This is the next point release for Velociraptor - Digging deeper!
Detailed release notes are posted at https://docs.velociraptor.app/blog/2023/2023-05-05-release-notes-0.6.9/
GUI Improvements
- Table filtering and sorting - the table filtering controls were moved to the top of each table column
- VFS GUI improvements - It is now possible to download multiple files at the same time within the VFS GUI
- Hex viewer and file previewer GUI - A new hex viewer widget was introduced. This allows directly previewing collected files within the GUI
- Artifact pack import GUI improvements - When manually importing an artifact pack with the GUI the user can now filter which artifacts to import and set their prefix
Notable features
This release brings direct SMB support to Velociraptor - it is now possible to use SMB for:
- Upload the offline collector to an SMB share
- Serving tools from an SMB share
This release also supports Azure blob storage for offline collector uploads.
Debugging VQL
A frequent difficulty users expressed is the ability to debug VQL queries. This release introduces the EXPLAIN keyword which helps in debugging VQL queries either in the notebook or on the client itself.
Security features
This release introduces a new "lockdown" server mode. When a server is in lockdown it is not able to schedule new collections or hunts but can still be used to view already collected information.
Additionally this release introduces an audit event viewer allowing for those to be viewed directly in the UI. Auditable events include collection launch, hunt creation etc.
Velociraptor allows for utilizing external third party tool in artifacts. Previously tool definitions could specify where a tool should be downloaded from. In this release it is also possible to specifty an expected hash for the tool.