Making artifacts available for Offline Collection
18 views
Skip to first unread message
Amy Whyte
May 15, 2024, 8:39:01 AMMay 15
to velocirapt...@googlegroups.com
Hello,
I am a bit of a newb when it comes to velocitaptor.
I am trying out the offline collector option and noticing that a lot of the artifacts listed in "View artifacts" are only available for systems connected to VC but are not an option to include in an offline collector.
Is there a reason for this or a way to know when something wont be included or possibly a way to flag it so it is available offline?
Mike Cohen
May 15, 2024, 8:43:38 AMMay 15
to Amy Whyte, velocirapt...@googlegroups.com
Velociraptor just collects artifacts - the offline collector is a way to collect those without a server. The same artifacts can also be collected interactively or with hunts.
The View Artifacts screen shows all artifacts but they have types - for example client artifacts are designed for collection on the client (with or without the offline collector). Server are for the server etc.
You can include any client artifact to collect in the offline collector GUI - the server and monitoring artifacts dont really make sense so they are not offered in theGUI. You can also add custom artifacts with "client" type into the offline collector
see this for more information https://docs.velociraptor.app/docs/offline_triage/#offline-collections
Thanks
Mike
--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/V4zAegZithZ0CqdJ11-kz-abatkkrHgNKiSGUAXLeGRFKxIzGao1XhnjbViUIbv8gRxiM-VBTcZPnY18aI-ddiK57LP7mh_i63egfQfOnG0%3D%40protonmail.com.
Amy Whyte
May 15, 2024, 9:28:20 AMMay 15
to Mike Cohen, velocirapt...@googlegroups.com
Thank you Mike. I think it was something else going on as artifacts I would expect to be available offline like get shell info (Linux.Sys.BashShell) were not there either.
Restarting the docker container and everything is back again.
Mental note, try turning it off and on again, first ;-)
Thank you for clarification of Client v Server when it comes to offline
Reply all
Reply to author
Forward
0 new messages