API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| 514bdd5ee6502807 | Artifact: Server.Internal.ArtifactDescription Author: Category: Server | velociraptor |
| 5f149c556963a504 | Artifact: Server.Internal.Welcome Author: Category: Server This is the welcome screen in the Velociraptor GUI. You can customize this screen by editing this artifact. When editing the artifact in… | velociraptor |
| 8bb9d717fb986ff9 | Artifact: Server.Internal.Inventory Author: Category: Server An internal artifact to listen to inventory (tools) changes. | velociraptor |
| 44caef44682b7d0f | Artifact: Server.Internal.ClientDelete Author: Category: Server An internal queue that receives events when a client is deleted. | velociraptor |
| 4af6d686e2bc92de | Artifact: Server.Internal.MetadataModifications Author: Category: Server This event artifact is an internal event stream over which notifications of server metadata modifications are sent. Note:… | velociraptor |
| 27eaebfe71afec05 | Artifact: Server.Internal.MasterRegistrations Author: Category: Server The master will advertise to the minions the events it is interested in. | velociraptor |
| 3005f8f2e3e40d8f | Artifact: Server.Internal.ClientInfoSnapshot Author: Category: Server An internal artifact that fires when the master node writes a new snapshot. Minion use this to trigger a refresh of their client… | velociraptor |
| 4458f149dc9a7ae4 | Artifact: Server.Internal.ArtifactModification Author: Category: Server This event artifact is an internal event stream over which notifications of artifact modifications are sent. Interested… | velociraptor |
| f377a91002e82c60 | Artifact: Server.Internal.HuntUpdate Author: Category: Server An internal queue to notify hunt dispatchers on all minions that a certain hunt has changed and should be updated from the… | velociraptor |
| 035ee347c2fd2de1 | Artifact: Server.Monitoring.ScheduleHunt Author: Category: Server Run client interrogation periodically. This is a sample event artifact to schedule a hunt periodically. You can change it to launch… | velociraptor |
| d680045f27b09922 | Artifact: Server.Monitoring.ClientCount Author: Category: Server An artifact that sends an email every hour of the current state of the deployment. | velociraptor |
| dadc25c7439df438 | Artifact: Server.Monitoring.RSSFeeds Author: Category: Server Monitor RSS feeds for changes. By default this artifact will monitor the Velociraptor RSS feeds to inform users of critical CVEs or… | velociraptor |
| d3bb86211307557b | Artifact: Server.Monitoring.TimesketchUpload Author: Category: Server This artifact will automatically upload any Velociraptor timelines to Timesketch. | velociraptor |
| eff45d750b0b74e0 | Artifact: Server.Utils.DeleteMonitoringData Author: Category: Server Velociraptor collects monitoring data from endpoints all the time. Sometimes this data is no longer needed and we might want to… | velociraptor |
| 67440caafce3d9d9 | Artifact: Server.Utils.DeleteFlow Author: Category: Server This artifact permanently deletes a flow including it's metadata and uploaded files. NOTE: This action cannot be undone! The collection is… | velociraptor |
| c4358e0b78d6fbf7 | Artifact: Server.Utils.BackupDirectory Author: Category: Server This server monitoring artifact will automatically export and backup selected collected artifacts to a directory on the server. | velociraptor |
| 6e9e82ac2ceeb229 | Artifact: Server.Utils.DeadDiskClient Author: Category: Server Automates the analysis of dead disk images in Velociraptor Velociraptor can analyze dead disk images by using accessor remapping. The… | velociraptor |
| 8965bcdc8bf2d852 | Artifact: Server.Utils.CreateCollector Author: Category: Server A utility artifact to create a stand alone collector. This artifact is actually invoked by the Offline collector GUI and that is the… | velociraptor |
| c122ff9e891782d5 | Artifact: Server.Utils.TimesketchUpload Author: Category: Server Timesketch is an interactive collaborative timeline analysis tool that can be found at https://timesketch.org/ This artifact uploads… | velociraptor |
| b592d3172637b46e | Artifact: Server.Utils.KillClient Author: Category: Server This artifact aggressively kills a client. If the client runs as a service, it will restart by the service manager. NOTE: If the client… | velociraptor |
| f07eb2632597ea47 | Artifact: Server.Utils.ListUsers Author: Category: Server This server artifact is used to list all current users and their permissions and org access. NOTE: When collected in an org context only… | velociraptor |
| 00a48a5256ad4d7b | Artifact: Server.Utils.CollectClient Author: Category: Server This artifact simplifies collecting from a specific client by performing all steps automatically: 1. The collection will be… | velociraptor |
| 4814cec6baf5133e | Artifact: Server.Utils.StartHuntExample Author: Category: Server This example artifact shows how to create a utility artifact to provide low privileged users with a controlled ability to… | velociraptor |
| 8ef159c7370ed3cd | Artifact: Server.Utils.ExportHunt Author: Category: Server Export a hunt to a Zip download. Sometimes exporting a hunt through the GUI takes longer than the 10 Min limit. If you need more time, you… | velociraptor |
| 1cabc9605d6c102b | Artifact: Server.Utils.RemoveTimeline Author: Category: Server Remove a child timeline from a super timeline. | velociraptor |
