def main():
parser = argparse.ArgumentParser(
description="Sample Velociraptor fetch client.",
epilog='Example: fetch.py --config api_client.yaml /downloads/C.b9bdf1fba596d686/F.BQK1O12VLHH04/F.BQK1O12VLHH04.zip')
parser.add_argument('--config', type=str,
help='Path to the api_client config. You can generate such '
'a file with "velociraptor config api_client"')
parser.add_argument('vfs_path', type=str, help='The path to get.')
args = parser.parse_args()
config = pyvelociraptor.LoadConfigFile(args.config)
run(config, args.vfs_path)
def main():
parser = argparse.ArgumentParser(
description="Sample Velociraptor query client.",
epilog='Example: client_example.py api_client.yaml '
'" SELECT * from Artifact.Generic.Client.Stats() "')
parser.add_argument(
'--config',
type=str,
help='Path to the api_client config. You can generate such '
'a file with "velociraptor config api_client"')
parser.add_argument('query', type=str, help='The query to run.')
args = parser.parse_args()
config = pyvelociraptor.LoadConfigFile(args.config)
run(config, args.query)
def DataFrameQuery(query, timeout=600, config=None, **kw):
if config is None:
config = pyvelociraptor.LoadConfigFile()
creds = grpc.ssl_channel_credentials(
root_certificates=config["ca_certificate"].encode("utf8"),
private_key=config["client_private_key"].encode("utf8"),
certificate_chain=config["client_cert"].encode("utf8"))
# This option is required to connect to the grpc server by IP - we
# use self signed certs.
options = ((
'grpc.ssl_target_name_override',
"VelociraptorServer",
), )
# The first step is to open a gRPC channel to the server..
with grpc.secure_channel(config["api_connection_string"], creds,
options) as channel:
stub = api_pb2_grpc.APIStub(channel)
# The request consists of one or more VQL queries. Note that
# you can collect server artifacts by simply naming them using the
# "Artifact" plugin (i.e. `SELECT * FROM Artifact.Server.Hunts.List()` )
request = api_pb2.VQLCollectorArgs(
max_wait=1,
env=[api_pb2.VQLEnv(key=k, value=v) for k, v in kw.items()],
Query=[api_pb2.VQLRequest(
Name="Query",
VQL=query,
)])
result = {}
for response in stub.Query(request):
if not response.Response:
continue
for row in json.loads(response.Response):
for c in response.Columns:
result.setdefault(c, []).append(row.get(c))
return result
def main():
parser = argparse.ArgumentParser(
description="Sample Velociraptor query client.",
epilog='Example: client_example.py --config api_client.yaml '
'"SELECT *, Foo from info()" --env Foo=Bar')
parser.add_argument('--config', type=str,
help='Path to the api_client config. You can generate such '
'a file with "velociraptor config api_client"')
parser.add_argument("--env", dest="env",
nargs='+',
default={},
required=False,
action=kwargs_append_action,
metavar="KEY=VALUE",
help="Add query environment values in the form of Key=Value.")
parser.add_argument('query', type=str, help='The query to run.')
args = parser.parse_args()
config = pyvelociraptor.LoadConfigFile(args.config)
run(config, args.query, args.env)