Passing arguments using pyvelociraptor API.

[Doraemon Nobi]

Hi Velociraptor Team !

Hope you guys are doing great. I have tried to create a program in python that uses "run_artifact()" function of wrapper.py file of the pyvelociraptor package. 

My main purpose is to be able to quarantine and un-quarantine an asset via an external program. But the problem is I am able to easily quarantine the asset but not un-quarantine. 

So I discovered that in order to do that, I'd have to pass an argument as well. So I passed the function like this : 

df=wrappers.run_artifact("<Hostname>","Windows.Remediation.Quarantine",artifact_parameters={"RemovePolicy":"Y"})

 But still, the endpoint does not un-quarantine.  Please help me with this. Also where can I pass OrgID in this one ?

Regards.

[Mike Cohen]

It looks like you are using the wrappers.py from here https://github.com/Velocidex/pyvelociraptor/blob/master/pyvelociraptor/wrappers.py

These are just convenience functions for use in pandas and are not really used much. The real sample is here

https://github.com/Velocidex/pyvelociraptor/blob/master/pyvelociraptor/client_example.py

You can see the org id is passed there.

To start collections from the API see this doc https://docs.velociraptor.app/docs/server_automation/server_api/#schedule-an-artifact-collection

and the docs for collect_client() https://docs.velociraptor.app/vql_reference/server/collect_client/

Thanks

Mike

Mike Cohen  Digital Paleontologist,  Velocidex Enterprises E mi...@velocidex.com

--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/380d9824-fe3b-4aac-9744-8d5ab23ce2e7n%40googlegroups.com.