Mike Cohen

Ref: #45

Does it make sense to put all the init functions in the same file - even in spread mode? Maybe an init.go which takes care of all initialization - the...

This would be awesome because you could theoretically provide file context around any hits, such as file name, or slack. Integrating be with tsk will also open up the possibility...

As you can see here https://github.com/Velocidex/velociraptor/blob/96c58345abfebc69764a59a1905cdf95e0ade65a/bin/installer_darwin.go#L46-L65 The service remove command essentially just calls launchctl unload - so it does not remove any files but stops the service from automatically starting...

This is usually done with the MDM software - see for example https://docs.jamf.com/composer/10.36.0/user-guide/Package_Building.html for one example of such software.

Full screen is now available in 0.6.1

The issue we have with signed urls is that the URL is single use - so it will be fine to create a single collector but if you try to...

Did you add the custom artifact to the server that created the collector? When you say create the collector through the API do you mean calling the Server.Utils.CreateCollector artifact?

As you see the artifact adds dependent artifacts into the collection https://github.com/Velocidex/velociraptor/blob/acc40f08d50d9860d43abcb9f761e9e64859a121/artifacts/definitions/Server/Utils/CreateCollector.yaml#L370 You should be able to see it add the dependent artifacts into the package in the query logs...

That's interesting it looks like you are calling the Json API? That is solely for use by the GUI and may be changed in future. For the API we only...