API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| d89b9b8be1faec91 | Artifact: Linux.Events.HTTPConnections Author: Category: Linux This artifact uses eBPF to track HTTP and parse connections from various processes. NOTE: This event is generated from network traffic… | velociraptor |
| e955867bc1af72d1 | Artifact: Linux.Events.SSHBruteforce Author: Category: Linux A monitoring artifact which detects a successful SSH login preceded by some failed attempts within the last hour. This is particularly… | velociraptor |
| 0fe158270673f7e7 | Artifact: Linux.Events.EBPF Author: Category: Linux This artifact forwards EBPF events generated on the endpoint. | velociraptor |
| b30bdf794fcbdf10 | Artifact: Linux.Events.TrackProcesses Author: Category: Linux This artifact uses eBPF and pslist to keep track of running processes by using the Velociraptor process tracker. The process tracker… | velociraptor |
| 31c4ab227afe73ee | Artifact: Linux.Events.ProcessExecutions Author: Category: Linux This artifact collects process execution logs from the Linux kernel. This artifact relies on the presence of `auditctl` usually… | velociraptor |
| dd70935c1049d9b6 | Artifact: Linux.Events.Journal Author: Category: Linux Watches the binary journal logs. Systemd uses a binary log format to store logs. | velociraptor |
| 73d9a9e014c0c29e | Artifact: Linux.Search.FileFinder Author: Category: Linux Find files on the filesystem using the filename or content. ## Performance Note This artifact can be quite expensive, especially if we… | velociraptor |
| 3965502623cd0e44 | Artifact: Linux.Utils.InstallDeb Author: Andreas Misje – @misje Category: Linux Install a deb package and configure it with debconf answers. The package may either be specified by name, as an… | velociraptor |
| e3f682425d55a3f1 | Artifact: Linux.Sys.Users Author: Category: Linux Get User specific information like homedir, group, etc. from `/etc/passwd`. | velociraptor |
| 986c80bf82c67d3c | Artifact: Linux.Sys.BashHistory Author: Matt Green - @mgreen27 Category: Linux This artifact enables grep-like searching of Bash and alternate shell history files. It can also be used to target… | velociraptor |
| 396e9ed1e2136e2d | Artifact: Linux.Sys.Maps Author: Category: Linux A running binary may link other binaries into its address space. These shared objects contain exported functions which may be used by the… | velociraptor |
| 027d6bd8bf99458b | Artifact: Linux.Sys.Crontab Author: Category: Linux Displays parsed information from crontab. | velociraptor |
| 52490aa65b0d3d9c | Artifact: Linux.Sys.Groups Author: Andreas Misje – @misje Category: Linux Get system group IDs, names and memberships from /etc/group | velociraptor |
| 61c1a2d6766fd5f4 | Artifact: Linux.Sys.CPUTime Author: Category: Linux Displays information from /proc/stat file about the time the cpu cores spent in different parts of the system. | velociraptor |
| 64b69945b0d3bc68 | Artifact: Linux.Sys.BashShell Author: Category: Linux This artifact allows running arbitrary commands through the system shell. Since Velociraptor typically runs as root, the commands will also run… | velociraptor |
| 75f47b1adc4a469a | Artifact: Linux.Sys.Pslist Author: Category: Linux List processes and their running binaries. | velociraptor |
| 6d5b30a32b8e9e06 | Artifact: Linux.Sys.LastUserLogin Author: Category: Linux Finds and parses system WTMP files. These indicate when users last logged in. | velociraptor |
| 0e599cc921092211 | Artifact: Linux.Sys.ACPITables Author: Category: Linux Firmware ACPI functional table common metadata and content. | velociraptor |
| 0dcd481eb6c87aad | Artifact: Linux.Sys.LogHunter Author: Matt Green - @mgreen27 Category: Linux Allows grep-like searching of Linux, MacOS and Windows logs. Parameters include `SearchRegex` and `WhitelistRegex` as… | velociraptor |
| 7cdc9a183f241b36 | Artifact: Linux.Sys.SUID Author: Category: Linux Searches for applications that have the `setuid` or `setgid` bits set. When the `setuid` or `setgid` bits are set on Linux or macOS for… | velociraptor |
| 4afc51fa4009b399 | Artifact: Linux.Sys.LogGrep Author: Matt Green - @mgreen27 Category: Linux This artifact enables zgrep-like searching of Linux logs, including gzipped log files. | velociraptor |
| cbb1bcb4fa40bdec | Artifact: Linux.Sys.Services Author: Category: Linux Parse services from systemctl | velociraptor |
| 401f846fcd8e626d | Artifact: Linux.Triage.ProcessMemory Author: Category: Linux Dump process memory and upload to the server | velociraptor |
| ce800c0f00a7c72d | Artifact: Linux.SuSE.Packages Author: Hilko Bengen <bengen@hilluzination.de> Category: Linux Parse list of installed packages from `zypper` output | velociraptor |
| 904c7e28dc8e8a30 | Artifact: Linux.Detection.Yara.Process Author: Matt Green - @mgreen27 Category: Linux This artifact enables running YARA over processes in memory. There are 2 kinds of YARA rules that can be… | velociraptor |
