This artifact will automatically import the latest artifact exchange bundle into the current server.
The artifact exchange is not officially supported by the Velociraptor team and contains contributions from the community. The quality, security and stability of artifacts from the exchange is not guaranteed. Some artifacts from the exchange will fetch external binaries and run them on your endpoints! These binaries are not reviewed or endorsed by the Velociraptor team or Rapid7!
Contributions to the exchange must meet a lower quality bar than built in artifacts (for example lacking tests), which means that they may break at any time or not work as described!
Collecting any of the artifacts in the exchange is purely at your own risk!.
We strongly suggest users review exchange artifacts carefully before deploying them on their network!
name: Server.Import.ArtifactExchange
description: |
This artifact will automatically import the latest artifact
exchange bundle into the current server.
## Security note
The artifact exchange is not officially supported by the
Velociraptor team and contains contributions from the
community. The quality, security and stability of artifacts from
the exchange is not guaranteed. Some artifacts from the exchange
will fetch external binaries and run them on your endpoints! These
binaries are not reviewed or endorsed by the Velociraptor team or
Rapid7!
Contributions to the exchange must meet a lower quality bar than
built in artifacts (for example lacking tests), which means that
they may break at any time or not work as described!
Collecting any of the artifacts in the exchange is purely at your
own risk!.
We strongly suggest users review exchange artifacts carefully
before deploying them on their network!
type: SERVER
required_permissions:
- SERVER_ADMIN
parameters:
- name: ExchangeURL
default: https://github.com/Velocidex/velociraptor-docs/raw/gh-pages/exchange/artifact_exchange_v2.zip
- name: Prefix
description: Add artifacts with this prefix
default: Exchange.
- name: ArchiveGlob
default: "/**/*.{yaml,yml}"
sources:
- query: |
LET X = SELECT artifact_set(prefix=Prefix, definition=Definition) AS Definition
FROM foreach(row={
SELECT Content FROM http_client(
remove_last=TRUE,
tempfile_extension=".zip", url=ExchangeURL)
}, query={
SELECT read_file(accessor="zip", filename=OSPath) AS Definition
FROM glob(
globs=ArchiveGlob,
root=pathspec(
DelegateAccessor="auto",
DelegatePath=Content),
accessor="zip")
})
SELECT Definition.name AS Name,
Definition.description AS Description,
Definition.author AS Author
FROM X