velociraptor icon indicating copy to clipboard operation
velociraptor copied to clipboard
verified publisher icon Velocidex

Feature Question: Zircolite

Open Salva2000HD opened this issue 3 years ago • 5 comments

Good Morning. In Zircolite page (on Artifact Exchange) you said "This artifact currently supports usage of the built-in rulesets. Support for custom ruleset usage will be added in the future.". Can you tell me the estimated time for this feature add? Thanks in advance.

Salva2000HD avatar May 30 '22 07:05 Salva2000HD

I'll see if I can get it added in the next week or so. 😄

weslambert avatar May 30 '22 11:05 weslambert

This is super-intersting. It would be awesome to launch specific SIGMA-based Zircolite rules as Velociraptor hunts. @weslambert have you got news about this? Besides that, do you need any help in this effort. I have a pretty huge lab to roll out new experimental features and test them... just let me know?

FrancescoFaenzi avatar Jun 19 '22 11:06 FrancescoFaenzi

Sorry, this slipped off my radar. Should have it updated very soon!

weslambert avatar Jun 24 '22 12:06 weslambert

Sorry, this slipped off my radar. Should have it updated very soon!

Awesome! Let me repeat : should you think having a second huge lab could be useful, don't hesitate to ask.

FrancescoFaenzi avatar Jun 24 '22 12:06 FrancescoFaenzi

I made a quick change here: https://github.com/Velocidex/velociraptor-docs/pull/312. Let me know if that performs as you would expect.

weslambert avatar Jul 04 '22 20:07 weslambert

If this is still an issue for 0.6.7-4 please reopen

scudette avatar Dec 22 '22 23:12 scudette