From b3a85fd8aa6c9f196dd7c11dcc884df324ceeb5c Mon Sep 17 00:00:00 2001 From: jbauvinet-r7 <74978171+jbauvinet-r7@users.noreply.github.com> Date: Mon, 6 Nov 2023 12:04:55 -0500 Subject: [PATCH] Performed Black. --- velociraptor_legacy/Dockerfile | 20 +++ velociraptor_legacy/Makefile | 53 ++++++++ .../bin/icon_velociraptor_legacy | 46 +++++++ velociraptor_legacy/extension.png | Bin 0 -> 14561 bytes velociraptor_legacy/help.md | 122 ++++++++++++++++++ velociraptor_legacy/icon.png | Bin 0 -> 8307 bytes .../icon_velociraptor_legacy/__init__.py | 1 + .../actions/__init__.py | 3 + .../actions/run/__init__.py | 2 + .../actions/run/action.py | 92 +++++++++++++ .../actions/run/schema.py | 82 ++++++++++++ .../connection/__init__.py | 2 + .../connection/connection.py | 115 +++++++++++++++++ .../connection/schema.py | 79 ++++++++++++ .../tasks/__init__.py | 1 + .../triggers/__init__.py | 1 + .../icon_velociraptor_legacy/util/__init__.py | 1 + velociraptor_legacy/plugin.spec.yaml | 84 ++++++++++++ velociraptor_legacy/requirements.txt | 7 + velociraptor_legacy/setup.py | 17 +++ velociraptor_legacy/tests/run.json | 24 ++++ velociraptor_legacy/unit_test/__init__.py | 1 + velociraptor_legacy/unit_test/test_run.py | 21 +++ 23 files changed, 774 insertions(+) create mode 100644 velociraptor_legacy/Dockerfile create mode 100644 velociraptor_legacy/Makefile create mode 100644 velociraptor_legacy/bin/icon_velociraptor_legacy create mode 100644 velociraptor_legacy/extension.png create mode 100644 velociraptor_legacy/help.md create mode 100644 velociraptor_legacy/icon.png create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/__init__.py create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/actions/__init__.py create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/actions/run/__init__.py create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/actions/run/action.py create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/actions/run/schema.py create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/connection/__init__.py create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/connection/connection.py create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/connection/schema.py create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/tasks/__init__.py create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/triggers/__init__.py create mode 100644 velociraptor_legacy/icon_velociraptor_legacy/util/__init__.py create mode 100644 velociraptor_legacy/plugin.spec.yaml create mode 100644 velociraptor_legacy/requirements.txt create mode 100644 velociraptor_legacy/setup.py create mode 100644 velociraptor_legacy/tests/run.json create mode 100644 velociraptor_legacy/unit_test/__init__.py create mode 100644 velociraptor_legacy/unit_test/test_run.py diff --git a/velociraptor_legacy/Dockerfile b/velociraptor_legacy/Dockerfile new file mode 100644 index 0000000000..5a5e31731f --- /dev/null +++ b/velociraptor_legacy/Dockerfile @@ -0,0 +1,20 @@ +FROM rapid7/insightconnect-python-3-38-plugin:5 + +LABEL organization=jbauvinet +LABEL sdk=python + +WORKDIR /python/src + +ADD ./plugin.spec.yaml /plugin.spec.yaml +ADD ./requirements.txt /python/src/requirements.txt + +RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi + +ADD . /python/src + +RUN python setup.py build && python setup.py install + +# User to run plugin code. The two supported users are: root, nobody +USER nobody + +ENTRYPOINT ["/usr/local/bin/icon_velociraptor_legacy"] diff --git a/velociraptor_legacy/Makefile b/velociraptor_legacy/Makefile new file mode 100644 index 0000000000..cdbcdb1721 --- /dev/null +++ b/velociraptor_legacy/Makefile @@ -0,0 +1,53 @@ +# Include other Makefiles for improved functionality +INCLUDE_DIR = ../../tools/Makefiles +MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk) +# We can't guarantee customers will have the include files +# - prefix to ignore Makefiles when not present +# https://www.gnu.org/software/make/manual/html_node/Include.html +-include $(MAKEFILES) + +ifneq ($(MAKEFILES),) + $(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets) + $(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES)) + $(info --) +else + $(warning Makefile includes directory not present: $(INCLUDE_DIR)) +endif + +VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //') +NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //') +VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //') +CWD?=$(shell basename $(PWD)) +_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }') +PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz + +# Set default target explicitly. Make's default behavior is the first target in the Makefile. +# We don't want that behavior due to includes which are read first +.DEFAULT_GOAL := default # Make >= v3.80 (make -version) + + +default: image tarball + +tarball: + $(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball) + rm -rf build + rm -rf $(PKG) + tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh * + +image: + $(info [$(YELLOW)*$(NORMAL)] Building plugin image) + docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) . + docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest + +regenerate: + $(info [$(YELLOW)*$(NORMAL)] Refreshing schema from plugin.spec.yaml) + insight-plugin refresh + +export: image + $(info [$(YELLOW)*$(NORMAL)] Exporting docker image) + @printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n" + @docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar + +# Make will not run a target if a file of the same name exists unless setting phony targets +# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html +.PHONY: default tarball image regenerate diff --git a/velociraptor_legacy/bin/icon_velociraptor_legacy b/velociraptor_legacy/bin/icon_velociraptor_legacy new file mode 100644 index 0000000000..99664fa289 --- /dev/null +++ b/velociraptor_legacy/bin/icon_velociraptor_legacy @@ -0,0 +1,46 @@ +#!