This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!
This release includes a number of UI improvements - the most interesting is the context sensitive suggestions in the notebook editor. Command completion in the editor is now context sensitive - so it completes depending on where the cursor is:
SELECT * FROM ? <--- complete plugin names.
SELECT * FROM pslist(? <--- complete pslist args
SELECT * FROM Artifacts.Windows.Sys.Users(? <-- completes artifact parameters.
elsewhere complete VQL functions and local variables.
Typing ? anywhere will show all current possibilities.
As always please file issues on the bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord