor |
| 77409ee0481b7c3d | Artifact: Server.Internal.Interrogation Author: Category: Server This event artifact is an internal event stream over which client interrogations are sent. When the interrogation service… | velociraptor |
| 5b50218889cad05d | Artifact: Server.Internal.UserManager Author: Category: Server An internal artifact notifying when user accounts are modified. | velociraptor |
| fe88c74243605aed | Artifact: Server.Internal.ClientTasks Author: Category: Server This event will be fired when a client has new tasks scheduled. | velociraptor |
| 9d65a7a355d255fe | Artifact: Server.Internal.Alerts Author: Category: Server An internal event queue for alerts. All alerts sent from clients are collected in this event queue. Alerts are expected to be low frequency… | velociraptor |
| e847e14f6d8b24c4 | Artifact: Server.Internal.ClientPing Author: Category: Server An internal event channel for notifying about client pings. | velociraptor |
| a3381b531cef1239 | Artifact: Server.Internal.ClientScheduled Author: Category: Server This event will be fired when a client was sent flows to process. | velociraptor |
| d8333b045894f96c | Artifact: Server.Internal.HuntModification Author: Category: Server An internal queue to watch modifications of hunts. The hunt dispatcher from all nodes sends this mutation to the hunt… | velociraptor |