API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| 8439618e3b542593 | VQL Function: get_server_monitoring Category: server Retrieve the current server monitoring state. See `get_client_monitoring()` | velociraptor-vql |
| 2bf5f1269028087d | VQL Function: getpid Category: general Returns the current pid of the Velociraptor process. This is typically used to exclude analysis from our own process. | velociraptor-vql |
| 2c4d7c7c0c6d2fa1 | VQL Plugin: glob Category: popular Retrieve files based on a list of glob expressions The `glob()` plugin is one of the most used plugins. It applies a glob expression in order to search for files… | velociraptor-vql |
| 06ec635069fae6f0 | VQL Function: grok Category: parsers Parse a string using a Grok expression. This is most useful for parsing syslog style logs (e.g. IIS, Apache logs). You can read more about GROK expressions… | velociraptor-vql |
| 51a4d2e55cf1e9fb | VQL Plugin: gui_users Category: server Retrieve the list of users on the server. | velociraptor-vql |
| bdb40494073071b8 | VQL Function: gunzip Category: encode Uncompress a gzip-compressed block of data. ### Example ```vql gunzip(string=base64decode(string="H4sIAAAAAAACA3N0pC4AAKAb0QxQAAAA")) ->… | velociraptor-vql |
| 44e980fc62633fee | VQL Accessor: gzip Category: general Access the content of gzip files. The filename is a pathspec with a delegate accessor opening the actual gzip file. Since `gzip` compressed files do not have an… | velociraptor-vql |
| 456fce27309bfd1e | VQL Plugin: handles Category: windows Enumerate process handles. | velociraptor-vql |
| f0bbbe82e5a26d22 | VQL Function: hash Category: encode Calculate the hash of a file. This function calculates the MD5, SHA1 and SHA256 hashes of the file. | velociraptor-vql |
| 68f918e7780ed635 | VQL Plugin: help Category: general Dump information about all VQL functions and plugins. | velociraptor-vql |
| ecbd7d88ccc8259f | VQL Function: host Category: general Perform a DNS resolution. This function allows DNS to be resolved from within VQL. You can use the regular system resolver (for example on windows will… | velociraptor-vql |
| 23ba1f2957c54200 | VQL Plugin: http_client Category: popular Make a http request. This plugin makes a HTTP connection using the specified method. The headers and parameters may be specified. The plugin reads… | velociraptor-vql |
| dfa00bf126217975 | VQL Function: humanize Category: popular Format items in human readable way. Formats a byte count in human readable way (e.g. Mb, Gb etc). | velociraptor-vql |
| 0c48a88e7acbfe75 | VQL Function: hunt Category: server Create and launch a hunt. This function will create a new hunt to collect the specified artifacts. The artifacts to collect are provided in the `artifacts`… | velociraptor-vql |
| bfef516c88928da3 | VQL Function: hunt_add Category: server Assign a client to a hunt. This function allows a client to be added to a hunt. The client will be immediately scheduled and the results will be added to… | velociraptor-vql |
| a629c6a6fcb84184 | VQL Plugin: hunt_delete Category: server Delete a hunt. | velociraptor-vql |
| 95e93c59d4706a4b | VQL Plugin: hunt_flows Category: server Retrieve the flows launched by a hunt. A Velociraptor hunt is just a collection of related flows. This plugin simply enumerates all the flows as part of this… | velociraptor-vql |
| 595fe4fe1024d6bf | VQL Function: hunt_info Category: server Retrieve the hunt information. This function is a convenience function to the full hunts() plugin, and can retrieve the hunt information for a specific… | velociraptor-vql |
| ae0256d9d67d02ef | VQL Plugin: hunt_reindex Category: general Reindex a hunt. This is sometimes necessary if hunt overview stats are incorrect. This plugin will walk all hunt flows and re-tally all the stats to reset… | velociraptor-vql |
| 56246dba28e38696 | VQL Plugin: hunt_results Category: server Retrieve the results of a hunt. This plugin essentially iterates over all flows in the hunt and reads out all collected rows for each client in the same… | velociraptor-vql |
| 44ae839fcafbd3c0 | VQL Function: hunt_update Category: server Update a hunt. | velociraptor-vql |
| 2614dba026dd7688 | VQL Plugin: hunts Category: server Retrieve the list of hunts. | velociraptor-vql |
| 0963d0f21f683294 | VQL Function: if Category: popular Conditional execution of query This function evaluates a condition. Note that the values used in the `then` or `else` clause are evaluated lazily. They may be… | velociraptor-vql |
| 35069fcccc48a834 | VQL Plugin: if Category: popular Conditional execution of query This function evaluates a condition. Note that the values used in the `then` or `else` clause should be queries which are evaluated… | velociraptor-vql |
| 541fab5088471121 | VQL Function: import Category: server Imports an artifact into the current scope. Importing an artifact loads the artifact's `export` section into the current scope. This only works in notebooks!… | velociraptor-vql |
