API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| 7dca1b101b97e4b2 | VQL Plugin: sigma Category: popular Evaluate sigma rules. For a full description of this plugin see * https://docs.velociraptor.app/blog/2023/2023-11-15-sigma_in_velociraptor/ *… | velociraptor-vql |
| cb249e368e518fdd | VQL Function: sigma_log_sources Category: general Constructs a Log sources object to be used in sigma rules. Call with args being category/product/service and values being stored queries. You may use… | velociraptor-vql |
| 4c8a24c19cb47231 | VQL Function: similarity Category: general Compare two Dicts for similarity. | velociraptor-vql |
| 139ad8d3935d8ae5 | VQL Function: sleep Category: general Sleep for the specified number of seconds. Always returns true. | velociraptor-vql |
| 278f86ceb63f6afa | VQL Function: slice Category: general Slice an array. | velociraptor-vql |
| 439d96e48532df03 | VQL Accessor: smb Category: general Access smb shares (e.g. Windows shares). This accessor is similar to the `s3` accessor in allowing access to remote network shares. The credentials are passed in… | velociraptor-vql |
| ebace9ba1e6e64fc | VQL Plugin: source Category: server Retrieve rows from an artifact's source. This plugin is mostly useful in notebooks. It attempts to do the right thing automatically by inferring many parameters… | velociraptor-vql |
| f11bfe5c276b63dc | VQL Accessor: sparse Category: general Allows reading another file by overlaying a sparse map on top of it. The map excludes reading from certain areas which are considered sparse. The resulting… | velociraptor-vql |
| 293cb30c0c60ab0e | VQL Function: split Category: popular Splits a string into an array based on a regexp separator. | velociraptor-vql |
| 9e5c33bee67659f4 | VQL Plugin: split_records Category: parsers Parses files by splitting lines into records. | velociraptor-vql |
| befe79ad6bc4228d | VQL Plugin: splunk_upload Category: general Upload rows to splunk. | velociraptor-vql |
| cf4f6805e9a03ea2 | VQL Plugin: sql Category: general Run queries against sqlite, mysql, and postgres databases | velociraptor-vql |
| 00008d020768d23f | VQL Plugin: sqlite Category: parsers Opens an SQLite file and run a query against it. | velociraptor-vql |
| a820ad1d28a422c1 | VQL Function: srum_lookup_id Category: windows Lookup a SRUM id. | velociraptor-vql |
| 881f444b18e84dcc | VQL Accessor: ssh Category: general Access a remote system's filesystem via `SSH/SFTP`. This accessor allows accessing remote systems via `SFTP/SSH`. This is useful for being able to search remote… | velociraptor-vql |
| 297e9704e421e05f | VQL Function: starl Category: parsers Compile a starlark code block - returns a module usable in VQL Starl allows python like code to be used with VQL. This helps when we need some small functions… | velociraptor-vql |
| da50603a9ad5e3fc | VQL Function: stat Category: popular Get file information. Unlike glob() this does not support wildcards. | velociraptor-vql |
| 0ef86483d8196e50 | VQL Plugin: stat Category: general Get file information. Unlike glob() this does not support wildcards. | velociraptor-vql |
| 33041e3ad9cce8e1 | VQL Function: str Category: popular Returns the string representation of the provided data ### Notes Most objects have a `.String` method that should return a similar result to the `str()`… | velociraptor-vql |
| 4124fe7f57a0ec6a | VQL Function: strip Category: general Strip prefix and/or suffix from a string If neither prefix nor suffix are provided, leading and trailing whitespace is stripped. ###… | velociraptor-vql |
| 718880c80e020b50 | VQL Function: substr Category: popular Create a substring from a string If start is not provided, the beginning of the string is used. If end is not provided, the end of the string are used. | velociraptor-vql |
| 3a27b7ecc0af33f1 | VQL Function: sum Category: general Sums the items. | velociraptor-vql |
| 55fe886ca213b624 | VQL Plugin: switch Category: popular Conditional execution of multiple queries in order Executes each query in order. If a query returns any rows, those are emitted. Any further queries are… | velociraptor-vql |
| 692d6a94fee03035 | VQL Function: sysinfo Category: linux Collect system information on Linux clients | velociraptor-vql |
