API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| c3ac56e17da1d4ec | VQL Plugin: artifact_definitions Category: server Dump artifact definitions from the internal repository. | velociraptor-vql |
| 88153ce97b8fa3f1 | VQL Function: artifact_delete Category: server Deletes an artifact from the global repository. | velociraptor-vql |
| 1cdd5721d01ae78f | VQL Function: artifact_set Category: server Sets an artifact into the global repository. | velociraptor-vql |
| 532f53e20c5952be | VQL Function: artifact_set_metadata Category: server Sets metadata about the artifact. This VQL function is used to clean up the artifact search screen and guide users to assist with… | velociraptor-vql |
| 4db1a4eeaad4de7a | VQL Function: atexit Category: general Install a query to run when the query is unwound. This is used to clean up when the query ends. ### Example ```vql LET _ <= atexit(query={ SELECT… | velociraptor-vql |
| fa17281b29da770f | VQL Function: atoi Category: popular Convert a string to an integer. The string may begin with a sign ("+" or "-") and a prefix indicating a base: "0b" for base2 , "0" or "0o" for base8, "0x" for… | velociraptor-vql |
| 42d30ee9f0cef559 | VQL Plugin: audit Category: linux Register as an audit daemon in the kernel. On Linux the audit subsystem provides real time information about kernel auditable events. This plugin registers as a… | velociraptor-vql |
| 13a205f14929ef99 | VQL Function: authenticode Category: windows Parses authenticode information from PE files. On windows, the function will also use the windows API to determine if the binary is trusted by the… | velociraptor-vql |
| 385419d840f4d30e | VQL Accessor: auto Category: general Access the file using the best accessor possible. The `auto` accessor is the default accessor that is used when a VQL query does not specify an `accessor`… | velociraptor-vql |
| 9b55d2fd3d7effb8 | VQL Function: background Category: general Run a query in the background. All output from the query is discarded. The query will not wait for the background thread to exit - instead the background… | velociraptor-vql |
| 41506885ec9d4b6d | VQL Plugin: backup Category: server Generates a backup file. | velociraptor-vql |
| 7be49fc5ab63c90b | VQL Plugin: backup_restore Category: server Restore state from a backup file. Note that the backups file can only reside in the file store under the `<filestor>/backups` directory. | velociraptor-vql |
| 91ca15500ef4957a | VQL Function: base64decode Category: encode Decodes a base64 encoded string. | velociraptor-vql |
| dc2facae63caf93f | VQL Function: base64encode Category: encode Encodes a string into base64. | velociraptor-vql |
| 4a84c255fdcea9fe | VQL Function: base85decode Category: encode Decode a base85 encoded string. | velociraptor-vql |
| 5edcaab5577e314b | VQL Function: basename Category: popular Return the basename of the path. ### Example ```vql basename(path="/foo/bar") -> "bar" ``` ### See also - [dirname]({{< ref… | velociraptor-vql |
| fc5c6649f53f9c05 | VQL Plugin: batch Category: general Batches query rows into multiple arrays. This is useful for batching multiple rows from a query into another query, such as sending results to an API… | velociraptor-vql |
| bae1eee135a3ad66 | VQL Accessor: bzip2 Category: general Access the content of bzip2 files. The bzip2 accessor is able to read the content of `bz2` compressed files. It is very similar to the `gzip` accessor. Since… | velociraptor-vql |
| 8b6636f864adefc1 | VQL Function: cache Category: general Creates a cache object. A Cache is a data structure which is used to speed up calculating data by keeping its value in memory. A cache is essentially a… | velociraptor-vql |
| 299d3a2ac9ab38be | VQL Function: cache_dns Category: general Add a DNS record to the cache.. | velociraptor-vql |
| bc4b357ceb29bc0f | VQL Function: cancel_flow Category: server Cancels the flow. This sends the client an immediate cancellation message and stops the flow. It also removes any outstanding requests for the client if… | velociraptor-vql |
| 130edaf6144cb97b | VQL Plugin: carve_usn Category: parsers Carve for the USN journal entries from a device. In practice the USN journal is set to roll over fairly quickly (default size is usually 32Mb). On busy… | velociraptor-vql |
| 852cc89773794635 | VQL Plugin: cat Category: general Read files in chunks. This is mostly useful for character devices on Linux or special files which can not be read in blocks. | velociraptor-vql |
| 13ea2bf3e70f1c26 | VQL Plugin: certificates Category: windows Collect certificate from the system trust store. This plugin uses the Windows APIs to fetch the certificates. You might also want to look at the… | velociraptor-vql |
| 5766cfa5a714f0e4 | VQL Plugin: chain Category: popular Chain the output of several queries into the same table. This plugin takes a number of queries and joins their output into the same table. You can provide the… | velociraptor-vql |
