github Velocidex/velociraptor v0.6.3-rc1
on GitHub

latest releases: v0.73, v0.72, v0.7.1...
pre-release2 years ago

This is the next point release for Velociraptor - Digging deeper!

This release adds more support for the multi-frontend configuration - if you would like to try this new deployment method, read more about it here https://docs.velociraptor.app/docs/deployment/cloud/multifrontend/

Notable features

  • Search index is now stored in memory at runtime - this makes searching much faster and allows us to search for things like IP address.
  • New artifact parameter types for regex and yara have specialised UI elements for users to enter yara and regex expressions.
  • It is now possible to override Generic.Client.Info artifact for a custom interrogation process.
  • Hunt wizard can estimate the total number of clients that may be affected by a label/OS condition
  • New Upload File Form element - Users can upload a file to an artifact parameter on an adhoc basis (similar but more light weight than an artifact tool)
  • Root certs can now be specified in the config file. This allows use of self signed servers (e.g MITM proxies). Root certs are now bundled in Velociraptor and we do not use the OS root store.

VQL Functions and plugins

  • Added Windows.Forensics.SAM artifact for parsing the SAM
  • Improvement to SRUM artifact
  • The parse_csv() plugin is now more robust and can accept columns not from the header
  • The parse_pe() function now contains full PE resource information
  • VQL accessors that used URLs to denote delegated accessors now support a dedicated pathspec() object. This is more reliable than a URL if a bit more verbose.
  • Improve Windows.Forensics.Lnk parser to include addtional fields like the name, WorkingDir, RelativePath, Arguments
  • The Windows.Detection.Yara.PhysicalMemory artifact allows a yara scan of physical memory accessed via the winpmem driver.
  • Added recursion_callback option to the glob plugin - this allows more fine grained control of the glob() plugin recursing into directories, for both better efficiency and safer access.

NOTE: We have formulated our support policy here https://docs.velociraptor.app/docs/overview/support/ . Please test thoroughly in your environment and provide feedback and suggestions.

Upgrade notes:

If you are upgrading from previous versions, refer to the upgrade guide https://docs.velociraptor.app/docs/deployment/cloud/#server-upgrades

The new release optimizes the search index schema. If upgrading from previous releases, we recommend rebuilding the index:

  1. After upgrade, stop the Velociraptor service: sudo service velociraptor_server stop
  2. Move the old index out of the way: mv <filestore>/client_idx <filestore>/client_idx_old
  3. Rebuild the index: velociraptor index rebuild
  4. Start the service again: sudo service velociraptor_server start

Known issues

A number of issues were fixed in rc2

Check out latest releases or
releases around Velocidex/velociraptor v0.6.3-rc1

Don't miss a new velociraptor release

NewReleases is sending notifications on new releases.

Get notifications