API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| 226439ffabe2117c | VQL Plugin: logging Category: server Watch the logs emitted by the server. | velociraptor-vql |
| 208962716f4ac623 | VQL Plugin: logscale_upload Category: general Upload rows to LogScale ingestion server. | velociraptor-vql |
| b5faee0810e33289 | VQL Function: lookupSID Category: windows Get information about the SID. | velociraptor-vql |
| fc5f39872c28e385 | VQL Function: lowcase Category: popular Returns the lowercase version of a string. | velociraptor-vql |
| 6f64df06d2086dfa | VQL Function: lru Category: general Creates an LRU object A LRU is like a dict, except that older items are expired. It is useful to creating running lookup values without exceeding… | velociraptor-vql |
| 364833b5f7d90b98 | VQL Function: lzxpress_decompress Category: encode Decompress an lzxpress blob. This function is most useful when decoding prefetch files. | velociraptor-vql |
| 462c278830b23d95 | VQL Function: magic Category: general Identify a file using magic rules. Magic rules are designed to identify a file based on a sequence of tests. They are a great way of quickly triaging a file… | velociraptor-vql |
| b8b92139c3340042 | VQL Function: mail Category: general Send Email to a remote server. This function will send an email to a remote SMTP server. The mail will be sent using SMTP with TLS and authentication. Mails… | velociraptor-vql |
| 34efdf8aa74c854e | VQL Plugin: mail Category: server Send Email to a remote server. See the mail() function for more details. | velociraptor-vql |
| 0c7b3e899ae98093 | VQL Function: max Category: general Finds the largest item in the aggregate. It is only meaningful in a group by query. ### Example The following query lists all the processes and shows the… | velociraptor-vql |
| a73f24c6a3b8ce53 | VQL Accessor: me Category: general Access files bundled inside the Velociraptor binary itself. The `me` accessor is used to retrieve files packed inside the Velociraptor binary (for example in the… | velociraptor-vql |
| 82a998f51072e1f5 | VQL Function: memoize Category: popular Memoize a query into memory. Memoizing a query means to cache the results of the query so they can be accessed quickly. Consider the following… | velociraptor-vql |
| a74886464cdb20e8 | VQL Accessor: mft Category: general The `mft` accessor is used to access arbitrary MFT streams as files. The filename is taken as an MFT inode number in the form `<entry_id>-<stream_type>-<id>`,… | velociraptor-vql |
| 8051597a841457a8 | VQL Function: min Category: general Finds the smallest item in the aggregate. It is only meaningful in a group by query. ### Example The following query lists all the processes and shows the… | velociraptor-vql |
| 671b9c38fb97123f | VQL Function: mock Category: developer Mock a plugin. | velociraptor-vql |
| 1a0c3fc18afb26f1 | VQL Function: mock_check Category: developer Check expectations on a mock. | velociraptor-vql |
| 3b5c984bf6a381d1 | VQL Function: mock_clear Category: developer Resets all mocks. | velociraptor-vql |
| 3f0d48b3f16661af | VQL Function: mock_replay Category: developer Replay recorded calls on a mock. | velociraptor-vql |
| 5bd8a0fb6a307c9f | VQL Plugin: modules Category: windows Enumerate Loaded DLLs. | velociraptor-vql |
| 775494a152aef5d7 | VQL Plugin: monitoring Category: server Extract monitoring log from a client. | velociraptor-vql |
| fd3da964cc742c35 | VQL Plugin: monitoring_logs Category: server Retrieve log messages from client event monitoring for the specified client id and artifact | velociraptor-vql |
| 2dfc9042ac943bcb | VQL Accessor: mscfb Category: general Parse a MSCFB file as an archive. | velociraptor-vql |
| 8b54ea3ff288b4c2 | VQL Plugin: netcat Category: general Make a tcp connection and read data from a socket. | velociraptor-vql |
| dda0fef9be9d34ec | VQL Plugin: netstat Category: popular Collect network information. | velociraptor-vql |
| 72c2ca6546d6198a | VQL Function: notebook_create Category: server Create a new notebook. | velociraptor-vql |
