velociraptor
velociraptor copied to clipboard
Velocidex
Digging Deeper....
This library looks promising https://github.com/dsoprea/go-ext4 This should allow us to replay the journal and also get the btimes properly.
We would like to enable feeding offline Sysmon event logs to the tracker to build process trees / enable filter on specific chains and tracking process attributes. Process tracker was...
Allow to filter out unlabeled clients in the search bar (e.g. with "label:none" or "label:", "label:{}"...). This would allow to select only those hosts added but not labeled yet. Would...
Current audit logs encode the details field as a protobuf string encoding which is non standard: ``` "creator:"mic" client_id:"C.03a1e7aa68336303" artifacts:"Generic.System.Pstree" specs:{artifact:"Generic.System.Pstree" parameters:{}} ``` It looks similar to JSON but not...
Hello , I am having a issue with the velociraptor and the x86 version on windows 10 , when I installed it , it does not send any info to...
To prevent further issues like #2069, #2065 we need to implement hard file locking on the ring buffer file or alternatively use a temp file for it.
There is a bug in the MFT parsing artifact which may relate to taking into account EntryID + Sequence number when rebuilding the OSPath. Multiple instances observed where an item...
This is a regression from 0.6.5 - although the config.Frontend.artifact_definitions_directory is still respected.
Would be useful to have a flag in the "Specify resources" section of the hunt/flow initiation to increase the urgency
Hi all, I just updated the server to the latest linux release and after deploying the agents, and attempting to delete them from the GUI they won't successfully remove when...