/usr/bin/env python +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import os +import json +from sys import argv + +Name = "Velociraptor Legacy" +Vendor = "jbauvinet" +Version = "1.0.0" +Description = "Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform. It provides you with the ability to more effectively respond to a wide range of digital forensic and cyber incident response investigations and data breaches" + + +def main(): + if 'http' in argv: + if os.environ.get("GUNICORN_CONFIG_FILE"): + with open(os.environ.get("GUNICORN_CONFIG_FILE")) as gf: + gunicorn_cfg = json.load(gf) + if gunicorn_cfg.get("worker_class", "sync") == "gevent": + from gevent import monkey + monkey.patch_all() + elif 'gevent' in argv: + from gevent import monkey + monkey.patch_all() + + import insightconnect_plugin_runtime + from icon_velociraptor_legacy import connection, actions, triggers, tasks + + class ICONVelociraptorLegacy(insightconnect_plugin_runtime.Plugin): + def __init__(self): + super(self.__class__, self).__init__( + name=Name, + vendor=Vendor, + version=Version, + description=Description, + connection=connection.Connection() + ) + self.add_action(actions.Run()) + + + """Run plugin""" + cli = insightconnect_plugin_runtime.CLI(ICONVelociraptorLegacy()) + cli.run() + + +if __name__ == "__main__": + main() diff --git a/velociraptor_legacy/extension.png b/velociraptor_legacy/extension.png new file mode 100644 index 0000000000000000000000000000000000000000..84bb0cdb9868e9120a1fc2fef81b0ca5acc3869a GIT binary patch literal 14561 zcmc(`1z6N=yDw_IilhS4=};muLpLZrbaxF5G1Sluts%>4br{; zsPDVJea^SmUgzv{uFZA9{AcF5`@VnA{RAN@N;0@u z_*-}2sRO)VI>_oe-?)KIc>R0xMp6ptjT>102n`(<9YqB}Go&3m430E4XGhsN0Hbf* z5Eer@z|3sSU1&|sEfMx2pzZo*5G?{O0@CJDgeW>lm|G!aJ)O+eJ(V=fJZ;Pb;2<$k zT49tRz`)Mj1xAaqv$b~?M2UcY@f8G~uRjKZXnzfHu@M11yB0{Rqo_hFfpjvb6=3IJ zGlM`lX!(FAZeC7)0RcWfK2};z2qza9!VBi)VdLZy%tXy0i1i@f;cXxJoE_S4oC744%KmZKk1aoq-0VCL)J?vdzC^ma%y1zL{nme00 zAsk!~NPF6AjxbZCtBVK-(Dt_(b`JlrwRisGD!^%A6wCq4!4A1L>(@ZI*+1hPT%Bxx z35T13&27!?%doQ z8Gjt|Z$~?8csQ7Y)y$odu1;p=Qf`2nbbnjp?4oA=AO8GrkORYi5jzMLR;Jc3-D|I<() zCE+j^*#B}c+)U5{>0}23oQbf5S(<|#>@7jG|Aa_T0%?nM0t5rvasARlQBe?T@9YAz zH#3JyihuwU*bxZ0pa9$y#%~HUXA|J#fU|LPnewy2cwho-0=zJ8a{&%c3tkB9Z+c0j znd^1dT+{z9A~@0v;PD?)`MDt+d}dr+Y-ZdrIGY88n~#kjV#dX0VGe=w!FWy0IAFhh z0%)V`gaGOoX8W&PueE{$908?ZTs#6CY&;MFPBv}<3m6-W8^X=T&&|zk27#Gz!y)kN zO8F1Te{*>T*yjwy+4)Z;io-1bJlP^dEfGNAe(U_}QGkP6fRoPx&=d$Z8#jk3Cz}8_ zAB4?}Ux1&NgV)@QgA*nUzAit2nD+P6Z-(IiTJo==5R^q+YvS=ozPh>NKbp|~ssllo z*>!!3fXuFQ(;N=^^D*Mz#Oc4~kw5hAR^|ZH{~{@WOLsfYUIWHI7f`^}r z=fAY|U-9DqtgU89dpC2Zf5}=0m=g?`QO%v4ML-q+P|^a0_6sh+ZuaoMXDA0}I1Ahi zMeBm3{SVmsPyGoucS8J2_WY}af5g-Ne;o>7xGr2x!f& zAOGnKfj9qjmge?AeLDetqlj+Jw;MOu|AI9ZdqC zsXX|L9(orazkEK_=9a4uPX7DHftu-t?zn?>EH6WKIl}O@{u(B@`|N2ftM1dq2Nv`S zTSaH*yZK35tGPvaMMZ0AWPa&m>rHj*fzE@Q+G8iP&c3;id)3e`Ns9&VPoNB^sv3TW zW~Q!wsu#M?kOxOC`&v;EbIscdDZwkSJM5bL%B${jS!rv!m6t?6o*5q;P412O7UNjg zk~-OKo}6J&twX-`I#bF@D=F`(qv0ZNxkpWZl8T1%EfO~vBW@Birv%b*z!bb<>CF_d zWXoV*viSDzPCw^^35wEwS3zo@z8SJRrgx**Gh*l_jlPApJ$~q4wN?s$8FF>iY=iHLVx)kTM+A4b!YQ50#R zZqBj_*Ss9+jVMtj!x7*#T(yzQ3705F!zHgd9{+^B zCNO`@v}pN*Dro)_Jt73q03m&Zv7^3QC3t51GHibeKS76l7n*UMbP||%f;nyR-6RZt}>nxTT|+$BhiDm zcbTFVh+KtOj8D`bLgG~XsL4asHl`%M;-Qox5g9a& z#Hlg8pRzEnkXiZKO7nvKbhu2NQ`gH#dU4k2_j3~{L~4e5?4^{3kOG>6?hgIL4l`Bg z(E>!F$hi}gQoMiroIqaC^C~GgyeSp@WF6}sWt8&c>5&&g3{d%H0$h*wz_)fNDei} z#qV{D@{?Y%r|5}=dhHHG9%O%iqq$dLZHX;bu#M*xHI%Q>XPdtX826r)D_3dABeYyk zXTKQtL%_}Ik&wH#cPr0T8b^(8trb#JIJ`-HdP*(PG`&N`EO`_9Eu= z^R8!68Lrja5>dR``kyU15SDbzpUPFkYC`Uv#S#3?Ro)U23&0T zuJ;zFR56?8#`}ufX(2v4U+az%ex&bu?QUKhD_-QX zE{|?){;|8Oiuq|?G@|pv?6x;-Ft_Vqy#HPy`yb>W{}SVxsymJ+6#T-GX(M-zvTcg{ z?qkZlIjLhoB^A?buGoS7ntY=CJ8-cEtpy3Kljsk4D3E>2${W$_IbW=+#}=%cT&D~f zG~`B4(~3%phs-mY)H&vrzCv4~7A< z6jMBu7&AS;Re6Un>jW#k%`Y^ur)m7wl{RaH;S0Kv;;}E}BGN1%5^jM@aw#m?As;79 zmQ^e|qt-lBT`1qGBlmarx7fyN$C*R8PqGtN`#pWS-K7+c=vAv$Yf)vvw{iux1ILD$ z<(L+wRX?q=ZWxO!DTy3vdOB!q)n@2+J~50k3=}wxZatKSsLN5v4&ki^ym1NAGE|q3 z(e%a}TRm_C@;Bi4&Co3cu8yw#Q?&A;{`<=g!s92ip~WV-ko+-=y8-SY^nuE4M-E9P zi60G!#Hd|uWduSajJd5moGBqavkXvmpa8c%vqDX1PWuVu#gP(BVVtSpTkGE+Uvy}R zE;CtUi-CzsA70^66O6vD*6=C|d6D>RAwpa)^5foa&a)%_d)ri9=jtT9!g`(q_wF!5 zr2#k}qSEW-^{Rq|yPpo!FG`t|Dc9b&q+1m6)f2gV1na#=-IDW4*OxYCOFW=hbCCZo zSJ3pj7*3`XnLy>oR=29w5ptQn=BK{RG3+r{CQx@P;bYa~;MQk`HO?<`wEecr6P?fX zSgoZp4<%5V2gltu1}A@AT76JBuR3*3(itG{qt7~uux8GidD|L#=4j*J+@>_%*s@Dc z#=}h8jVckkER?sqf0^E-TkOTAe{lji*B$4cf9kIuR{)`HowN`7v_^hsf<V11w|X zd{W0+Y(`5dR8lYBNK%%Q^lsCjdY;Zz--Zp9<)yJg=1%Flb5K5 z$8{5XMBdh(JBWMKwGH8a?=AY>^n`qca=O)rSJU%5f8W!~z%vTU^n!f=g);Sl0ypb$ zmV6RzVT(8xR;IJ8jp-vytT>*C&Jg3|&;7KHL+^%j7wpcHQTf8Nrlr2o=4^K?u<^-8 z0`G6?8QA8{wOHaJy?}fNwXV}INWR{Nwl2urE$?#AWnypGfd>;-dKLx_wTd#nu9rS+ zPIcnhfr_!`g4%G<_>48E| zVB*u-{?s4Fso#}-m)$lPIHlj9YCP>>=wOK7_PuRRZJ5mMJNccV7)kd&9xj4E&+Qca znmaOuaQ^CURKqdtPspZNRL#&{c$Aa0$`AgDo1YSOCTvS)5uDNhR^e}%#9t{?ot!}3 zlQm0wB~Vj-W(d8U1p-pn_ECRVc5b;|1{~)V_bn~!bB;^S4t&y}hBPWJr=pQ^UC*Nw#j6*bMm%sdcrtE zdxw4%FDpIFwgf*%1(l~`ofvs#NQZ3)`@uPYk0tYj>hVkLoN&V~nSNe7+|dmE9=*}! zkp&eQLPr;`K*%dJ#9v*w0E5*LP*nI02*%9XW*Ls8eTAw3n zfi|~*sJcj^5?U2aIF)(!kXj9u_TuZ(8OueC@0~-U&ch2Sf{yeB$1IB7)wN5SC7yA; z*moDo24aEAB|7W=$fZT~nRkhBMKcw{PWsgcKx^er=AhcBOb;z69P`s##c8|Wr`%ER z5F)F4dFK&z{NqMt1m8x)(R_STb3k=l;jth!Sqsk+tQo;b8&f#vmIbF`0IX;CU!ugS zp10zdw|g~KHQqznpu1`sK$G;`D693&lS_(0LVb)kVK%Wl2Xcfk2kM)-kocx*$P1pHs3tm%kgI)uBic(V!wa z5`7CD&Q@yT8c7|*;xi`8xf2LES8dLa3O#Prs@AQ+z6#rmE&95oG@a!#8ZA}UEneff zE9q)%?CNj1uriXqxl>)WBDy&!p5zlXj7oC}@CJICu-?*~7g#R}f8IP7R}{WGuC#FQ zUSU&F4yh|*OZ=UAGXr7>3xI@*6;y*0-tk`p4@6oEcf{j0*!%;X|5O@hmfWE<*NgR9NmA46r~dRHg=kCn6|*>Hj+Kn0g$+BcGF+-PlLAf)D{Cr!TX%sGNw}&~MKwlEG+Plz z_3mM@rFyK>=&nyAsNLT8~sI9yi2kvR@h3| zIO0)$+|SrI?{0>*51!?TVGt1BSJ4>s>Y6a9rQmB+Id-W$+_W|FZ!CFi=o(`Wta)6b z-uY|6`mbvAA{w^7_UMP`=S{gEymfdk+N@TgxxXr%6_va!#M@aq}a!W5>dJkccpZQR(F(ry=d*u%MRFV|2|^z=!_kHsVQ6&^`Ulr`gq3s zu9~OAs~IRd4w#BY?@Mz@g7=X8Lj%Q`y-jN4D6|&0_CE`fTt+#-9sb!bJMq zh_d!pJQp_TD9Dnw`&79U@&Jx+NN6W-9J-f}3s%OVn%P1NCtzPfVIV*@?LTI95(s?q-4#01~W?t5$uuq?l zPOvq+N9gDH^bvx4?DOs0B^`==hWH~nTPD8X?X7S9f$6o)HFc?~KaD|J=I#5Th|d&P z@hoW_t}I0=YV|lh9ekS7OU~f0N<;zSg|zj)c1RAP!$bdmLZ+o}KVE(}t@} zcxSHz)6~(WC}Z zI%xnd7D|a^(gs+-%VUF!FC}UaGSpKyiN;XRQ;RL;=62ujB{T}p9_OzM*T@|ZJuVCQP~%M7WRRuidqSnsM0LQ~?Cg0gJtFG5O{{2I6E*Gt zOCcuQYHwZT&3RaukSB|f4#;Cm9e0g}32c$DlHA^Ve=Lx{Jf4<7Rl!N>9-4s_Niagv z9I{Pek((U{jD^gVlmk$3sXN>l_LJ( znu;jm#g<1c~9ew7XFK98)aMK0iKP z3o9%6MOa!Z$?TvpZ~m4ysR(b`SN7A5cO}iAWQBEMNLUn7*26aPcK4@iL}|VE*D?;Q zq-d9a03Vy@es0Yy{3vM|%!ny7iMc;Luz^)?G%!0>cGS_ghK(Ex5a;(C&s-*Lkk#Ny z8BNT=#!_MvXk6C3L$eB>YMpf!