API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| 4ed800708fe16361 | VQL Accessor: pst Category: general An accessor to open attachments in PST files. This accessor allows opening of attachments for scanning or reading. The OSPath used is structured in the form: { … | velociraptor-vql |
| 256305822c751258 | VQL Plugin: query Category: server Evaluate a VQL query. This plugin is useful for evaluating a query in a different environment or context, or turning a string into a query. The query provided by… | velociraptor-vql |
| 062ac0aafda678dd | VQL Function: rand Category: general Selects a random number. | velociraptor-vql |
| 19b8b14f8baf579c | VQL Plugin: range Category: popular Iterate over range. | velociraptor-vql |
| 5b9f3bc3a27ba40f | VQL Accessor: ranged Category: general Reconstruct sparse files from idx and base | velociraptor-vql |
| 25f404b0dbce68a8 | VQL Function: rate Category: general Calculates the rate (derivative) between two quantities. For example if a monitoring plugin returns an absolute value sampled in time (e.g. bytes transferred… | velociraptor-vql |
| c75697fa74e96a30 | VQL Accessor: raw_ext4 Category: general Access the Ext4 filesystem inside an image by parsing the image. This accessor is designed to operate on images directly. It requires a delegate accessor to… | velociraptor-vql |
| 2281f5b1dd0b38df | VQL Accessor: raw_file Category: general Access the filesystem using the OS API. This accessor allows to read raw devices. On Windows, raw files need to be read in aligned page size. This accessor… | velociraptor-vql |
| 56837e15422bce7e | VQL Accessor: raw_ntfs Category: general Access the NTFS filesystem inside an image by parsing NTFS. This accessor is designed to operate on images directly. It requires a delegate accessor to get… | velociraptor-vql |
| 50c2723a8c23395a | VQL Accessor: raw_reg Category: general Access keys and values by parsing a raw registry hive. Path is a OSPath having delegate opening the raw registry hive. For example we can search the raw… | velociraptor-vql |
| 4c90f382cfb51bd8 | VQL Plugin: read_crypto_file Category: general Read a previously stored encrypted local storage file. | velociraptor-vql |
| 2bc1759c1601ab33 | VQL Function: read_file Category: popular Read a file into a string. | velociraptor-vql |
| 36bd8a0949f0c591 | VQL Plugin: read_file Category: popular Read files in chunks. This plugin reads a file in chunks and returns each chunks as a separate row. It is useful when we want to report file contents for… | velociraptor-vql |
| d4f7678666abb119 | VQL Plugin: read_reg_key Category: windows This is a convenience plugin which applies the globs to the registry accessor to find keys. For each key the plugin then lists all the values within it, and… | velociraptor-vql |
| 161715a4c8a8ee62 | VQL Function: reformat Category: general Reformat VQL This function will reformat the artifact provided and return the reformatted content. | velociraptor-vql |
| 76becf607194a66e | VQL Accessor: reg Category: general An alias for the `registry` accessor, which accesses the registry using the OS APIs. Please see [the registry accessor]({{< ref… | velociraptor-vql |
| 3046af01ceb3e04e | VQL Function: reg_rm_key Category: windows Removes a key and all its values from the registry. | velociraptor-vql |
| 21957871bcf05b35 | VQL Function: reg_rm_value Category: windows Removes a value in the registry. | velociraptor-vql |
| 6eca16f83471a615 | VQL Function: reg_set_value Category: windows Set a value in the registry. | velociraptor-vql |
| 9b9af76310f73d77 | VQL Function: regex_replace Category: parsers Search and replace a string with a regexp. Note you can use $1 to replace the capture string. | velociraptor-vql |
| 7bf22fb26cfad683 | VQL Function: regex_transform Category: popular Search and replace a string with multiple regex. Note you can use $1 to replace the capture string. ```vql SELECT regex_transform(source="Hello… | velociraptor-vql |
| f0e49f9ecc78818b | VQL Accessor: registry Category: general Access the registry like a filesystem using the OS APIs. The top level path component is a list of the common hives (e.g. `HKEY_USERS`). The accessor creates… | velociraptor-vql |
| 4979d389f96f464d | VQL Function: rekey Category: general Causes the client to rekey and regenerate a new client ID. DANGEROUS! This will change the client's identity and it will appear as a new client in the GUI. | velociraptor-vql |
