Skip to content

Release 0.6.1

Compare
Choose a tag to compare
@scudette scudette released this 15 Aug 14:33

This is the next point release for Velociraptor - Digging deeper!

There are a large number of new features and bugfixes in this release. For full details please read the release notes here but here are the highlights.

  • Event monitoring logs now contain a time index making them quick to search.
  • The event monitoring GUI has been revamped to present a timeline and allow navigating between times quickly
  • Free disk space is now visible in the dashboard
  • GUI now has a Most Recently Used (MRU) search button to quickly find the clients a user has worked with recently.
  • GUI now has a Quarantine button to be able to quickly quarantine or release an endpoint
  • Notebooks can now be used in full screen
  • Notebooks now can add any table to a super-timeline. This allows multiple queries that produce time columns to be compared side by side in a large timeline.
  • Added starlark support within VQL - you can now write routines in Starlark (python like language) to extend VQL.
  • Added favorites for collections - You can now save your favorite collections by name and load them up again to preconfigure a new collection.

New VQL functions/plugins

  1. reg_set_value,reg_rm_value and reg_rm_key allow VQL queries to modify the registry for response.
  2. user_delete() and user_create() allow velociraptor users to be managed from VQL or the API
  3. geoip function allows looking up IP addresses within the Maxmind databases
  4. xor function allows to uncover simple encryption

Notable new artifacts

  1. Windows.Carving.CobaltStrike allows carving and decoding of cobalt strike configurations from process memory or disk.

As always please file issues on the Github bug tracker or ask questions on our mailing list [email protected] . You can also chat with us directly on discord https://www.velocidex.com/discord