^^HuA9l_LuePq}e@bJF+W>ASCqFiF-doT}T<$9Lh zzwhz(jW^*p4goxRIwqhc!lHW+?bjNQ;nSpwSQ$|diuf|fC_lczi&vlWO?`abw94-l zGYjb9*-e;vv7~G3%EH8m-LR6#FzsdV5y^R#R#isO?cNV)lq|_swd7ZSF`AWyI3v|N z?ste4EyQU^s6P!A)|lKUM)odFfWAPn-%R%UI9+c~0DP9)^Nm`G-J@~KXUqayXpm#X3#^OZc_dH#lY@=)GnqckcX->Q;aaBk zTXV#^`PS^}d;4mK?Q8M@axL|xL8bUnSWW&SyFD-0ClQ(Rht_z7IZMuZg&h2X+1T;3 z)jt&Ieb6}a0Isl?;8^0FHZ(HTAS|~MdnzCv=hir=oBi<6eKF!9_YM=qv!OP8 zC%#K6A(Ged-D<fOrh8@fjI`CH+`}d&sn!%6d6!1PolD}R zcZ(0c)`@5y?@&Lnz^m6jDkOKAm3ya_jKu-6AQ=vLW{Js8#IDVkd%}#t)$zF5UnM|M za`w#$O06Y}H8P-KP%F*T1 zi@Z)myRAuG0{%2;t;c9;=X(pmYnJ83wUwE?&4O0v_5xVmJ%w7e;BN6p3d54`qPobZ zbKGo8U@Ls4scV%Wk=@1-UmW&TqxQ@!GG^-TgzGLY=u2V_SQ~ZIb6@%)>2+%KBT2BgkM723>h)^mg!}w0HkASB{CRy#ttr|1QY-I}WhLYG z*Vb<{p=MAt&vlokC}-PJL{hra3h~`{u<;9@icoX0)hwg4PoW=m8qnK2wk?(8Hcp`N zlnQ+<7M%Ht&wXEDZI6Dzu+q5le%7aSSD~hS>l@9gtgeb>dcxTx{dP}%YAg+Rl$ChB zuhTY$nibY84|<*fKAhE`akF(WSA_{p>)>C_C+B77;L5!&%5?waihRHrgPb?4i?3c= zLgl}xQ;|67{!AsJ1vcKy^RWFS!cd(9>=r%C<^&YZUW6Ui3Qp_g7Yyk=U2uD4vk~*^ zi`Rp&SNRSio&l>1axkWCdO|7H5BEupgqtj)F(zKL3gr_gzueTX85BWzFDJs$zqXfW zV4lfS5Ao@DT_R6;_Tq|ph>j)7^+`7PQ6?#fLcjfOZiFe*dBuc}^e1hpO|&#lQJFg--puEq<#Sz}>KJ|pdjG{Y^eluEL2dbTL>X1w_01v{R*xsW&-%DV}(TzkfbPdPx z?4oqqol-(DFe2xkyq`@UdmC}#m@+UvcSPtGFKrOTa(6qyrr+wgEaYaR-jB7=kj(>* z-}{|JP5XY64Gsk5)Ddr+yRjl%O9tmxd@V(o{cdLF_xIA9s~d>Xx{VI22FsEJf5iKR`yHDZrWB@ny*d_oBh0 z(0pCcC7!8r zXAQtay%G}q^3KUU<)st%PGv|NlgS2I0>@#z1jBJeHtF>e*hdX{l|>9t%j<%Z*%}qL z9Ki!cQ@m!Y)|yA$V`!SoEJUFC@10`Egt0z};O~m=d7(^vA{RI=mW?2g3>L!P8XyC< zYp)moEdAC-3SGlCx8a*KK2xVFzWUDkKi8!{^Xcg~oz8xyl7GcC89g4~FQpYHeO?>> zQr%8~i5@BhkQ%<5;akABt*-bSVF-}-NBf#w?Ai0E2)gm7y{moJ&?#KHF%pciKC?&r z+A~Y*yirhSynnKrCg|rF@fmQY2^>qUV!dHUn%ku52;us+88J2_2fiaR^UN=g_WSH@ z{sTwi)^ZNknash77E%hEy`l2nzCo*8Cvf1I$>O5_^hu#qkeJ;L?MX=jF-}bEngKrN zQ1FdaAldPe(hT4OoRwtYlI z_%jO*!=^2C2oLDbwMqTSf?uvDxn$&+*cabi&}IEuaX&_5jo9FGW31!48)XJH zJEQGO_V^!mzn-ofA?&d|@;;nYbow~R#;g~0(yUYIz;w(GixejfCI&|`INs*qiy-2! z;}`z=IqMhU(nUP=ai_e;JseV`d6xG$$O4CX{5WWmvM(YO2bfI7MoqyRbQ@d}adEtA zg*HRaDZFG5PnGFBhuDGhkyE8|RCI)Ag3#A68&DeWIgek9l;Wh%>lX&vje7ZlI($02 zQsU#Mg$&Vq++dJvqCtS%ubnlYl}QVxSXDZoh!&5;U@TjRpkEfWoC~LBzv=1HP|c3n z>xU?|Z2kOGlZe!$3aAbK33Q0)+GVNh`ur=267IrJ-s7xix)<+CsDi5S!Nr%hS!?t0 zfWst61&GI*EsBXJ?Y{S<&>I37t~*z&s6lMo?kh2)#S~n9$#maOFv=hI|; zw}DcC%%$cmDoJwVM5pa4_u+7>*q&P6~&SXmkUzbt(>aMEiobAw- zhPUe8xBOyU_xY!f;I2)<$-xO-(gqA_mJHoBKqp{(@2gKeO?x|5J+9)X8lCWST+l&L z7c#j*q_BH8>sYn%HielxKsc_5g7GYdDrE&i(QcovQsEMB?QJ_AjF$QDhaQLZQy9BT z3sI4`R~KrUKv3zA9W=+vW|Jem8}^bWyj)tQv%k@QA{T_E1qs1R-t zuBmw1gYsav;~3Zmmok2NR7dMwPSkpsd8vi!W_2j)4Lunj5Czf0(dzRc&Ys+kil$$>-VuH0;ETP|Py{jIFX|U3 zUZCe-Aq~tAVA+z@$yAzj6Mt;PYC%I-i0CU~x1^dAKf4lYy`+bB{Z@7A>BHAU8HrTO z0(Z^(3JvRT>09Zc8tjQ@?s~UC@U&#iFjUVnluX+!YG`z0GS^v5nYTfMUxc8GgaITVj+e*7HP{4i>% zk9d;l7RDGs6eho_WZL~0%;TJ-FpPde5yoH5p)KTLzk1ZyaUwC&h74_u*OSCx%FDW8 zJ*zWS?~>UUBw+<%MmY8W(eiCS^TD|anbT3}3So2=>>=9;|SN*v$C8OH+(aA#J zCAU_Ziti(LkWY@~nCLLDVPP*wzVSy_JiDGS*ePB-*TBIk@wt0<@{7tvv8bxQ)y^Yf z#M}$R?`41P#XrB6k zyAA=i;VIWB*sxm5CihX2QKSV%(lND@4Js*)Yjof?RcqW5>;3#(tEM@awdUxJsa~1X z!HQQzft#(Ouzj)7oDI-0veJoZv3#>$uwg)^_}`gwni6e&hl*8rOo#WaAp^Kq6=a;e z^pw*HD48M^gUQ7bv75c)i^PoJg%4p9C)REky-yvC>w9^7Up+W@6=o}Mq$Cx7au%zJ zyH4_+7k>pSS(Yx1F;qhY!<`JGcJ#J2_T`-b>uGs`A zE~|=5W-mZNwIhD|LZJ;9;0_8&=9YTg<*B^(?U)`&RWjxbXVRt5qgw4ggxCU};XPL(gQ4jfrLsCf_76+g{-~4RJ|5MU1j|h&NIU zWf@h{Ur=%w|6wgps2*n*;X1K)h^DJvYMMh1dMRab-o{oOTEE4rR>$1d8{>L?95s{k zKwhnqCv)`fXHB_Y1&2rsyC!SmZGHwxxDc_XsY!EH2emM6JW(OV$MhF-W>>^C+XJF$ zTtW5hb7?V`$(M=NclYK@Y`p6_yo#Y%&>^Yo2{r6>qoLnz{dLzD0gOc{9YV?rJpz3Z z;~i~MFWa@o8-j(kkqD>R{NBgKQ*S>mkWXta>}=L74N;*6SAI}Dh$??&C6evYJxd#( zkLI{uxHcn%P1uQ;3*Ek~3u7M?q;x=Y9L)P9shK4t^-@Fj7x&RLy85(ftZUD`_19OS zTLlh347O@qsJDgQXeQr7=7-X-G}d^|g1`2+CD1QjZ?Rks>qrjdU3ym;HJ3m@#d8;A z>~oQus2T#$&m8>eT^$4UpPKlYmmZJAi)o%wRBQ4(P`ev7h-`}mG_8WFWsA3UxGcV< z!1SSX9-NVx6v!bW!L?5PV0v8`DNRYh=bm{1<5g*V1-zBDJ#T%kRn^ONs*N-4Et4f9 zUk0@@_hkJil$`MxzI;(J${BunIvVS{hUZIfo#kI2E|1o+5%~|~`B0yp&HJ=fytZ$E z3N7Q%Pe4Abym%$=l*Vyk=O7$>bB)TV>83r3G@_k}}*{)nvfvTY7P4YHxN> zt7GZe{&5pe$8CF6$Cb5EZGi!%b>Q^4JFx3H1z6-%>O-eV$!JP!IO1kUc`obD1;=X~dj@&A7k<8z``Tqmj5~Zlj60;VA5Us-CWRiLv3`kSE(~ixky`ADgSq4(!_k zsZN~KknX>l@e}9P)k_ODUD}~T=GT40>uwO{C!CFNOFn-0`y%XB2Hf#6O{BP99~nK_J`1Z|JWze_9*D};>fL9AjzPf%*S#yrC~JU! zN&L{j`^#Zz(AYxeTGg9Tg12*7E}6OZr7TS6gxe=VGL%_9JB;ex6V)R27*CNJbFP& zhAHOrS*Nqwi9*Y!2p^c7`{*@f)RH*U_v_+g=~)i8J-Jd)m%2FFTkSL^A)-M?@Fvr*^J5a`SC&Hpp!`iS%-cV8N*G!vRTg^F7nAJF zR%k6h5C%+bMvM$rFS+tJd1i%v&_Er&E11TN`Y-|F)%S@iUFeXr4B0=}ekes0lSy~I zz$HkY-!v@|(jOP>Oq!6RV1AWbmyT?FQn2HX8+b>oBaOcxJbf;YD*sJWqlv!nx%BJz znZ!~?lcW?;{TT%995-@D)V|j|GcuLt=I<&xwn9QeKEclcIqe zPwrMe9X^3WLQ>RuWFWVOw5iP}9426rfEzYN1wJEoZ*G!|$&^@q-pw^NNN3)d9LB9V zQKH;GaeQ5|)5NnS7#4Q_TP>eVTmLv|x*xTV(1N{0v$=a|o$S~BwLR9t+1&5h^_izQ zQJQ|nS{KQE!LtQbo5}@;^}NrL>}j>&atD?fHLv|k-l&N+O|@n)bd$p=WzqD|A>!Is zZ|I@FF4O#a3#?Xw*X!$5z^mQ$HRb>Nm*;+*%4>2s6F&Uc|AYvYQj#nZH+lI#07yiR As{jB1 literal 0 HcmV?d00001 diff --git a/velociraptor_legacy/help.md b/velociraptor_legacy/help.md new file mode 100644 index 0000000000..6a54f7a287 --- /dev/null +++ b/velociraptor_legacy/help.md @@ -0,0 +1,122 @@ +# Description + +Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform. It provides you with the ability to more effectively respond to a wide range of digital forensic and cyber incident response investigations and data breaches + +# Key Features + +* dfir + +# Requirements + +* Velociraptor API Conf(velociraptor --config velociraptor.config.yaml config api_client --name rapid7 --role +administrator api.config.yaml) + +# Supported Product Versions + +* 1.0.0 + +# Documentation + +## Setup + +The connection configuration accepts the following parameters: + +|Name|Type|Default|Required|Description|Enum|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|api_connection_string|string|None|True|Velociraptor API Connection Address|None|x.x.x.x:8001| +|ca_certificate|credential_secret_key|None|True|A base64 encoded CA_Certificate Key|None|{'privateKey': 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ=='}| +|client_cert|credential_secret_key|None|True|A base64 encoded Client_Cert Key|None|{'privateKey': 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ=='}| +|client_private_key|credential_secret_key|None|True|A base64 encoded Client_Private Key|None|{'privateKey': 