| de29ec987b3c857a | VQL Plugin: notebook_delete Category: server Delete a notebook with all its cells. | velociraptor-vql |
| 1bbca365b207e939 | VQL Function: notebook_export Category: server Exports a notebook to a zip file or HTML. | velociraptor-vql |
| 022d4085a2ec6e2a | VQL Function: notebook_get Category: server Get a notebook. | velociraptor-vql |
| ee8ce1bc56ba7c30 | VQL Function: notebook_update Category: server Update a notebook metadata. | velociraptor-vql |
| 91c445bf8dc9ce2e | VQL Function: notebook_update_cell Category: server Update a notebook cell. | velociraptor-vql |
| 03e5244babb834f9 | VQL Plugin: notebooks Category: general List all notebooks | velociraptor-vql |
| a13966b9ed612ddf | VQL Function: now Category: popular Returns the current time in seconds since epoch. Note that an integer value is returned, not a timestamp. Typically this function is used together with the… | velociraptor-vql |
| 4a91589f249d55ee | VQL Accessor: ntfs Category: general Access the NTFS filesystem by parsing NTFS structures. This accessor uses an NTFS parser to present the content of the NTFS filesystem as a simple filesystem. It… | velociraptor-vql |
| 484ba868c69d6d7f | VQL Accessor: ntfs_vss Category: general Access the NTFS filesystem by considering all VSS. This accessor considers all Volume Shadow Copies available on the system to deduplicate all files which… | velociraptor-vql |
| 0566b29f80ee6de6 | VQL Accessor: offset Category: general Allow reading another file from a specific offset. The filename is taken as an offset into the delegate. ### Example ```vql SELECT… | velociraptor-vql |
| 3ed6ba9ac8306a96 | VQL Plugin: olevba Category: parsers Extracts VBA Macros from Office documents. This plugin parses the provided files as OLE documents in order to recover VB macro code. A single document can have… | velociraptor-vql |
| b3ca0f5a8092c130 | VQL Function: org Category: server Return the details of the current org. | velociraptor-vql |
| d5e657abfe402d58 | VQL Function: org_create Category: server Creates a new organization. | velociraptor-vql |
| 3047c269d80a6725 | VQL Function: org_delete Category: server Deletes an Org from the server. | velociraptor-vql |
| d726cb94be102b9e | VQL Plugin: orgs Category: server Retrieve the list of orgs on this server. | velociraptor-vql |
| a93652ef583c7d97 | VQL Accessor: overlay Category: general Merges several paths into a single path. This accessor allows an overlay of several other paths as possible prefixes. For example consider the following base… | velociraptor-vql |
| 0cb49bbc2c81925c | VQL Plugin: panic Category: developer Crash the program with a panic! | velociraptor-vql |
| 919e3f1c9ffa666a | VQL Plugin: parallelize Category: server Runs query on result batches in parallel. Normally the source() plugin reads result sets from disk in series. This is fine when the result set is not too… | velociraptor-vql |
| f623eca4dca93fdf | VQL Plugin: parse_auditd Category: parsers Parse log files generated by auditd. | velociraptor-vql |
| 9f24a3d5d6a7e7d9 | VQL Function: parse_binary Category: parsers Parse a binary file into a data structure using a profile. This plugin extract binary data from strings. It works by applying a profile to the binary… | velociraptor-vql |
| 5ad5c27b1e26f7fd | VQL Plugin: parse_csv Category: parsers Parses events from a CSV file. Parses records from a CSV file. We expect the first row of the CSV file to contain column names. This parser specifically… | velociraptor-vql |
| 9b78f34aaa1d4fcc | VQL Plugin: parse_ese Category: parsers Opens an ESE file and dump a table. | velociraptor-vql |
| 269c6dc32dcdb281 | VQL Plugin: parse_ese_catalog Category: parsers Opens an ESE file and dump the schema. | velociraptor-vql |
| f40a9771111df227 | VQL Plugin: parse_evtx Category: parsers Parses events from an EVTX file. This plugin parses windows events from the Windows Event log files (EVTX). A windows event typically contains two columns.… | velociraptor-vql |
| a5259f33062b3338 | VQL Function: parse_float Category: parsers Convert a string to a float. | velociraptor-vql |