API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| 98e7be8211734cc7 | VQL Function: upload_webdav Category: general Upload files to a WebDAV server. | velociraptor-vql |
| c0ca5f7e78dd4487 | VQL Plugin: uploads Category: server Retrieve information about a flow's uploads. | velociraptor-vql |
| 5d5a7dfc6c0d45c6 | VQL Function: url Category: general Construct a URL or parse one. This function parses or constructs URLs. A URL may be constructed from scratch by providing all the components or it may be parsed… | velociraptor-vql |
| fbf3c738ad01d4dc | VQL Function: user Category: server Retrieves information about the Velociraptor user. | velociraptor-vql |
| 121199f9e5883461 | VQL Function: user_create Category: server Creates a new user from the server, or updates their permissions or reset their password. | velociraptor-vql |
| 4b5650f78eba0ec4 | VQL Function: user_delete Category: server Deletes a user from the server. | velociraptor-vql |
| ceef9e4740befc83 | VQL Function: user_grant Category: server Grants the user the specified roles. | velociraptor-vql |
| 0c45c4ac69d4b0cf | VQL Function: user_message Category: general Send the user a message which will appear in the user notification view. | velociraptor-vql |
| 1b037738121a8544 | VQL Plugin: user_messages Category: general Emit the user's console messages. | velociraptor-vql |
| 12028eb92719d6f9 | VQL Function: user_options Category: server Update and read the user GUI options ### Example The following will set the user language to French, dark theme and add a sidebar link named Foobar. The… | velociraptor-vql |
| 9f2514848dc3b21d | VQL Plugin: users Category: windows Display information about workstation local users. This is obtained through the NetUserEnum() API. | velociraptor-vql |
| 348f2192a6948698 | VQL Function: utf16 Category: encode Parse input from utf16. ### Example ```vql utf16(string='A\x00B\x00C\x00D\x00') -> "ABCD" ``` | velociraptor-vql |
| 58c2539396aed66e | VQL Function: utf16_encode Category: encode Encode a string to utf16 bytes. ### Example ```vql utf16_encode(string="ABCD") -> "A\u0000B\u0000C\u0000D\u0000" ``` | velociraptor-vql |
| 8730e84e56bf2c5d | VQL Function: uuid Category: general Generate a UUID. | velociraptor-vql |
| cbab805dea0064ab | VQL Plugin: vad Category: windows Enumerate process memory regions. | velociraptor-vql |
| 06dbd8fa5b85987d | VQL Function: verify Category: general verify an artifact This function will verify the artifact and flag any potential errors or warnings. | velociraptor-vql |
| ff2095cb5c76cf30 | VQL Function: version Category: general Gets the version of a VQL plugin or function. This is useful when writing portable VQL which can work with older versions of Velociraptor. When Velociraptor… | velociraptor-vql |
| 885de68ddf8db547 | VQL Accessor: vfs Category: general Access client's VFS filesystem on the server. On the Velociraptor server, the Virtual File System (VFS) represents a cached copy of the files and directories we… | velociraptor-vql |
| 83a75282cda21f33 | VQL Plugin: vfs_ls Category: server List directory and build a VFS object. This plugin is probably only useful as part of the System.VFS.ListDirectory artifact. | velociraptor-vql |
| fd65e99b5ee25feb | VQL Accessor: vhdx Category: general Allow reading a VHDX file. This accessor allows access to the content of VHDX files. Note that usually VHDX files are disk images with a partition table and an… | velociraptor-vql |
| d11d4b5d7de63a35 | VQL Accessor: vmdk Category: general Allow reading a VMDK file. This accessor allows access to the content of VMDK files. Note that usually VMDK files are disk images with a partition table and an… | velociraptor-vql |
| a28a3d75df78af6f | VQL Plugin: watch_auditd Category: event Watch log files generated by auditd. | velociraptor-vql |
| 19c46e570ac176e6 | VQL Plugin: watch_csv Category: event Watch a CSV file and stream events from it. Note: This is an event plugin which does not complete. This plugin is the event version of `parse_csv()`. When the… | velociraptor-vql |
| 97150382c18162db | VQL Plugin: watch_ebpf Category: linux Watch for events from eBPF. This plugin uses the integrated tracee eBPF engine to stream events. See https://github.com/Velocidex/tracee_velociraptor for more… | velociraptor-vql |
| 3892d57cabf8bb06 | VQL Plugin: watch_etw Category: event Watch for events from an ETW provider. Event Tracing for Windows is a powerful built in monitoring and eventing system in Windows. This plugin provides an… | velociraptor-vql |