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ=='}| +|username|string|None|True|User to run command as|None|rapid7| + +Example input: + +``` +{ + "api_connection_string": "x.x.x.x:8001", + "ca_certificate": { + "privateKey": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" + }, + "client_cert": { + "privateKey": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" + }, + "client_private_key": { + "privateKey": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" + }, + "username": "rapid7" +} +``` + +## Technical Details + +### Actions + + +#### Run Velociraptor Command + +Run Velociraptor command + +##### Input + +|Name|Type|Default|Required|Description|Enum|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|command|string|None|True|Command to execute on Velociraptor host|None|SELECT * FROM host()| + +Example input: + +``` +{ + "command": "SELECT * FROM host()" +} +``` + +##### Output + +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|results|results|True|Results|None| + +Example output: + +``` +{ + "results": { + "LOGS_LIST": [ + {} + ] + } +} +``` +### Triggers + +*This plugin does not contain any triggers.* +### Tasks + +*This plugin does not contain any tasks.* + +### Custom Types + +**results** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|LOGS_LIST|[]object|None|None|Logs List|None| + + +## Troubleshooting + +*There is no troubleshooting for this plugin.* + +# Version History + +* 1.0.0 - Initial plugin + +# Links + +* [Velociraptor Product Page](https://docs.velociraptor.app) +* [Base64 Encode/Decode Page](https://www.base64encode.org/) + +## References + +* [Velociraptor Product Page](https://docs.velociraptor.app) +* [Base64 Encode/Decode Page](https://www.base64encode.org/) diff --git a/velociraptor_legacy/icon.png b/velociraptor_legacy/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..e248fbaf59b51ce3d65fdde8b8a920133e12b7a4 GIT binary patch literal 8307 zcmc&(cUY2p`!}=HGR;wDrQ)85Ac}$`bEM`n)c&t~zp=Q^Itc{{*sGXV!(!(8ob(KuqT z78XzR1+*f9LqTaC9z&CeP%Q2!5C-uD2mv8R@{=|7@{j<$k-Uqpowi-58Q>pa6-5S| zqwEjjqK@JW@bV_c5W@&GXdoB}!$Km0gF-0i2qXD#cG2K^?J`Ur@=YY{sFA$snnQ@I zog>7INCqGVT5u>%TN@5Rfh(jQLf^mug+ggU5ZVYGn6@4ap$kRmpmkAbI1=*XArE>a zWG2 z;Q%=dz(f4jF!}{8B#a38nJO$i1pl*5gi`PtcwB`1S`=&DrUT{(p1*MU=J)AOYX%o5`NXSF(Dv06b%9m9xLCL`beCgyu(bqv4x4+;RSd|Q1t2>Z{Tze)bX*z!{uoQ2kwzXmbz!>>^e2mwoz3=V21 zH?E)K;n}WaZEkunBJb0n$3+B6?8Jf4h}F*NK)-~@2EW&P%sj)|ZE4f*1y((+4tWb6 zu=9pBpdP&W^yzrLSJ}yPe0t=-MrwWYvPzMPM2SMsJ*6oT_nsr&Ca(xCY?ykFqCG~x zZEt>CUTEm)L_@eiPhos*YW)pEnn7)$RH}-w%J%B8!bz&SgGaZDzXLnBJC{#d`u1Z6 zC7&YjC?leUGS>hR>#^$IwWHO`ut^{1Q{A+te#PK`kMQk?N93#qTRrv%h8pj*wc+mu z29QmuC2}Pj_efiPIL*VZ+}wk;=M}JH8MH|8JRA7!Ee}OR zaQ;$eZ5R3)RK z^a0~18u*;soV!=0q7=+$R2tWYA?@G7HcB@k$nxCA zoL|4$cD}=+ard39h`lW4*PC!P(VX>`A7{Ef9o+*Erq^+3@dn3QE?&1-FpbM=%QGUh zSZ(KKUl{>wc(2oTXS@qAvn%YO9H_g7NVoU;4`Ij>>oo= z>7-XVH1$}qyygfi%l*e4Sq_yt8QG@eX>iu|r*kC}%dIcR*Qar>387aJ@7^}Iz8sou zT@E^3C#%e{mI~9#w)Pg%9!~yaF*4lmB7&`PdA7zPT5{q}J|%lTW5!6KsrHmWz1pMN ziB|RUse-|1ond*7ffVPm{EMabto!-(D-V_y7wWR<1U&ttz>b;ZkF)3?6LZ#;X+jkO z(f7e3WMQzsl1qPAzhWNCYGxbJO#EbdS_eZ=fXPzN{pG`ml$Nu|V$El{hvt$+Okzja z%f7W=MbfxON|`zjmvM9P)$n2T>Qb}rE|J2n6IBu<2L(@GW7yf`JHs{{dul7s z94B(9?|Z7C8ENt9A@?dxYKP!G`$80Lli;Fn5JfLF771l#s2AdWx9#|ErbZu8awflX zpv){jb38}qKU6s(8xv7mlqCP+NdrH-TR*wKyGW04*pI3qN;>C%ugawV#Vej>TYGQQWo*ulP_##v8f=P z*~S@@O}uDPuKeBpqn{c415X6VJDy&lJM@+#()cvq4IaJlL`9lZa5Yj?G3iX+gXNTH zwd2dP{S#)df=8o{*tn;D)jD0!^^}h$Myd50Y5n-Q|EuMSUaRi@angz5Qs%ximiHW@ zginzpG<*Lft}jHa%ZU+tBQDmuLWT0`>w=_Ao?DEdX(-#v{5K8!65Ht6@E#4eaXQ0r zV&^7V`jd6+?%idv$9GL>?m}>w<_esX^m*^vPm5RI+0{8dDX-Eb5w5f5SPCXDh1F6P z1=OcaOP)xXyz|R-T*-^&`Apqz5nZ@Vw`7N3Lyhi5}-G%V{= zgZVc|*H1^5yvd_e-`aX+-Bb}E@vB-f*KHEx&OL_nUl*sINMJ|{JnI04OPr&CH*?Tfs zN*p(%#Kof@6J@g4c26BWHbqyq$utZ4(xf-OLBORto`ugYj{?)PP6xim^?kTRZyn9f zvD_88FtjrD)`zn)U9c*IQTO5Dwj1af8}#CU<*yuHD60dV=BUBV5gJ4G>fHL`d8b#6 zbgtd8TSBhT_{1kX%|12SRwnVt;7G?(sOPE4NUOUn&-qs=-m&l_>K%JaV;kB`-gxIw&M;Z7ilx_ES+ zc5G6qsk=W>wXRHSco5hS+!{$Eef+({=)B`cZqL5TF{vvmH6b#|t52p^HD5qD6}FR$ zLj`rQz3=Y4>qNRGVV?a_5PzRxl+3$- z{sq6thgXyy#mRK@lFHV{*io9YdIi}*c~Gp5RiwNVJjuO-+B%GiGt1&x#^*M~iE&FC z<3vXs#DuEM%hr4N`|qBbr2qa^CmQbd(B-`EHV5nN+p($9(hI_dV6|m^rbxxGw{jB{ zWwvrF72~w8+NrX=@)%8*my-SvlZoX9nW=CJ&2eLO+qWcGq%4wyULXmEf>umPr76cN zM%?0oG?N~qi#esthetF=i*}R7R~6%6O%|@~Zk<$Co2qCoeLA0E7HI4^CSE{aX`!7P z&MTa_`b830-8Y@_q(Kiq)@|JPh1Yx&yW5o80?mwYQxR3s2)^KRVf_ar+nJrna1d1N2a;nk<` zsyG!1Qc1d++wo=ZgZTmsn*3{HAUEDplboHRZ z6rT!*?-1gnNu*Z(T?Wn7iC8L&lXDR1R_QohFstIWFcjlc_4qS*;Has3_DyQO4QLB6 zSF^5KIsB?)@#9T3*M}~lE54m^@rMEzP9_=>^od`jq$=kDwcObU30;X>xSB#om3z&$ z|AEdk-sx;xz)R|BEWa*#3!uQ-9L?Zf6;C9&_CiN_FL>yE={RF3>}=cq8=dfW{UNdQ zvk#WiHDptw!>~1a5LK*qG&2A8+srDtNB;4>GxIG6>)MeIgsquuC|>UcP1!o`3q|5(es(q zy++C~&hn0d_v*3M&S$TCm-X+2jUpB|mQ8p{G2eHGDYi8`D<@{lnz?_l@NCReN8&B7 zzLB|bqMuOATPHna1N$uYMS`tO$!%y!U_3;)?DwkZk4_EKBIT&rLM)gcH*i80Z)ELW zm)XP+^pVQxzd*KK+<&?3p&ZQ=1^Wvs^QT~V|%QGLk zY=o=WT22H_-6+XSkrw>5ieicJvb(D*-1_57Q?2dC6=`=5xkIO@drfG9R#%;w{kA

R1~6`kPyI+=;QF6aCkvcX^ietHp}yCQT9MTsvnT4~aAc z=L|87GHh7;^oM3ZQp|2{OEF{KgdOZFaBb^NrNaocvE!rHO)f-So{kShq$cRPw8USY zg~Pz<(b;a!ILo`4P*AAJsJ#rVM!8kEcp6X5D09A+Rt3~qR9rWia@>-figA0{y&#@R zC`;5j=WBdq^j`fbpPScLl_zIByM|Q{bFRs45(yvuYQwB@4;=UGV^z8|@!!p5bWe0K zdg2RZecU6<$quEX?7`;aEj`a}Q$xzr=sE?3T*yos#kfP?P1GejV$x_u$HLvR)G&j zUX|PCrm$Y*7lJMB=CI6F-whS5%~EsBfC<}+_I+Q&YhDWY=1P)XCazyeq=OJ6^b8`5 zESRaqhcYkD88u?}>2K^7r*_y#-aO17G|+9qe0V9u^tU<{^g*Ys)W(45Dr?c-CHSqi z*!I!SoVI<6$Y*>tIw|v;bPt+AOOaS-FGkH#o3GjQMU0wNZe`X}KjMZjJPhF+(UN;$ z$}8hUv9U2>cdK8z1m0(KRWzbt8x5}=OTl=~CrIS%XS!LvrAeXo=BHqa4h0{6`$ot# z1#|rNB1boS&i+k4Aq$eRx(5rR_0~^@FW_LdGje5RX?{SLWyT9plJKuy7 zr?jnGXe<@8N{DBAj2cOy9{VzAyO|L_k|e@`4cl*pM8rTi*Dllo8$wjx00pJI3|e|t zhtw%~PN~LhZR_)#9tQ2WVE&omWUlESy9A|DG5dR&m=SPh&9EJ6jy8M3FE{@dx|bRG zt|O@XQO*>D7V~;2E-D-Kg;?yAL+{PD_!!8HPS{Fq3**0NuO~)z>Ud628~-8#H$J3YXE4ll!|K0QK>3!=^5)8w3!arP?hGJs@>!A;E=UB zBHG84ZNDK=ax$xFw*qJBRw#VYZ4?kIps$xusICWnHF0;H7Ns1Ku83G*NjaJ+F&KIrU`uCW_RQ?3 zkfp*g$A5}ELmDw<8Wgh^5fvm@p9 zi&B5v|48|sT+gjBW)>I_-U!uu$p)#ODRG>uMp;LRHV^Gj_?#-unYKuD=w6A?j zW7l(lNvfidGUrseJ8NWjyIF%7TZp7``q+ZZ5-uqd)u9egn>ki9=*to6vTwW9a_g}3HDr0oeiVl0!pIf38=Ai8TM5&gW-*Dg6?vio@##5=-GofUDNRZNT z9eTdq#@>8e_+d_$C}lY=;Mv$2phSkGlB^l)5}xqc@{Fi^@CI}HaizJpvBrAQh}oP2 z8*dJBr_$K>kA{=VTF)TblI!>;7sp0K?FT;k*X>f^tce8FK(&u9&Xe-Qxnoi;6C@| z>H|%ZihN>Jx!?E>l8S09_>*2oH;4%IWDbQCq^Z|S|of%_;p^UB{68Wo4B3>0sEQOenghDqSruxJ+r;!)