| 16416f4529e5a004 | Artifact: Server.Utils.DeleteManyFlows Author: Category: Server Sometimes the Velociraptor server accumulates a lot of data that is no longer needed. This artifact will enumerate all flows from all… | velociraptor |
| c6a20f18fa133bc7 | Artifact: Server.Utils.BackupGCS Author: Category: Server This server monitoring artifact will automatically zip and backup any collected artifacts to GCS. You will need to provide credentials to… | velociraptor |
| 9e2b49598e54fb93 | Artifact: Server.Utils.AddTimeline Author: Category: Server Adds a new timeline to a super timeline. | velociraptor |
| a2f005378b50a1e5 | Artifact: Server.Utils.ImportCollection Author: Category: Server The Velociraptor offline collector is an automated, preconfigured collection tool. Users can use the collector to… | velociraptor |
| 8eb0e7c99ce57702 | Artifact: Server.Utils.ArtifactVerifier Author: Category: Server Verify a set of artifacts and returns results in a structured way. You can run this on the command line like: ``` velociraptor -r… | velociraptor |
| 8e124763e59a23e2 | Artifact: Server.Utils.CreateLinuxPackages Author: Category: Server Build Deb and RPM packages ready for deployment in the current org. This artifact depends on the following tool: *… | velociraptor |
| 311fb4ec10b8d38b | Artifact: Server.Utils.BackupS3 Author: Category: Server This server monitoring artifact will automatically zip and backup any collected artifacts to s3. You will need to provide credentials to… | velociraptor |
| 56614532f71538c6 | Artifact: Server.Utils.DeleteEvents Author: Category: Server This artifact permanently deletes Event files for client or monitoring events. NOTE: This action cannot be undone! The event files are… | velociraptor |
| 99c4b4342520f80e | Artifact: Server.Utils.AddUser Author: Category: Server This server artifact is used to add new user to the Velociraptor GUI. A new random password is generated for the user and stored in… | velociraptor |
| d2e969e1566c9614 | Artifact: Server.Utils.UploadTools Author: Category: Server Velociraptor can use external tools to deploy binaries on the endpoint for some artifacts that require it. Usually these binaries are… | velociraptor |
| a5b1026b91580eff | Artifact: Server.Utils.DeleteFavoriteFlow Author: Category: Server This artifact allows the user to delete a previously saved favorite. It will only affect the current user. | velociraptor |
| d1cd9b3eaba0f48c | Artifact: Server.Utils.DeleteClient Author: Category: Server This artifact completely removes a client from the data store. Be careful with this one: there is no way to recover old data. However,… | velociraptor |
| a247be9459ad3701 | Artifact: Server.Utils.CancelHunt Author: Category: Server Sometimes a hunt is issued which is no longer useful. While stopping the hunt from the GUI prevents new clients from receiving the hunt, it… | velociraptor |
| 47723542ce008cb9 | Artifact: Server.Utils.DeleteNotebook Author: Category: Server Completely removes a notebook from the server including all its cells, attachments etc. | velociraptor |
| 46dd3110c7690f7c | Artifact: Server.Utils.CreateMSI Author: Category: Server Build an MSI ready for deployment in the current org. This artifact depends on the following tools: * <velo-tool-viewer… | velociraptor |
| eba990f708bd326b | Artifact: Server.Utils.SaveFavoriteFlow Author: Category: Server Users may collect various artifacts from hosts. Sometimes it might take a bit of effort to setup and configure just the… | velociraptor |
| a810d99064429dbc | Artifact: Server.Utils.Policy Author: Category: Server This artifact defines a set of security policies. | velociraptor |
| 509b1aa3412c71cc | Artifact: Server.Powershell.EncodedCommand Author: Category: Server It is possible to pass PowerShell an encoded script. This artifact decodes such scripts. NOTE: The client must be running the… | velociraptor |
| bb3718359009877a | Artifact: Server.Alerts.TheHive.Alert Author: Wes Lambert - @therealwlambert Category: Server Creates a TheHive alert when monitored artifacts complete with results. The artifact uses Server… | velociraptor |
| 0972ea77ac799fb0 | Artifact: Server.Alerts.TheHive.Case Author: Wes Lambert - @therealwlambert Category: Server Creates a TheHive case when monitored artifacts complete with results. Adds the ClientId, FlowId, and… | velociraptor |
| 81080b4f575e6bdd | Artifact: Server.Slack.Clients.Online Author: Category: Server Send a message to slack when clients come online. This artifact searches for all clients that carry the label "Slack" by default, and… | velociraptor |
| 0ec694cac8065d9c | Artifact: Generic.Forensic.HashLookup Author: Category: Generic This artifact is a server event artifact that collects hashes from various sources into a central location. It is possible to… | velociraptor |
| 7807c044956f3184 | Artifact: Generic.Forensic.Timeline Author: Category: Generic This artifact generates a timeline of a file glob in bodyfile format. We currently do not calculate the md5 because it is… | velociraptor |
| c5f4ef7d0429c0a5 | Artifact: Generic.Collectors.File Author: Category: Generic Collects files using a set of globs. All globs must be on the same device. The globs will be searched in one pass - so you can… | velociraptor |
| d1bff7e0819b7af7 | Artifact: Generic.Client.Trace Author: Category: Generic This artifact collects profiling information about the running client. The artifact is automatically added when the GUI selects a non zero… | velociraptor |