velociraptor_api 0.1.0

API client for Velociraptor (https://github.com/Velocidex/velociraptor)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

syntax = "proto3";

import "google/protobuf/empty.proto";

// This is just enough protobuf to be able to talk with the Server's
// API Query() endpoint.

package proto;

message VQLRequest {
    string Name = 2;
    string VQL = 1;
}

message VQLEnv {
    string key = 1;
    string value = 2;
}

message VQLCollectorArgs {
    repeated VQLEnv env = 3;
    repeated VQLRequest Query = 2;
    uint64 max_row = 4;
    uint64 max_wait = 6;
    float ops_per_second = 24;
    string org_id = 35;
}

message VQLTypeMap {
    string column = 1;
    string type = 2;
}

message VQLResponse {
    string Response = 1;
    repeated string Columns = 2;
    repeated VQLTypeMap types = 8;
    uint64 query_id = 5;
    uint64 part = 6;
    VQLRequest Query = 3;
    uint64 timestamp = 4;
    uint64 total_rows = 7;
    string log = 9;
}

message VFSFileBuffer {
    string client_id = 1;

    uint64 offset = 3;
    uint32 length = 4;
    bytes data = 5;
    repeated string components = 6;
}

service API {
   rpc Query(VQLCollectorArgs) returns (stream VQLResponse) {}
   rpc VFSGetBuffer(VFSFileBuffer) returns (VFSFileBuffer) {}
   rpc WriteEvent(VQLResponse) returns (google.protobuf.Empty) {}
}