Skip to content

Release 0.4.3

Pre-release
Pre-release
Compare
Choose a tag to compare
@scudette scudette released this 17 May 11:02
· 2205 commits to master since this release
v0.4.3
7b5c4c8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

This release includes a number of new features in a number of areas

Frontend and client comms

  • The MySQL backend is now fully supported and considered stable.
  • It is now possible to provision multiple frontends - Simply add a new frontend by using the config frontend command.
  • Clients can automatically load balance the multiple frontends by cooperatively redirecting between live frontends.

VQL

  • It is now possible to refer to columns containing space or . characters using the backtick notation.
  • LET expressions now support direct assignment of expressions (e.g. LET time = timestamp(epoch=now()) )

GUI

  • Tables have a show VQL button in hunt and collection results - users can copy this VQL into a notebook to begin post processing results.
  • New Artifact notebook cell allows writing artifacts interactively directly in the GUI.
  • Added a raw JSON view to all tables.
  • Better integration with ACE editor offering VQL plugin completion, customizable editor (press ctrl-,) etc.

NOTE: Internally all collection results are now stored as JSONL instead of CSV. We can read old CSV files but new files are in JSONL.

As always please file issues on the bug tracker or ask questions on our mailing list [email protected] . You can also chat with us directly on discord https://www.velocidex.com/discord

Assets 6
Loading