Module: Legion::Extensions::Velociraptor::Runners::Query
Constant Summary
Helpers::Cli::ARTIFACT_PATTERN, Helpers::Cli::ENV_KEY_PATTERN, Helpers::Cli::ID_PATTERN
Instance Method Summary
collapse
#dict_from_env_keys, #normalize_env, #parse_output, #run_command, #run_vql, #validate_artifact!, #validate_id!, #velociraptor_query_command, #vql_list, #vql_string
Instance Method Details
#query(vql:, env: {}, format: :jsonl) ⇒ Object
11
12
13
14
|
# File 'lib/legion/extensions/velociraptor/runners/query.rb', line 11
def query(vql:, env: {}, format: :jsonl, **)
result = run_vql(vql: vql, env: env, format: format, **)
{ rows: result[:rows], stderr: result[:stderr] }
end
|
#search_clients(query: nil) ⇒ Object
20
21
22
23
24
25
26
27
28
29
|
# File 'lib/legion/extensions/velociraptor/runners/query.rb', line 20
def search_clients(query: nil, **)
env = {}
vql = 'SELECT * FROM clients()'
if query
env[:ClientQuery] = query
vql = 'SELECT * FROM clients(search=ClientQuery)'
end
query(vql: vql, env: env, **)
end
|
#server_info ⇒ Object
16
17
18
|
# File 'lib/legion/extensions/velociraptor/runners/query.rb', line 16
def server_info(**)
query(vql: 'SELECT * FROM info()', **)
end
|