%M4gy=Lz- z@-MpIySYbPgn8_8{pn$x{CNTA+S4+d$o|P^>5m(JKUZL@ zvZV{^S8Wrw4U2lW19igOb{mGzy6d)iY>&qrOEu2cFAN!2IBj^y z=b=!b>0WX3q1Do!jZvPnjU=kFY;fynOk0;|vJ`vUA-fjO^UdUpxR?1i(>l0#yrff| z1hu!n^G?FOwwS@2F_ewfb;UbLsEWxg3IJQb$?@=gA8C%?9on1w0RtauZp3V^+g4ec z+55C(j)DJr8{(!P-9tei9=SyibLGa$yp(Z6ouh{2CQH%Lqr*kcqF(#x-ceoe#4}l) z5yd6EWgC$Xs7Gx-dWhB2F4%O49D{uK7~_mHWBV#P+{AfZYK@zv{IOFRP25L98!^NLHLn}dZqQ6khO)q`Q5!f3I7My2BT{L literal 0 HcmV?d00001 diff --git a/velociraptor_legacy/icon_velociraptor_legacy/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/__init__.py new file mode 100644 index 0000000000..797e426edf --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/__init__.py @@ -0,0 +1 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT diff --git a/velociraptor_legacy/icon_velociraptor_legacy/actions/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/actions/__init__.py new file mode 100644 index 0000000000..8eb64d5f65 --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/actions/__init__.py @@ -0,0 +1,3 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + +from .run.action import Run diff --git a/velociraptor_legacy/icon_velociraptor_legacy/actions/run/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/actions/run/__init__.py new file mode 100644 index 0000000000..598a34c70c --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/actions/run/__init__.py @@ -0,0 +1,2 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +from .action import Run diff --git a/velociraptor_legacy/icon_velociraptor_legacy/actions/run/action.py b/velociraptor_legacy/icon_velociraptor_legacy/actions/run/action.py new file mode 100644 index 0000000000..dcf22d453a --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/actions/run/action.py @@ -0,0 +1,92 @@ +import json +import paramiko +import base64 +import grpc +import io +import time +from pyvelociraptor import api_pb2 +from pyvelociraptor import api_pb2_grpc +import insightconnect_plugin_runtime +from .schema import RunInput, RunOutput, Input, Output, Component + +# Custom imports below + + +class Run(insightconnect_plugin_runtime.Action): + def __init__(self): + super(self.__class__, self).__init__( + name="run", + description=Component.DESCRIPTION, + input=RunInput(), + output=RunOutput(), + ) + + def run(self, params={}): + # START INPUT BINDING - DO NOT REMOVE - ANY INPUTS BELOW WILL UPDATE WITH YOUR PLUGIN SPEC AFTER REGENERATION + # END INPUT BINDING - DO NOT REMOVE + # TODO - If input bindings for connection can be done check to same if it you can do the same here + """Runs a VQL query against the Velociraptor server. + + Args: + config: A dictionary containing the configuration parameters for the Velociraptor server. + query: The VQL query to run. + + Returns: + A tuple containing the query, the response, and the query execution logs. + """ + results = {} + try: + # Fill in the SSL params from the api_client config file. You can get such a file: + # velociraptor --config server.config.yaml config api_client > api_client.conf.yaml + api_connection_string = self.connection.api_connection_string + root_certificates_decoded = self.connection.root_certificates_decoded + private_key_decoded = self.connection.private_key_decoded + certificate_chain_decoded = self.connection.certificate_chain_decoded + query = params.get(Input.COMMAND) + creds = grpc.ssl_channel_credentials( + root_certificates=root_certificates_decoded, + private_key=private_key_decoded, + certificate_chain=certificate_chain_decoded, + ) + # This option is required to connect to the grpc server by IP - we + # use self signed certs. + options = ( + ( + "grpc.ssl_target_name_override", + "VelociraptorServer", + ), + ) + # The first step is to open a gRPC channel to the server.. + with grpc.secure_channel(api_connection_string, creds, options) as channel: + stub = api_pb2_grpc.APIStub(channel) + # The request consists of one or more VQL queries. Note that you can collect artifacts by simply naming them using the + # "Artifact" plugin. + request = api_pb2.VQLCollectorArgs( + max_wait=1, + max_row=100, + Query=[ + api_pb2.VQLRequest( + Name="ICON Plugin Request", + VQL=query, + ) + ], + ) + # This will block as responses are streamed from the + # server. If the query is an event query we will run this loop + # forever. + logs_list = [] + for response in stub.Query(request): + if response.Response: + package = json.loads(response.Response) + logs_list.append(package) + + elif response.log: + # Query execution logs are sent in their own messages. + package = time.ctime(response.timestamp / 1000000), response.log + self.logger.info("Command Sent") + results["logs_list"] = logs_list[0] + return {Output.RESULTS: results} + except grpc.RpcError as e: + self.logger.info("Error: ", e) + results["logs_list"] = e + return {Output.RESULTS: results} diff --git a/velociraptor_legacy/icon_velociraptor_legacy/actions/run/schema.py b/velociraptor_legacy/icon_velociraptor_legacy/actions/run/schema.py new file mode 100644 index 0000000000..b9ea81d746 --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/actions/run/schema.py @@ -0,0 +1,82 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime +import json + + +class Component: + DESCRIPTION = "Run Velociraptor command" + + +class Input: + COMMAND = "command" + + +class Output: + RESULTS = "results" + + +class RunInput(insightconnect_plugin_runtime.Input): + schema = json.loads( + r""" + { + "type": "object", + "title": "Variables", + "properties": { + "command": { + "type": "string", + "description": "Command to execute on Velociraptor host", + "order": 1 + } + }, + "required": [ + "command" + ], + "definitions": {} +} + """ + ) + + def __init__(self): + super(self.__class__, self).__init__(self.schema) + + +class RunOutput(insightconnect_plugin_runtime.Output): + schema = json.loads( + r""" + { + "type": "object", + "title": "Variables", + "properties": { + "results": { + "$ref": "#/definitions/results", + "title": "Results", + "description": "Results", + "order": 1 + } + }, + "required": [ + "results" + ], + "definitions": { + "results": { + "type": "object", + "title": "results", + "properties": { + "logs_list": { + "type": "array", + "title": "LOGS_LIST", + "description": "Logs List", + "items": { + "type": "object" + }, + "order": 1 + } + } + } + } +} + """ + ) + + def __init__(self): + super(self.