| 76afb0df03d86166 | VQL Function: cidr_contains Category: general Calculates if an IP address falls within a range of CIDR specified networks. ### Example ```vql SELECT cidr_contains(ip="192.168.0.132", … | velociraptor-vql |
| 41e2b14f45cb0ebc | VQL Function: client_create Category: server Create a new client in the data store. | velociraptor-vql |
| 2374365383e201d3 | VQL Plugin: client_delete Category: server Delete all information related to a client from the filestore. | velociraptor-vql |
| bd4d5ad8d739217c | VQL Function: client_info Category: server Returns client info (like the fqdn) for a specific client from the datastore. You can use this function to enrich information about clients in VQL… | velociraptor-vql |
| cf79a9ecb356730d | VQL Function: client_metadata Category: server Returns client metadata from the datastore. Client metadata is a set of free form key/value data. Artifacts may use this metadata or it may simply be… | velociraptor-vql |
| 21ded74a308279b3 | VQL Function: client_set_metadata Category: server Sets client metadata. Client metadata is a set of free form key-value pairs, i.e. a dict. When updating metadata the result is the same as adding… | velociraptor-vql |
| 0d174fcd5af3c0a2 | VQL Plugin: clients Category: server Returns client info for one or more clients from the datastore. This plugin is typically used when needing to iterate of the list of clients. The `search`… | velociraptor-vql |
| d0e34c079faa6ca6 | VQL Plugin: clock Category: event Generate a timestamp periodically. This is mostly useful for event queries. This plugin generates events periodically. The periodicity can be controlled either via… | velociraptor-vql |
| 15774b420e6048b5 | VQL Plugin: collect Category: general Collect artifacts into a local file. This plugin is essentially the same as the `velociraptor artifacts collect --output file.zip` command. It will collect the… | velociraptor-vql |
| 5f1a072b463893c9 | VQL Function: collect_client Category: server Launch an artifact collection against a client. If the client_id is "server" then the collection occurs on the server itself. In that case the caller… | velociraptor-vql |
| 7919bf4af66e4b2d | VQL Accessor: collector Category: general Open a collector zip file as if it was a directory - automatically expand sparse files. Open an offline collector zip file as if it was a directory. This is… | velociraptor-vql |
| 43ed50819ee1265c | VQL Accessor: collector_sparse Category: general Open a collector zip file as if it was a directory. Same as the `collector` accessor but does not expand sparse files. | velociraptor-vql |
| 9b2b24131136019a | VQL Plugin: column_filter Category: popular Select columns from another query using regex. Sometimes a query produces a large number of columns or unpredictable column names (e.g. the… | velociraptor-vql |
| 8052436e46975947 | VQL Plugin: combine Category: general Combine the output of several queries into the same result set. A convenience plugin acting like chain(async=TRUE). | velociraptor-vql |
| b0abceed6fea8bb5 | VQL Function: commandline_split Category: parsers Split a commandline into separate components following the windows conventions. ### Example ```vql SELECT … | velociraptor-vql |
| f9622caadb75b2c2 | VQL Function: compress Category: encode Compress a file using GZip. The file is compressed using gzip. You can change the location of the output using the output parameter. Note that output is a… | velociraptor-vql |
| 632a747682409a14 | VQL Plugin: connections Category: linux List all active connections | velociraptor-vql |
| a3b152b0ed6df653 | VQL Function: copy Category: general Copy a file. The source file can use any accessor - for example one can copy the $MFT using the ntfs accessor to a regular file. Another example is to extract a… | velociraptor-vql |
| 30144be6d08c1501 | VQL Function: count Category: popular Counts the items. This function is an aggregation function that counts the number of times it is evaluated per group by context. It is useful in a GROUP BY… | velociraptor-vql |
| 778b59c7ea83908e | VQL Function: create_flow_download Category: server Creates a download pack for the flow. This function initiates the download creation process for a flow. It is equivalent to the GUI functionality… | velociraptor-vql |
| 3a4d843f97a77c12 | VQL Function: create_hunt_download Category: server Creates a download pack for a hunt. This function initiates the download creation process for a hunt. It is equivalent to the GUI functionality… | velociraptor-vql |
| 7d0319edc3d16c57 | VQL Function: create_notebook_download Category: server Creates a notebook export zip file. | velociraptor-vql |
| bb991b41c3096ac7 | VQL Function: crypto_rc4 Category: encode Apply rc4 to the string and key. | velociraptor-vql |
| 32fce06bf43130f2 | VQL Accessor: data Category: general Makes a string appears as an in-memory file. This accessor is useful to allow plugins that normally accept files to also accept a plain string. VQL contains many… | velociraptor-vql |
| 8837d0b4724df26a | VQL Plugin: deb_create Category: server Create a deployable Debian package for client or server. | velociraptor-vql |