velociraptor.results

$ target-query <path/to/target> -f velociraptor.results

Details

Module	dissect.target.plugins.apps.edr.velociraptor.VelociraptorPlugin
Output	records

Module documentation

Returns records from Velociraptor artifacts.

Function documentation

Return Rapid7 Velociraptor artifacts.

By default JSON objects are not extracted from the artifacts, this can be done with the argument --extract-nested.

References:

• https://docs.velociraptor.app/docs/vql/artifacts/