__class__, self).__init__(self.schema) diff --git a/velociraptor_legacy/icon_velociraptor_legacy/connection/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/connection/__init__.py new file mode 100644 index 0000000000..c78d3356be --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/connection/__init__.py @@ -0,0 +1,2 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +from .connection import Connection diff --git a/velociraptor_legacy/icon_velociraptor_legacy/connection/connection.py b/velociraptor_legacy/icon_velociraptor_legacy/connection/connection.py new file mode 100644 index 0000000000..993aac3d4e --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/connection/connection.py @@ -0,0 +1,115 @@ +import json +import paramiko +import base64 +import grpc +import io +import time +from pyvelociraptor import api_pb2 +from pyvelociraptor import api_pb2_grpc +import insightconnect_plugin_runtime +from .schema import ConnectionSchema, Input + +# Custom imports below + + +class Connection(insightconnect_plugin_runtime.Connection): + def __init__(self): + super(self.__class__, self).__init__(input=ConnectionSchema()) + + def connect(self, parameters): + # START INPUT BINDING - DO NOT REMOVE - ANY INPUTS BELOW WILL UPDATE WITH YOUR PLUGIN SPEC AFTER REGENERATION + # TODO: generate bound input variables for the user, to help handhold the user + # TODO: ex. self.api_key = params.get(Input.API_KEY) + # END INPUT BINDING - DO NOT REMOVE + self.logger.info("Connect: Connecting...") + """Runs a VQL query against the Velociraptor server. + + Args: + config: A dictionary containing the configuration parameters for the Velociraptor server. + query: The VQL query to run. + + Returns: + A tuple containing the query, the response, and the query execution logs. + """ + + try: + # Fill in the SSL params from the api_client config file. You can get such a file: + # velociraptor --config server.config.yaml config api_client > api_client.conf.yaml + api_connection_string = self.parameters["api_connection_string"] + root_certificates_decoded = base64.b64decode( + self.parameters["ca_certificate"]["secretKey"] + ) + private_key_decoded = base64.b64decode( + self.parameters["client_private_key"]["secretKey"] + ) + certificate_chain_decoded = base64.b64decode( + self.parameters["client_cert"]["secretKey"] + ) + query = "SELECT * FROM info()" + creds = grpc.ssl_channel_credentials( + root_certificates=root_certificates_decoded, + private_key=private_key_decoded, + certificate_chain=certificate_chain_decoded, + ) + # This option is required to connect to the grpc server by IP - we + # use self signed certs. + options = ( + ( + "grpc.ssl_target_name_override", + "VelociraptorServer", + ), + ) + # The first step is to open a gRPC channel to the server.. + with grpc.secure_channel(api_connection_string, creds, options) as channel: + stub = api_pb2_grpc.APIStub(channel) + + # The request consists of one or more VQL queries. Note that + # you can collect artifacts by simply naming them using the + # "Artifact" plugin. + request = api_pb2.VQLCollectorArgs( + max_wait=1, + max_row=100, + Query=[ + api_pb2.VQLRequest( + Name="ICON Plugin Request", + VQL=query, + ) + ], + ) + # This will block as responses are streamed from the + # server. If the query is an event query we will run this loop + # forever. + logs_list = [] + for response in stub.Query(request): + if response.Response: + package = json.loads(response.Response) + logs_list.append(package) + + elif response.log: + # Query execution logs are sent in their own messages. + package = time.ctime(response.timestamp / 1000000), response.log + self.logger.info("Connection Successful") + self.api_connection_string = self.parameters["api_connection_string"] + self.root_certificates_decoded = base64.b64decode( + self.parameters["ca_certificate"]["secretKey"] + ) + self.private_key_decoded = base64.b64decode( + self.parameters["client_private_key"]["secretKey"] + ) + self.certificate_chain_decoded = base64.b64decode( + self.parameters["client_cert"]["secretKey"] + ) + self.username = self.parameters["username"] + except grpc.RpcError as e: + self.logger.info("Error: ", e) + self.api_connection_string = self.parameters["api_connection_string"] + self.root_certificates_decoded = base64.b64decode( + self.parameters["ca_certificate"]["secretKey"] + ) + self.private_key_decoded = base64.b64decode( + self.parameters["client_private_key"]["secretKey"] + ) + self.certificate_chain_decoded = base64.b64decode( + self.parameters["client_cert"]["secretKey"] + ) + self.username = self.parameters["username"] diff --git a/velociraptor_legacy/icon_velociraptor_legacy/connection/schema.py b/velociraptor_legacy/icon_velociraptor_legacy/connection/schema.py new file mode 100644 index 0000000000..08b9696283 --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/connection/schema.py @@ -0,0 +1,79 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime +import json + + +class Input: + API_CONNECTION_STRING = "api_connection_string" + CA_CERTIFICATE = "ca_certificate" + CLIENT_CERT = "client_cert" + CLIENT_PRIVATE_KEY = "client_private_key" + USERNAME = "username" + + +class ConnectionSchema(insightconnect_plugin_runtime.Input): + schema = json.loads( + r""" + { + "type": "object", + "title": "Variables", + "properties": { + "api_connection_string": { + "type": "string", + "description": "Velociraptor API Connection Address", + "order": 2 + }, + "ca_certificate": { + "$ref": "#/definitions/credential_secret_key", + "description": "A base64 encoded CA_Certificate Key", + "order": 3 + }, + "client_cert": { + "$ref": "#/definitions/credential_secret_key", + "description": "A base64 encoded Client_Cert Key", + "order": 4 + }, + "client_private_key": { + "$ref": "#/definitions/credential_secret_key", + "description": "A base64 encoded Client_Private Key", + "order": 5 + }, + "username": { + "type": "string", + "description": "User to run command as", + "order": 1 + } + }, + "required": [ + "api_connection_string", + "ca_certificate", + "client_cert", + "client_private_key", + "username" + ], + "definitions": { + "credential_secret_key": { + "id": "credential_secret_key", + "type": "object", + "title": "Credential: Secret Key", + "description": "A shared secret key", + "required": [ + "secretKey" + ], + "properties": { + "secretKey": { + "type": "string", + "title": "Secret Key", + "description": "The shared secret key", + "format": "password", + "displayType": "password" + } + } + } + } +} + """ + ) + + def __init__(self): + super(self.