API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| 48859187a1c3d695 | GET /api/taskpriority/{taskpriority_id}/ single object, allowed: GET api | dfirtrack |
| 619983553b0b2bfe | GET /api/taskstatus/ all objects, allowed: GET api | dfirtrack |
| 94a5280e17dc63a8 | GET /api/taskstatus/{taskstatus_id}/ single object, allowed: GET api | dfirtrack |
| 5e29a090d0bc929d | POST /api/token-auth/ api | dfirtrack |
| 3dba4e5cf531a3b5 | GET /streams/{streamId}/destinations/filters Get available filters for stream | graylog2 |
| f7d0e68546f4f749 | POST /streams/{streamId}/destinations/filters Create new filter rule for stream | graylog2 |
| fec4e3997b6988d6 | GET /streams/{streamId}/destinations/target/{targetId}/filters Get available filters for stream and target | graylog2 |
| 9b7e4007ba40ae26 | GET /streams/{streamId}/destinations/filters/{filterId} Get stream destination filter | graylog2 |
| 470c8793f306c8bf | PUT /streams/{streamId}/destinations/filters/{filterId} Update stream destination filter | graylog2 |
| c4618c68a614c47c | DELETE /streams/{streamId}/destinations/filters/{filterId} Delete stream destination filter | graylog2 |
| 13cbd650f3565ac8 | GET /streams/destinations/filters/builder/conditions Return available conditions | graylog2 |
| 983b64677eac760b | POST /streams/destinations/filters/builder/validate Validates the given rule builder | graylog2 |
| 872a0c769d2da831 | POST /streams/destinations/filters/builder/simulate Run the simulator for the given rule and message | graylog2 |
| 91c4725e62d38ae2 | Artifact: Network.ExternalIpAddress Author: Category: Network Identifies the external IP address of the endpoint using an external web service. | velociraptor |
| c95c3ce16e303200 | Artifact: Reporting.Default Author: Category: Reporting A default template for HTML export. This template will be used to host HTML exports such as the notebook and the reporting templates.… | velociraptor |
| 0d52c2e2a7349c04 | Artifact: Notebooks.Timelines Author: Category: Notebooks The notebook creates a default Super-Timeline. Timelines are used to visualize time series data from other collections in the same place.… | velociraptor |
| ad6fe12a74db6242 | Artifact: Notebooks.Demo Author: Category: Notebooks A notebook demonstrating features of notebooks | velociraptor |
| 0c110b0e42c26567 | Artifact: Server.Utils.Clients Author: Category: Notebooks View detailed client informations This template will create an interactive notebook that allows more refined inspection of clients. | velociraptor |
| bab79044808ae224 | Artifact: Notebooks.VQLx2 Author: Category: Notebooks A notebook initialized with 2 VQL cells | velociraptor |
| 10fb5918824dad92 | Artifact: Notebooks.Default Author: Category: Notebooks A default notebook. | velociraptor |
| 717091229cae1c7e | Artifact: Linux.Mounts Author: Category: Linux List mounted filesystems by reading /proc/mounts | velociraptor |
| 18316048c13f826e | Artifact: Windows.Persistence.Wow64cpu Author: Matt Green - @mgreen27 Category: Windows Checks for wow64cpu.dll replacement Autorun in Windows… | velociraptor |
| 2fa843647d772fd8 | Artifact: Windows.Persistence.PowershellRegistry Author: Category: Windows A common method of persistence is to install a hook into a user profile registry hive, using PowerShell. When the user logs… | velociraptor |
| 853a3977a0e1489b | Artifact: Windows.Persistence.Debug Author: Category: Windows Windows allows specific configuration of various executables via a registry key. Some keys allow defining a debugger to attach to… | velociraptor |
| c11606f0dddfe223 | Artifact: Windows.Persistence.PermanentWMIEvents Author: Matt Green - @mgreen27 Category: Windows This artifact reports currently deployed permanent WMI Event Consumers. The artifact collects Binding… | velociraptor |
| 245543d13dbb8d25 | Artifact: Windows.Persistence.PowershellProfile Author: Matt Green - @mgreen27 Category: Windows This Artifact will search and parse PowerShell profile scripts. PowerShell supports several profiles… | velociraptor |
| 905f50fadfffc9d5 | Artifact: Windows.Forensics.JumpLists Author: Category: Windows The automaticdestinations jumplist is an OLE2 container containing LNK files as individual streams | velociraptor |
| fa96f20a7b8577d8 | Artifact: Windows.Forensics.Shellbags Author: Category: Windows Windows uses the Shellbag keys to store user preferences for GUI folder display within Windows Explorer. This artifact uses the raw… | velociraptor |
| 4734281937544252 | Artifact: Windows.Forensics.UserAccessLogs Author: Category: Windows Parse and collect the SUM database UAL is a feature that can help server administrators quantify the number of unique client… | velociraptor |