| 8ef0b762c70da7fe | VQL Function: relpath Category: parsers Return the relative path of . | velociraptor-vql |
| 210d233d236533b7 | VQL Function: remap Category: general Apply a remapping configuration to the root scope. | velociraptor-vql |
| 3369868011597a10 | VQL Function: repack Category: server Repack and upload a repacked binary or MSI to the server. | velociraptor-vql |
| 7b85540282a6ccb5 | VQL Function: rm Category: general Remove a file from the filesystem using the API. | velociraptor-vql |
| 9359a0a790e85104 | VQL Function: rm_client_monitoring Category: server Remove an artifact from the client monitoring table. | velociraptor-vql |
| 5be97bab9ddf04ed | VQL Function: rm_server_monitoring Category: server Remove an artifact from the server monitoring table. | velociraptor-vql |
| 0e70aa8751b6ba1d | VQL Function: rot13 Category: encode Apply rot13 deobfuscation to the string. | velociraptor-vql |
| 0883910d60da5728 | VQL Plugin: rpm_create Category: server Create a deployable RPM package for client or server. | velociraptor-vql |
| 308662bc9b1834f0 | VQL Function: rsyslog Category: general Send an RFC5424 compliant remote syslog message. | velociraptor-vql |
| c17a7d562afdce57 | VQL Accessor: s3 Category: general Allows access to S3 buckets. 1. The first component is interpreted as the bucket name. 2. Provide credentials through the VQL environment variable… | velociraptor-vql |
| aabc8761d7559f63 | VQL Plugin: sample Category: general Executes 'query' and samples every n'th row. This is most useful on the server in order to downsample event artifact results. | velociraptor-vql |
| 0077ce984a96cf61 | VQL Accessor: scope Category: general Present the content of a scope variable as a file. Similar to the `data` accessor, this makes a string appears as the file contents. However, instead of the… | velociraptor-vql |
| 604924428426603c | VQL Function: scope Category: popular return the scope. | velociraptor-vql |
| 38d5a86eb1697572 | VQL Plugin: scope Category: popular The scope plugin returns the current scope as a single row. The main use for this plugin is as a NOOP plugin in those cases we don't want to actually run… | velociraptor-vql |
| a03f70a94804c8b7 | VQL Function: secret_add Category: server Add a new secret | velociraptor-vql |
| 17b9c31fdd711702 | VQL Function: secret_modify Category: server Modify the secret This function allows you to programmatically modify the secret metadata. For example, assign the secrets to certain users,… | velociraptor-vql |
| d36aade17b452239 | VQL Plugin: secrets Category: server Retrieve the list of secrets on the server. | velociraptor-vql |
| fe4614aa175005d3 | VQL Function: semver Category: general Parse a semantic version string. | velociraptor-vql |
| a3916c154d269c4b | VQL Function: send_event Category: server Sends an event to a server event monitoring queue. This is used to send an event to a waiting server event monitoring artifact (either as a VQL query… | velociraptor-vql |
| 21fc6518a8a3c1a1 | VQL Plugin: sequence Category: experimental Combines the output of many queries into an in memory fifo. After each row is received from any subquery runs the query specified in the 'query' parameter… | velociraptor-vql |
| 4e4b152d649c0a80 | VQL Function: serialize Category: general Encode an object as a string. Several serialization formats are supported. The default format, if not specified, is "json". ### Notes This function is… | velociraptor-vql |
| 5c5f89d8a2544407 | VQL Function: server_frontend_cert Category: server Get Server Frontend Certificate | velociraptor-vql |
| 90f680faf8747427 | VQL Function: server_metadata Category: server Returns server metadata from the datastore. Server metadata is a set of free form key/value data | velociraptor-vql |
| ab71754323eb6f1e | VQL Function: server_set_metadata Category: server Sets server metadata. Server metadata is a set of free form key/value data, usually used for configuration of artifacts. For existing keys, the… | velociraptor-vql |
| 6267764e8d5a2821 | VQL Function: set Category: popular Sets the member field of the item. If item is omitted sets the scope. ### See also - [get]({{< ref "/vql_reference/popular/get/" >}}): Gets the member field… | velociraptor-vql |
| a33b5eb8450d9e1b | VQL Function: set_client_monitoring Category: server Sets the current client monitoring state. | velociraptor-vql |
| b1aa31fe96633fa3 | VQL Function: set_server_monitoring Category: server Sets the current server monitoring state. | velociraptor-vql |