| 1974ca2a450669d4 | VQL Plugin: watch_evtx Category: event Watch an EVTX file and stream events from it. This is the Event plugin version of `parse_evtx()`. {{% notice note %}} It often takes several seconds for… | velociraptor-vql |
| be8638d33a3f704f | VQL Plugin: watch_journald Category: event Watch a journald file and stream events from it. | velociraptor-vql |
| 9986570ae15dec99 | VQL Plugin: watch_jsonl Category: event Watch a jsonl file and stream events from it. | velociraptor-vql |
| 237c0a0c6b24a32d | VQL Plugin: watch_monitoring Category: event Watch clients' monitoring log. This is an event plugin. This plugin will produce events from all clients. | velociraptor-vql |
| 6c09ad88d8a60db5 | VQL Plugin: watch_syslog Category: event Watch a syslog file and stream events from it. When the plugin starts watching, it seeks to the end of the file and forwards any new lines from it. This… | velociraptor-vql |
| e93c9c14eb5a1da3 | VQL Plugin: watch_usn Category: event Watch the USN journal from a device. | velociraptor-vql |
| 2f1a648a276d819b | VQL Function: whoami Category: server Returns the username that is running the query. | velociraptor-vql |
| 1a1d67e59719a96f | VQL Plugin: winobj Category: windows Enumerate The Windows Object Manager namespace. | velociraptor-vql |
| 91d96ba768bbe5ad | VQL Accessor: winpmem Category: general Access physical memory like a file. Any filename will result in a sparse view of physical memory. | velociraptor-vql |
| 5ac948ded052e1e9 | VQL Function: winpmem Category: windows Uses the `winpmem` driver to take a memory image. This plugin is also needed to facilitate the winpmem accessor. When the `image_path` parameter is not set… | velociraptor-vql |
| cbee1aab60017a78 | VQL Plugin: wmi Category: windows Execute simple WMI queries synchronously. This plugin issues a WMI query and returns its rows directly. The exact format of the returned row depends on the WMI… | velociraptor-vql |
| 2bc4bc4b60fcb427 | VQL Plugin: wmi_events Category: event Executes an evented WMI queries asynchronously. This plugin sets up a [WMI… | velociraptor-vql |
| 00f8d8188bb1e305 | VQL Plugin: write_crypto_file Category: general Write a query into an encrypted local storage file. | velociraptor-vql |
| 1693a28f4337f6f8 | VQL Plugin: write_csv Category: general Write a query into a CSV file. | velociraptor-vql |
| 94835e5e04a3b005 | VQL Function: write_file Category: general Writes a string onto a file. This VQL function is a convenience wrapper to the copy() function. | velociraptor-vql |
| 4f9b64f872d2d110 | VQL Plugin: write_jsonl Category: general Write a query into a JSONL file. | velociraptor-vql |
| 3b1c6cec198ca7e4 | VQL Function: xattr Category: experimental Query a file for the specified extended attribute. If no attributes are provided, this function will return all extended attributes for the file. Please… | velociraptor-vql |
| 8816fb0fc848b673 | VQL Function: xor Category: encode Apply xor to the string and key. | velociraptor-vql |
| 97087ee5d7aa644c | VQL Plugin: yara Category: parsers Scan files using yara rules. This plugin uses the libyara library to scan files. It is common to provide a large number of rules to the `rules` parameter.… | velociraptor-vql |
| 1afe451056e1d0d7 | VQL Function: yara_lint Category: parsers Clean a set of yara rules. This removes invalid or unsupported rules. Velociraptor's yara implementation does not support all the modules available in Yara… | velociraptor-vql |
| 50d4867e3ae73049 | VQL Plugin: yarax Category: general Scan files using yara rules (Using the new yarax engine). This is an experimental new functionality to use the [YaraX](https://github.com/VirusTotal/yara-x)… | velociraptor-vql |
| 8c29ed579a12cdc6 | VQL Accessor: zip Category: general Open a zip file as if it was a directory. Filename is a pathspec with a delegate accessor opening the Zip file, and the Path representing the file within the zip… | velociraptor-vql |
| 21c6d7b843743f81 | VQL Accessor: zip_nocase Category: general Open a zip file as if it was a directory. Although zip files are case-sensitive, this accessor treats file names inside the zip file as case-insensitive.… | velociraptor-vql |
| bindings__24727de2e559dd58_0 | METHOD:POST PATH:/api/v1/itemusages Retrieves item usages INTENT:RESOURCE_CREATION Create Api form with validation REST_CREATE_NESTED | openapi_spec |
| bindings__411488298c8e7400_1 | METHOD:POST PATH:/api/v1/signinattempts Retrieves sign-in attempts INTENT:AUTHENTICATION Login form with credential fields REST_CREATE_NESTED | openapi_spec |