| d01dd8921a154a50 | Artifact: Windows.Forensics.BulkExtractor Author: Matt Green - @mgreen27 Category: Windows This content will execute bulk_extractor with record carving plugins from 4n6ist. Initially developed to… | velociraptor |
| 1ea5ecc0e6852fd0 | Artifact: Windows.Forensics.Usn Author: Category: Windows This artifact parses the NTFS USN journal and allows filters to assist investigative workflow. NTFS is a journal filesystem. This means… | velociraptor |
| d67b557daa6adab2 | Artifact: Windows.Forensics.Timeline Author: Category: Windows Win10 records recently used applications and files in a “timeline” accessible via the “WIN+TAB” key. The data is recorded in a… | velociraptor |
| 9ba65dd926e2f0de | Artifact: Windows.Forensics.NotepadParser Author: ogmini https://ogmini.github.io/ and Mike Cohen Category: Windows Parse the Windows 11 Notepad state files. Based on the research work published by… | velociraptor |
| 25cce37210f63404 | Artifact: Windows.Forensics.FilenameSearch Author: Category: Windows Did a specific file exist on this machine in the past or does it still exist on this machine? This common question comes up… | velociraptor |
| 0a38c4403c96920c | Artifact: Windows.Forensics.RDPCache Author: Matt Green - @mgreen27 Category: Windows This artifact parses, views and enables simplified upload of RDP cache files. By default the artifact will parse… | velociraptor |
| 70995cce40fb9362 | Artifact: Windows.Forensics.SAM Author: Category: Windows Parses user account information from the SAM hive. Based on Omer Yampel's parser | velociraptor |
| f5fc942ef78a0cbb | Artifact: Windows.Forensics.RecycleBin Author: Zach Stanford - @svch0st Category: Windows This artifact will parse the `$I` files found in the `$Recycle.Bin` folder to obtain the time of deletion and… | velociraptor |
| b3a166fea0642a26 | Artifact: Windows.Forensics.SolarwindsSunburst Author: Wes Lambert - @therealwlambert Category: Windows "SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the… | velociraptor |
| a36ecdb6e4549414 | Artifact: Windows.Forensics.PartitionTable Author: Category: Windows Parses the raw disk for partition tables. This artifact also applies a magic() check to indicate the type of partitions found.… | velociraptor |
| 8432e8db663e72ca | Artifact: Windows.Forensics.Prefetch Author: Category: Windows Windows keeps a cache of prefetch files. When an executable is run, the system records properties about the executable to make it… | velociraptor |
| 14fdf1c1f5273fdc | Artifact: Windows.Forensics.UEFI Author: Matt Green - @mgreen27 Category: Windows This artifact enables disk analysis over an EFI System Partition (ESP). The artifact queries the specified physical… | velociraptor |
| d5a249a91a2b59d5 | Artifact: Windows.Forensics.CertUtil Author: Category: Windows The Windows Certutil binary is capable of downloading arbitrary files. Attackers typically use it to fetch tools undetected when using… | velociraptor |
| 6f1d4ee7a65dc4af | Artifact: Windows.Forensics.Pst Author: Category: Windows Parses PST files. | velociraptor |
| 71aeacb716ed9f3b | Artifact: Windows.Forensics.SRUM Author: Category: Windows Process the SRUM database. | velociraptor |
| 837ade083954d604 | Artifact: Windows.Forensics.RecentApps Author: Category: Windows GUI Program execution launched on the Win10 system is tracked in the RecentApps key. NOTE: This artifact is available up from… | velociraptor |
| fbd9a9040111c4a9 | Artifact: Windows.Forensics.Lnk Author: Matt Green - @mgreen27 Category: Windows This artifact parses LNK shortcut files. A LNK file is a type of Shell Item that serves as a shortcut or reference to… | velociraptor |
| 7c78efea75bb3e17 | Artifact: Windows.Forensics.Bam Author: Category: Windows The Background Activity Moderator (BAM) is a Windows service that Controls activity of background applications. This service exists in… | velociraptor |
| 6fd70703a6bbdb78 | Artifact: Windows.Forensics.Amcache Author: Matthieu Chatelan, Yann Malherbe Category: Windows The Amcache.hve is a registry artifact that stores metadata used by the OS’s application compatibility… | velociraptor |
| 58b1a0cfd4d9b4a5 | Artifact: Windows.Collectors.Remapping Author: Category: Windows Calculates a remapping config for a collection container (zip). The remapping allows Velociraptor to treat the collection container… | velociraptor |
| 95b9f743495bdd2d | Artifact: Windows.Carving.CobaltStrike Author: Matt Green - @mgreen27 Category: Windows This artifact extracts Cobalt Strike configuration from a byte stream, process or file on disk such as a… | velociraptor |