__class__, self).__init__(self.schema) diff --git a/velociraptor_legacy/icon_velociraptor_legacy/tasks/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/tasks/__init__.py new file mode 100644 index 0000000000..797e426edf --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/tasks/__init__.py @@ -0,0 +1 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT diff --git a/velociraptor_legacy/icon_velociraptor_legacy/triggers/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/triggers/__init__.py new file mode 100644 index 0000000000..797e426edf --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/triggers/__init__.py @@ -0,0 +1 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT diff --git a/velociraptor_legacy/icon_velociraptor_legacy/util/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/util/__init__.py new file mode 100644 index 0000000000..797e426edf --- /dev/null +++ b/velociraptor_legacy/icon_velociraptor_legacy/util/__init__.py @@ -0,0 +1 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT diff --git a/velociraptor_legacy/plugin.spec.yaml b/velociraptor_legacy/plugin.spec.yaml new file mode 100644 index 0000000000..52bfac3fc1 --- /dev/null +++ b/velociraptor_legacy/plugin.spec.yaml @@ -0,0 +1,84 @@ +plugin_spec_version: v2 +extension: plugin +products: [insightconnect] +name: velociraptor_legacy +title: Velociraptor Legacy +description: Velociraptor is a unique, advanced open-source endpoint monitoring, digital + forensic and cyber response platform. It provides you with the ability to more effectively + respond to a wide range of digital forensic and cyber incident response investigations + and data breaches +version: 1.0.0 +version_history: ['1.0.0 - Initial plugin'] +requirements: ['Velociraptor API Conf(velociraptor --config velociraptor.config.yaml + config api_client --name rapid7 --role administrator api.config.yaml)'] +key_features: ['dfir'] +supported_versions: ['1.0.0'] +references: ['[Velociraptor Product Page](https://docs.velociraptor.app)', '[Base64 + Encode/Decode Page](https://www.base64encode.org/)'] +Links: ['#https://docs.velociraptor.app'] +vendor: jbauvinet +support: community +status: [] +enable_cache: true +resources: + vendor_url: https://docs.velociraptor.app/ + license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE +tags: +- dfir +- velociraptor +hub_tags: + use_cases: ['threat_detection_and_response'] + keywords: ['dfir'] + features: [] +sdk: + type: full + version: 5 + user: nobody +types: + results: + logs_list: + title: LOGS_LIST + description: Logs List + type: '[]object' +connection: + username: + type: string + description: User to run command as + required: true + example: rapid7 + api_connection_string: + type: string + description: Velociraptor API Connection Address + required: true + example: x.x.x.x:8001 + ca_certificate: + type: credential_secret_key + description: A base64 encoded CA_Certificate Key + required: true + example: {privateKey: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==} + client_cert: + type: credential_secret_key + description: A base64 encoded Client_Cert Key + required: true + example: {privateKey: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==} + client_private_key: + type: credential_secret_key + description: A base64 encoded Client_Private Key + required: true + example: {privateKey: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==} +actions: + run: + title: Run Velociraptor Command + description: Run Velociraptor command + input: + command: + description: Command to execute on Velociraptor host + type: string + required: true + example: SELECT * FROM host() + output: + results: + title: Results + description: Results + type: results + required: true diff --git a/velociraptor_legacy/requirements.txt b/velociraptor_legacy/requirements.txt new file mode 100644 index 0000000000..5c7104eb96 --- /dev/null +++ b/velociraptor_legacy/requirements.txt @@ -0,0 +1,7 @@ +# List third-party dependencies here, separated by newlines. +# All dependencies must be version-pinned, eg. requests==1.2.0 +# See: https://pip.pypa.io/en/stable/user_guide/#requirements-files +paramiko==3.3.1 +grpcio==1.59.2 +grpcio.tools==1.59.2 +pyvelociraptor==0.1.8 diff --git a/velociraptor_legacy/setup.py b/velociraptor_legacy/setup.py new file mode 100644 index 0000000000..615864ec53 --- /dev/null +++ b/velociraptor_legacy/setup.py @@ -0,0 +1,17 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +from setuptools import setup, find_packages + + +setup( + name="velociraptor_legacy-jbauvinet-plugin", + version="1.0.0", + description="Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform. It provides you with the ability to more effectively respond to a wide range of digital forensic and cyber incident response investigations and data breaches", + author="jbauvinet", + author_email="", + url="", + packages=find_packages(), + install_requires=[ + "insightconnect-plugin-runtime" + ], # Add third-party dependencies to requirements.txt, not here! + scripts=["bin/icon_velociraptor_legacy"], +) diff --git a/velociraptor_legacy/tests/run.json b/velociraptor_legacy/tests/run.json new file mode 100644 index 0000000000..54b666b489 --- /dev/null +++ b/velociraptor_legacy/tests/run.json @@ -0,0 +1,24 @@ +{ + "body": { + "action": "run", + "connection": { + "username": "rapid7", + "api_connection_string": "3.133.74.247:8001", + "ca_certificate": { + "secretKey": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURURENDQWpTZ0F3SUJBZ0lSQU9TVWVvOHRmTXp5czBodFFiZWhZRUV3RFFZSktvWklodmNOQVFFTEJRQXdHakVZTUJZR0ExVUVDaE1QVm1Wc2IyTnBjbUZ3ZEc5eUlFTkJNQjRYRFRJek1UQXlOekl6TVRjd01sb1hEVE16TVRBeU5ESXpNVGN3TWxvd0dqRVlNQllHQTFVRUNoTVBWbVZzYjJOcGNtRndkRzl5SUVOQk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdWFBUTNuNng1UjFxL1NWTUhOc2RXYUVLN2g1aVVFNTVKSUIwalNQYXl4UnR4NEoxb1lUbW1FcXppdDd4cGszZzlXSlhzQmlRRGJDTDRJODZrR2phYXk4aGVWbFhiNkU3MkN4blV1YzFOSVNlb0RPZmtDYmNkTXlJMENoUlNDa2lvdlpMTlhHcVRsNVREVXlkUEtVR2hJWlptd0RhR0FJbkw1K0JWTUIrTDN1Y3NRM3VFSzd6L3YvSTh6ajhRSm9XSFNYcVVTdDdpV05YWDFvcEtIY0szaG5GOGZWaHN1eCszUEpUT0ZOem5EZjhSV1VRcm92QXBheWEzckZaTU45dVpEZzRHODlWOHRqT0J5NnRjcitTY0pVL2Zvc2JLbU5BV3JtdFVzeGhqOW80Q2o4a1NSQ0R1amxRYnBIU2lHbGdkQ0U3MzBQZUdHYXVNbHZ6dUZJYkZ3SURBUUFCbzRHTU1JR0pNQTRHQTFVZER3RUIvd1FFQXdJQ3BEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVbWRuTmd1ZnZDOGlubmJlUmNtSlBzSHpsRWpRd0tBWURWUjBSQkNFd0g0SWRWbVZzYjJOcGNtRndkRzl5WDJOaExuWmxiRzlqYVdSbGVDNWpiMjB3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUNRNEprTC9OMmo2YTJWdkwxN09OZnJ3VjlWYWZHVDRoT1Bra1Noc3hONXZwN2xLOUQ0OVJoRVFWMDIyMEJ6Rno2TGR4Z010QzFCZWRINWpUdjFsaU1QdHhhWSt0eHlCMlRPYll3dXBJOUFjZ0hZdmoydk5ZMHYzaGdheENGWWJkK2RQSHgvckRSVDJRTlpmUUpkOWlaZTM2YmFEUEwyTGl6U3NNQ3MvNWZTV05CU2VKQlhLMWVvYTVxSU5nUFB6MlFBbDIrRHQ2VHJJeFFRdWxOVjVqcFBoS3JlTFJQa0lsL0pnbVpMdUllYXhQM2Z6Z0tnMXpINWk4U2ZjMEJOSHY4anRhWEdDa3VRNGc4RkprM1FXcko1TmorZkRhc3dpMWx2bVJWaHh0Njl1WDZ5SkFyL0x4NTk4REsxaHI0TUtPa0kxbWNXZDdFT2Z5NDFMaElGSW16UT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + }, + "client_cert": { + "secretKey": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRRENDQWlpZ0F3SUJBZ0lSQVBaTEU0UFpkNzRmaGVKakNOYnIrQVF3RFFZSktvWklodmNOQVFFTEJRQXdHakVZTUJZR0ExVUVDaE1QVm1Wc2IyTnBjbUZ3ZEc5eUlFTkJNQjRYRFRJek1URXdNakl4TXpjd01Gb1hEVEkwTVRFd01USXhNemN3TUZvd0tERVZNQk1HQTFVRUNoTU1WbVZzYjJOcGNtRndkRzl5TVE4d0RRWURWUVFERXdaeVlYQnBaRGN3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3poOWViaXRGWlRSREpFdHI1bEdmVFJySklxelVGbHF1dmROdnBXWGczVzBKZXcxZE5OOXBFSW4wRE1HZVlEbC9UZUZVYkRpdlNIMUM0QjNINHBpNy9zSXNZTFhSdGw3ZlVLWEFpMmhRczRVMi80NXRieG9oRHhOYzJudFpXaUtTaFprS3BJZEN6UEQ2LzVjbGVyaXhZZFhXNldwZTMxYW5TQWRPRUVzekt4QU4vZGJiTExNQTlIWllYT0N3Rk5kNEJ2c21HbVIvWXROTUE3d3JFMUkyS0lYQVBzWGlKbW5yS0g3WVhWSEtpb0svbDlFNExVVElKY2xodVpjNWhwdDdXK3FITnRhRllwN0ZFVnJpc01ZaVdGeVA0cHdGSHMybi9lbWE2OUxFZWNIV1BiOUN6ZUVwYm53YlJxcDVsSGoxb2t4ekl4SjhvUm5jRXhUU1RQdGdEQWdNQkFBR2pjekJ4TUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTWjJjMkM1KzhMeUtlZHQ1RnlZayt3Zk9VU05EQVJCZ05WSFJFRUNqQUlnZ1p5WVhCcFpEY3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRWNaczd2TmNyOFB4NDlTZkVJM1kwSWlYTEo3Q0Q0MU0yWEZZZ2dzOFZORU1BZFNsNVB6YzZoaHB1WEw0LzZoWFE5QW1YWVBtM3ozbWg0cFNRYkxGa2JoREk1TEIxWHRsV3V2ZXdQSzRXd2ZCZkhocTFqZ1FJR3VCZUJZc3JxcW1xbVNxaENCa3NzbHNDUmRmWXdiVzc4RUR1QW5PMExYYVdhUmdoaE85eFl5dE5vNmdxdm5VSHNJbWRPVC9lLzBZSnJzZ2hrUSt3SDRLSC9uazgzUkpkeHBqWTIwZWlZeDBtdWRTM0REU2VQMXRWMERBVEM5TTh4R05IVEpUekxwbDZzaUJpK2RwaEw3TmlSU0xBV2FWMitFMzZKTUZuQ09xM1lGVlY0VkN0TmNYMVNiWkp5c3lpY2JHOGR5VDFibm5qRFNuT0cxUmVGYWdHd1V0YlhwWWdRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" + }, + "client_private_key": { + "secretKey": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBczRmWG00clJXVTBReVJMYStaUm4wMGF5U0tzMUJaYXJyM1RiNlZsNE4xdENYc05YVFRmYVJDSjlBekJubUE1ZjAzaFZHdzRyMGg5UXVBZHgrS1l1LzdDTEdDMTBiWmUzMUNsd0l0b1VMT0ZOditPYlc4YUlROFRYTnA3V1ZvaWtvV1pDcVNIUXN6dyt2K1hKWHE0c1dIVjF1bHFYdDlXcDBnSFRoQkxNeXNRRGYzVzJ5eXpBUFIyV0Z6Z3NCVFhlQWI3Smhwa2YyTFRUQU84S3hOU05paUZ3RDdGNGlacDZ5aCsyRjFSeW9xQ3Y1ZlJPQzFFeUNYSllibVhPWWFiZTF2cWh6YldoV0tleFJGYTRyREdJbGhjaitLY0JSN05wLzNwbXV2U3hIbkIxajIvUXMzaEtXNThHMGFxZVpSNDlhSk1jeU1TZktFWjNCTVUwa3o3WUF3SURBUUFCQW9JQkFGZ1VTR0tHVzZsZFZ1UGZmVkUvVHlUbnBXWmpvTkxLRmhjeDFRYUtINkhCQXpIczBuTU8rT1crcWVpYm9lZUcvZHFKU2UvSkp4U2l5bjVQSU1wbDlkNzZKWFBLTVRubldvZ2JnR21JNXFjU0xvdjdSZWhqNGN5bDBSUjZIeHc3VTlIZmtzclp6VU55UmpMdHNMcmo1dHZMWE9QOXVEdTM5dVlTZ1V4bDBOV1ZQTStHRUlsWWxVMVp3L3RDMm1PemJ1L2NBQ1lLaGMzSTdFbzJoZGwvVEtiM0h1RUh2N29SeGtPbk80Y296Q0J1T2hrWS9wU0ptZzJPY1BnMTU2UVZPQnA0bTRuNXlTbkU0eFhYYUhhc2J2dllZY3dLSS9sQ1NaamxwQ2ovcDF4SXNpOWlVc1JmbXhHTlBaWUY3Znh5UVRRRUR2RGx6UTNzcmMySTdFaW43OEVDZ1lFQXo3emFIaWpMK1ZlVHNMYkNRbXlLUkpXeEVEYitQM0tqZWIzUTQ3MURlYnNkSlNpYTdjVjYzQTZ1NVlnWTJsRUdCRFZ2YWZkSzBpV0p6WGYxR0dyRTNzeENzcm9IK2x4bmw3Q2o1NzJnVWdEc1FuQnF1ZjRSbjdGN3E0QzVaeHBwc2FhTXhBQ24yamkzRjM3b05hK0hVellWK1l6NW1IbVVkRno5S2xGeFNXTUNnWUVBM1QxaHZJUDBYTE52QlpjdkxHcWNxRnM0K3lIRlVKeVo2VUNzeWp1ckhKaTEwaTdEcXhHeFVCS20xOGtyVDRGTkloYTkybWgvNG9kRWNYYWUwOVp3WmRoNUdTYXFPa0MyOHVacFBNeXNrcmxSMlhxelgza0pCcHRiOXhKOHM1VmUvTnBTQzdLY3VNV1U3RE01M3FtUXFOZnhrc0cyL29nVkJPZ3I5cmpJeU9FQ2dZQnloSWs1VndRYTBFeDZma1ZZbUwwZ1VlVHFLMmE5VTFVTEo3aWYweFgvWlVjTDFQYVRYT245cFpxRXJpSUZOK1U1TEx2ZWpwU1FoR0VUQTYzNVorSmZiL3JVeS9qWjYxYXdLSkF5a0Rady9sRS96dmtHenlpb0FBOU0zQWxZN1JhVytGbGhNM3RVc1M4OXBKZ2VBRVY1ZWJkamVuT2R1bWc4UFliU2JWTW1RUUtCZ1FDTEZoakl2Q2cyMHpON3owVC81bkpnUVNFOGVFbWsyUjdGamp4UzAxcEtteExMZFV6YjBqNm51V0ljak1MbXM4STdLUkxvS1FRazlLY3BzY28rSVRUK1FpNDNpcUJBQ1FrN0FYR3RvSHJwcndudThIMnVDdGlLeDhiME9ESWZjRXVNS1BDbG0vOTlCZklPNEZHRVV4TzNvaktqOFpiS3crQjYrajhSVjdBYTRRS0JnUUNpWHhPZDUwaElNVUt1dmlDK3Zkd284aFNackxaeU13aW5FTU1xOE5pM2FCNlBYOGo0OVVNYTd1OFBjMWFUZmFzQ0tSSGdmVjg2dm13ai9wamlsT2tpbStJbHo3cTVOaE42NzA4ekNqUmRZeEk4YktTYTAwd3N0UmhnbDZ4bkp5UzBCcUx0SnlVVlFhdTFwR00yZEFDVGZ3c2pqQmRJcW5BZCtLVmMxLytod2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" + } + }, + "input": { + "command": "SELECT * FROM clients()" + }, + "meta": {} + }, + "type": "action_start", + "version": "v1" +} diff --git a/velociraptor_legacy/unit_test/__init__.py b/velociraptor_legacy/unit_test/__init__.py new file mode 100644 index 0000000000..797e426edf --- /dev/null +++ b/velociraptor_legacy/unit_test/__init__.py @@ -0,0 +1 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT diff --git a/velociraptor_legacy/unit_test/test_run.py b/velociraptor_legacy/unit_test/test_run.py new file mode 100644 index 0000000000..1a9a7be445 --- /dev/null +++ b/velociraptor_legacy/unit_test/test_run.py @@ -0,0 +1,21 @@ +import sys +import os + +sys.path.append(os.path.abspath("../")) + +from unittest import TestCase +from icon_velociraptor_legacy.connection.connection import Connection +from icon_velociraptor_legacy.actions.run import Run +import json +import logging + + +class TestRun(TestCase): + def test_run(self): + """ + DO NOT USE PRODUCTION/SENSITIVE DATA FOR UNIT TESTS + + TODO: Implement test cases here + """ + + self.fail("Unimplemented Test Case")