Plugin Reference#
account_policy
acquire_handles
acquire_hashes
activitiescache
activity
adpolicy
alternateshell
amcache
amcache.applaunches
amcache.application_files
amcache.applications
amcache.device_containers
amcache.drivers
amcache.files
amcache.programs
amcache.shortcuts
amcache_install
anydesk
anydesk.logs
apache
apache.access
apache.error
apache.logs
appinit
appxdebugkeys
apt
apt.logs
atop
audit
auditpol
authlog
bam
bashhistory
bootshell
brave
brave.cookies
brave.downloads
brave.extensions
brave.history
browser
browser.cookies
browser.downloads
browser.extensions
browser.history
btmp
caddy
caddy.access
caddy.logs
capability_binaries
chrome
chrome.cookies
chrome.downloads
chrome.extensions
chrome.history
chromium
chromium.cookies
chromium.downloads
chromium.extensions
chromium.history
cim
cim.consumerbindings
cit
cit.cit
cit.dp
cit.modules
cit.puu
cit.telemetry
citrix
citrix.access
citrix.error
citrix.logs
clfs
clsid
clsid.machine
clsid.user
cmdline
codepage
commandhistory
commandprocautorun
cpanel
cpanel.lastlogin
cronjobs
datetime
defender
defender.evtx
defender.exclusions
defender.quarantine
defender.recover
docker
docker.containers
docker.images
docker.logs
domain
dpkg
dpkg.log
dpkg.status
edge
edge.cookies
edge.downloads
edge.extensions
edge.history
environ
environment_variables
etc
etl
etl.boot
etl.etl
etl.shutdown
evt
evtx
exchange
exchange.transport_agents
filerenameop
firefox
firefox.cookies
firefox.downloads
firefox.history
firewall
gnulocate
gnulocate.locate
icat
iexplore
iexplore.downloads
iexplore.history
iis
iis.access
iis.logs
install_date
iptables
keyboard
knowndlls
language
lastlog
lnk
locate
locate.locate
lsmod
mcafee
mcafee.msc
messages
mft
mft_timeline
mlocate
mlocate.locate
mru
mru.acmru
mru.lastvisited
mru.msoffice
mru.mstsc
mru.networkdrive
mru.opensave
mru.recentdocs
mru.run
muicache
ndis
netstat
network_history
nginx
nginx.access
nginx.logs
notifications
notifications.appdb
notifications.wpndatabase
ntversion
nullsessionpipes
openssh
openssh.authorized_keys
openssh.known_hosts
openssh.private_keys
openssh.public_keys
opensshd
opensshd.config
openvpn
openvpn.config
packagemanager
packagemanager.logs
passwords
path_extensions
pathenvironment
pfro
plocate
plocate.locate
powershell_history
prefetch
proc
processes
recentfilecache
recyclebin
regf
registry
remoteaccess
remoteaccess.logs
runkeys
schedlgu
scraped_evt
scraped_evtx
securelog
services
sessionmanager
sevenzip
shellbags
shimcache
sockets
sockets.packet
sockets.raw
sockets.tcp
sockets.udp
sockets.unix
sophos
sophos.hitmanlogs
sophos.sophoshomelogs
sru
sru.application
sru.application_timeline
sru.energy_estimator
sru.energy_usage
sru.energy_usage_lt
sru.network_connectivity
sru.network_data
sru.push_notification
sru.sdp_cpu_provider
sru.sdp_network_provider
sru.sdp_physical_disk_provider
sru.sdp_volume_provider
sru.vfu
ssh
ssh.authorized_keys
ssh.config
ssh.known_hosts
ssh.private_keys
ssh.public_keys
startupinfo
suid_binaries
symantec
symantec.firewall
symantec.logs
syscache
syslog
sysmodules
tasks
teamviewer
teamviewer.logs
thumbcache
thumbcache.iconcache
thumbcache.thumbcache
timezone
trendmicro
trendmicro.wffirewall
trendmicro.wflogs
trusteddocs
ual
ual.client_access
ual.domains_seen
ual.role_access
ual.system_identities
ual.virtual_machines
usb
userassist
usnjrnl
walkfs
webserver
webserver.access
webserver.error
webserver.logs
wer
winrar
winsocknamespaceprovider
wireguard
wireguard.config
wtmp
yum
yum.logs
zypper
zypper.logs