Mike Cohen

Looks like the wmi one is only available on sccm enterprise machines and the job file is an old format. Can you provide sample files? We can easily write a...

If you want to get some parsers added, it would be really helpful to also include some sample data. We use that to add tests for the parsers and also...

When we import the collection we create "virtual" client and virtual collections for it. We can not create a collection for an artifact that we dont know about its definition,...

I think the whole issue stems from us failing to put enough information in the zip file about collection in general. I would like to add some metadata to the...

Thanks for raising this issue for discussion :-) So just a bit of background for the reasoning behind these restrictions on naming etc. Since Velociraptor is effectively a VQL engine,...

This is a good discussion and the old Windows.Sys.Users was actually very confusing and not very accurate. Previously we called a user account with registry profile a "remote" account which...

It now also shows the profile last load time and unload time which are very useful in establishing timelines 

It looks like some of the urls are using plain http. Maybe the redirect url in the oauth config ? Or maybe the server is configured to use plain http...

It depends what authentication method you want to use. I would recommend against saml because it seems a bit more complex to set up. Azure can provide both saml and...

From velociraptor there are only a couple of steps. First, when you go to the site, velociraptor should redirect to azure. Then after you do the oauth steps on the...