| ddcf8741fb096c84 | VQL Function: tempdir Category: popular Create a temporary directory. The directory will be removed when the query ends. | velociraptor-vql |
| a8a1bf98298d366f | VQL Function: tempfile Category: popular Create a temporary file and write some data into it. The file will be automatically removed when the query completes. | velociraptor-vql |
| 48d71202d77b4355 | VQL Function: template Category: general Expand a Go style template . | velociraptor-vql |
| dee5fc73f3a1c964 | VQL Plugin: threads Category: windows Enumerate threads in a process. | velociraptor-vql |
| 0da443295efbb000 | VQL Plugin: timeline Category: server Read a timeline. You can create a timeline with the timeline_add() function | velociraptor-vql |
| 60597a9fe665718f | VQL Function: timeline_add Category: server Add a new query to a timeline. | velociraptor-vql |
| b58aceb40c6d83dd | VQL Function: timeline_delete Category: server Delete a super timeline. | velociraptor-vql |
| d9d46fd38126f96c | VQL Plugin: timelines Category: server List all timelines in a notebook | velociraptor-vql |
| e07a64c716a5dee6 | VQL Function: timestamp Category: popular Convert from different types to a time.Time. This is one of the most important functions in VQL. We need to convert timestamps very frequently from… | velociraptor-vql |
| f0efd6332bfee01d | VQL Function: timestamp_format Category: general Format a timestamp into a string. This uses the same type of format string as described https://pkg.go.dev/time#Time.Format . You can also use any of… | velociraptor-vql |
| 5a3e3d9dc34f95ef | VQL Function: tlsh_hash Category: encode Calculate the tlsh hash of a file. | velociraptor-vql |
| 5f0a5f696bafa181 | VQL Function: to_dict Category: popular Construct a dict from a query. Sometimes we need to build a dict object where both the names of the keys and their values are not known in advance - they… | velociraptor-vql |
| 8d5692e78684313c | VQL Function: token Category: windows Extract process token. | velociraptor-vql |
| c443cc3c846c5659 | VQL Function: trace Category: developer Upload a trace file. | velociraptor-vql |
| f1acd4afd89f5004 | VQL Function: typeof Category: general Print the underlying Go type of the variable. You can use any argument name. So `typeof(x=my_var)` and `typeof(fluffydinosaur=my_var)` are equivalent. Only… | velociraptor-vql |
| 1315bdf49e63a8e4 | VQL Function: unhex Category: encode Apply hex decoding to the string. A hex encoded string consists of two hex digits per byte - therefore valid hex encoded strings have an even length. For… | velociraptor-vql |
| a4e6d6593af307d3 | VQL Plugin: unzip Category: popular Unzips a file into a directory. This plugin supports a number of compression formats: 1. Zip files 2. Tar gz files. The type of the file will be detected by the… | velociraptor-vql |
| be8e566eace3cc55 | VQL Function: upcase Category: general Returns an uppercase version of the string. | velociraptor-vql |
| 0ca1b515d36bfe55 | VQL Function: upload Category: popular Upload a file to the upload service. For a Velociraptor client this will upload the file into the flow and store it in the server's file store. If Velociraptor… | velociraptor-vql |
| 4cc39840bdd5c111 | VQL Function: upload_azure Category: general Upload files to Azure Blob Storage Service. | velociraptor-vql |
| 22d0bc08185e5e1c | VQL Function: upload_directory Category: server Upload a file to an upload directory. The final filename will be the output directory path followed by the filename path. | velociraptor-vql |
| 7b941789afa0c97c | VQL Function: upload_gcs Category: general Upload files to GCS. NOTE: This plugin is optional and not included by default from Version 0.76 on. Use the `upload_s3()` plugin instead. You can read… | velociraptor-vql |
| 8b283de76b339422 | VQL Function: upload_s3 Category: general Upload files to S3. This function can be used to upload to an AWS S3 bucket or to a MinIO self hosted bucket. Read [How To Set Up A MinIO For… | velociraptor-vql |
| 10972a25a877f61b | VQL Function: upload_sftp Category: general Upload files to SFTP. | velociraptor-vql |
| e872a910d09ccdc3 | VQL Function: upload_smb Category: general Upload files using the SMB file share protocol. | velociraptor-vql |
| b01e5cf8e7f4f966 | VQL Plugin: upload_transactions Category: general View the outstanding transactions for uploads. | velociraptor-vql |