This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!
This release includes a number of new features in a number of areas
Frontend and client comms
- The MySQL backend is now fully supported and considered stable.
- It is now possible to provision multiple frontends - Simply add a new frontend by using the
config frontendcommand. - Clients can automatically load balance the multiple frontends by cooperatively redirecting between live frontends.
VQL
- It is now possible to refer to columns containing space or . characters using the backtick notation.
- LET expressions now support direct assignment of expressions (e.g.
LET time = timestamp(epoch=now()))
GUI
- Tables have a
show VQLbutton in hunt and collection results - users can copy this VQL into a notebook to begin post processing results. - New
Artifactnotebook cell allows writing artifacts interactively directly in the GUI. - Added a raw JSON view to all tables.
- Better integration with ACE editor offering VQL plugin completion, customizable editor (press ctrl-,) etc.
NOTE: Internally all collection results are now stored as JSONL instead of CSV. We can read old CSV files but new files are in JSONL.
As always please file issues on the bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord