Module: Legion::Extensions::Velociraptor::Runners::Hunts

Includes:

Helpers::Lex, Helpers::Cli, Collections

Included in:

Client

Defined in:

lib/legion/extensions/velociraptor/runners/hunts.rb

Constant Summary

Constants included from Helpers::Cli

Helpers::Cli::ARTIFACT_PATTERN, Helpers::Cli::ENV_KEY_PATTERN, Helpers::Cli::ID_PATTERN

Instance Method Summary

• #hunt_results(hunt_id:, artifact:) ⇒ Object
• #launch_hunt(artifacts:, description: nil, env: {}) ⇒ Object
• #list_hunts ⇒ Object

Methods included from Collections

#cancel_flow, #collect_artifact, #collect_artifact_and_wait, #flow_results

Methods included from Query

#query, #search_clients, #server_info

Methods included from Helpers::Cli

#dict_from_env_keys, #normalize_env, #parse_output, #run_command, #run_vql, #validate_artifact!, #validate_id!, #velociraptor_query_command, #vql_list, #vql_string

Instance Method Details

#hunt_results(hunt_id:, artifact:) ⇒ Object

# File 'lib/legion/extensions/velociraptor/runners/hunts.rb', line 19

def hunt_results(hunt_id:, artifact:, **)
  hunt = validate_id!(hunt_id, 'hunt_id')
  source_artifact = validate_artifact!(artifact)
  vql = "SELECT * FROM source(hunt_id=#{vql_string(hunt)}, artifact=#{vql_string(source_artifact)})"
  query(vql: vql, **)
end

#launch_hunt(artifacts:, description: nil, env: {}) ⇒ Object

# File 'lib/legion/extensions/velociraptor/runners/hunts.rb', line 12

def launch_hunt(artifacts:, description: nil, env: {}, **)
  artifact_expr = artifacts_expr(artifacts)
  description_arg = description ? ", description=#{vql_string(description)}" : ''
  vql = "SELECT hunt(artifacts=#{artifact_expr}, env=#{dict_from_env_keys(env)}#{description_arg}) AS hunt FROM scope()"
  query(vql: vql, env: env, **)
end

#list_hunts ⇒ Object

# File 'lib/legion/extensions/velociraptor/runners/hunts.rb', line 26

def list_hunts(**)
  query(vql: 'SELECT * FROM hunts()', **)
end