| 6c35f3768185fa2b | Artifact: Linux.Applications.Docker.Info Author: Category: Linux Get Dockers info by connecting to its socket. | velociraptor |
| 5fe08690fbc92d10 | Artifact: Linux.Applications.Docker.Version Author: Category: Linux Get Dockers version by connecting to its socket. | velociraptor |
| 12275b8dc18e0817 | Artifact: Linux.Applications.Chrome.Extensions Author: Category: Linux Fetch Chrome extensions. Chrome extensions are installed into the user's home directory. We search for manifest.json files in… | velociraptor |
| b2c5923efb8e5c66 | Artifact: Linux.Applications.Chrome.Extensions.Upload Author: Category: Linux Upload all users chrome extension. We don't bother actually parsing anything here, we just grab all the extension files… | velociraptor |
| f6e7ec713c5142fe | Artifact: Triage.Collection.Upload Author: Category: Triage A Generic uploader used by triaging artifacts. | velociraptor |
| 0f9e2132d19aa54c | Artifact: Triage.Collection.UploadTable Author: Category: Triage A Generic uploader used by triaging artifacts. This is similar to `Triage.Collection.Upload` but uses a CSV table to drive it. | velociraptor |
| 2758a83cf78b3458 | SCA Check 35500: Ensure mounting of cramfs filesystems is disabled. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] The cramfs filesystem type… | wazuh-sca |
| e787f496b3837f8a | SCA Check 35501: Ensure freevxfs kernel module is not available. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] The freevxfs filesystem type… | wazuh-sca |
| b08197f05ae37208 | SCA Check 35502: Ensure hfs kernel module is not available. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] The hfs filesystem type is a… | wazuh-sca |
| 08b2e0c28718e923 | SCA Check 35503: Ensure hfsplus kernel module is not available. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] The hfsplus filesystem type is… | wazuh-sca |
| 007f68ba0e202f84 | SCA Check 35504: Ensure jffs2 kernel module is not available. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] The jffs2 (journaling flash… | wazuh-sca |
| 612b1ec2a5a03b68 | SCA Check 35505: Ensure overlayfs kernel module is not available. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] overlayfs is a Linux… | wazuh-sca |
| d315f7e7787bc7f6 | SCA Check 35506: Ensure squashfs kernel module is not available. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] The squashfs filesystem type… | wazuh-sca |
| 8c9e121a21138e4c | SCA Check 35507: Ensure udf kernel module is not available. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] The udf filesystem type is the… | wazuh-sca |
| 983aaf572bc1c11b | SCA Check 35508: Ensure usb-storage kernel module is not available. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0002', 'TA0005'] Techniques: ['T1562', 'T1070', 'T1059', 'T1105']… | wazuh-sca |
| 1f8a25074231ed1a | SCA Check 35509: Ensure unused filesystems kernel modules are not available. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] Filesystem kernel… | wazuh-sca |
| 1611a1163b4b9dc5 | SCA Check 35510: Ensure /tmp is a separate partition. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] The /tmp directory is a world-writable… | wazuh-sca |
| 9477a0695b279bef | SCA Check 35511: Ensure nodev option set on /tmp partition. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] The nodev mount option specifies… | wazuh-sca |
| 98855a8b2a66f685 | SCA Check 35512: Ensure nosuid option set on /tmp partition. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0009', 'TA0010'] Techniques: ['T1005', 'T1025', 'T1041', 'T1567',… | wazuh-sca |
| b2695211c421e8d0 | SCA Check 35513: Ensure noexec option set on /tmp partition. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0009', 'TA0010'] Techniques: ['T1005', 'T1025', 'T1041', 'T1567',… | wazuh-sca |
| ca113b6c8fcddd9b | SCA Check 35514: Ensure /dev/shm is a separate partition. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] The /dev/shm directory is a… | wazuh-sca |
| 5b8bc12049d7977d | SCA Check 35515: Ensure nodev option set on /dev/shm partition. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0009', 'TA0010'] Techniques: ['T1005', 'T1025', 'T1041', 'T1567',… | wazuh-sca |
| 6b95d4305671e4d9 | SCA Check 35516: Ensure nosuid option set on /dev/shm partition. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0009', 'TA0010'] Techniques: ['T1005', 'T1025', 'T1041', 'T1567',… | wazuh-sca |
| 6ea25d26534c850c | SCA Check 35517: Ensure noexec option set on /dev/shm partition. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0009', 'TA0010'] Techniques: ['T1005', 'T1025', 'T1041', 'T1567',… | wazuh-sca |
| b8bb68d1997a7dc9 | SCA Check 35518: Ensure separate partition exists for /home. Policy: CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0. Tactics: ['TA0009', 'TA0010'] Techniques: ['T1005', 'T1025', 'T1041', 'T1567',… | wazuh-sca |