| 77fa76894ed71235 | VQL Function: import_collection Category: server Imports a collection zip file . Collection zip files can be obtained from the offline collector or by creating a download of a flow or hunt in the… | velociraptor-vql |
| 6000d914fb7030ad | VQL Plugin: index Category: general Create a local index from a query. This plugin uses [Bleve](https://blevesearch.com/) to build an on-disk full text index of the query. The index can be… | velociraptor-vql |
| 1a381a8790753114 | VQL Plugin: index_search Category: general Search a previously created index. | velociraptor-vql |
| 5a0a2677ac8246cc | VQL Plugin: info Category: popular Get information about the running host. This plugin returns a single row with information about the current system. The information includes the Hostname, Uptime,… | velociraptor-vql |
| 376927f2ad7ac577 | VQL Function: int Category: popular Truncate to an integer. If provided a string, the function will try to parse it into an integer. | velociraptor-vql |
| 797909013c38dfbc | VQL Plugin: interfaces Category: windows List all active network interfaces using the API. | velociraptor-vql |
| ffee7df0453b7bf7 | VQL Plugin: inventory Category: server Retrieve the tools inventory. The inventory contains information about all the external tools Velociraptor is managing. This plugin will display… | velociraptor-vql |
| 25eb3476aaf9cac4 | VQL Function: inventory_add Category: server Add or reconfigure a tool into the inventory. Note that if you provide a file to override the tool it must be readable by the server (so the file must… | velociraptor-vql |
| c61a5f38bf50f396 | VQL Function: inventory_get Category: server Get tool info from inventory service. | velociraptor-vql |
| 63ad10ed4a1e6162 | VQL Function: ip Category: general Format an IP address. Converts an ip address encoded in various ways. If the IP address is encoded as 32 bit integer we can use netaddr4_le or netaddr4_be to print… | velociraptor-vql |
| 1f534822239fb275 | VQL Function: items Category: popular Iterate over dict members producing _key and _value columns This can be used to filter dict items by feeding the results to `to_dict()` | velociraptor-vql |
| 751dc772765d0599 | VQL Plugin: items Category: popular Enumerate all members of the item (similar to Python's items() method). This plugin allows iteration over dicts or queries. ### Iterating dicts If the item is a… | velociraptor-vql |
| 050e4fb24a0eec8f | VQL Function: join Category: popular Join all the args on a separator. Joins the array into a string separated by the sep character. | velociraptor-vql |
| 2a5ae33c4dc0a5a6 | VQL Function: js Category: experimental Compile and run javascript code. | velociraptor-vql |
| 5c712653fa2c4c43 | VQL Function: js_call Category: experimental Compile and run javascript code. | velociraptor-vql |
| 7955632bc2b68eae | VQL Function: js_get Category: experimental Get a variable's value from the JS VM. | velociraptor-vql |
| 929f1aaccb4d4778 | VQL Function: js_set Category: experimental Set a variables value in the JS VM. | velociraptor-vql |
| e7e08798114ac976 | VQL Function: killkillkill Category: server Sends a kill message to the client and forces a restart - this is very aggressive! | velociraptor-vql |
| d7cf50c5f99b5392 | VQL Function: label Category: server Add the labels to the client. If op is 'remove' then remove these labels. ### Example The following query sets the MyLabel label on all hosts that… | velociraptor-vql |
| 44d30692018254e6 | VQL Function: lazy_dict Category: general Construct a dict from arbitrary keyword args - does not materialize args so it is suitable for building args via `**` expansion. | velociraptor-vql |
| 60bbdde5e0cd8000 | VQL Accessor: lazy_ntfs Category: general Access the NTFS filesystem by parsing NTFS structures. This accessor is a variation of the `ntfs` accessor. It is a bit faster because it does not enumerate… | velociraptor-vql |
| 203a64d401a171ef | VQL Function: len Category: popular Returns the length of an object. For strings, this is the number of bytes. For arrays, this is the number of entries. For dicts, this is the number of key/value… | velociraptor-vql |
| 3f6013452f71151b | VQL Plugin: leveldb Category: parsers Enumerate all items in a level db database | velociraptor-vql |
| 4e3d309cdddaf4f6 | VQL Function: link_to Category: server Create a url linking to a particular part in the Velociraptor GUI. This function knows about how Velociraptor web app is routed internally and can help you… | velociraptor-vql |
| ba9d9cedf99c9099 | VQL Function: log Category: popular Log a message to the query log stream. Always returns TRUE. The `message` parameter represents a format string that will be expanded using the `args` parameter… | velociraptor-vql |