Skip to content

Skip nested objects of Velociraptor records #1480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Schamper merged 8 commits into from
Jan 21, 2026
Merged

Skip nested objects of Velociraptor records #1480

Schamper merged 8 commits into from
Jan 21, 2026

Conversation

@respondersGY
Copy link
Contributor

@respondersGY respondersGY commented Jan 5, 2026

The objects contain additional metadata that is not necessary to output as records. In addition, some of the dynamic (nested) objects result in conflicts with other plugins, which can't be determined beforehand depending on which artefacts are collected.

@Schamper
Copy link
Member

Schamper commented Jan 6, 2026

I don't use Velociraptor so I can't measure the impact of this. Is there a lot of valuable metadata lost now? What's the recommended workflow to process that? Maybe make a note at least in the docstring.

@respondersGY respondersGY changed the title Remove (nested) objects of Velociraptor records Skip (nested) objects of Velociraptor records Jan 7, 2026
@respondersGY
Copy link
Contributor Author

respondersGY commented Jan 7, 2026

From my experience the additional metadata does not contain useful data for most cases. For these edge cases the argument --extract has been added.

The workflow depends on the search platform that is used. I use Elasticsearch therefore I don't want to deal with nested dynamic objects.

@respondersGY
Copy link
Contributor Author

respondersGY commented Jan 15, 2026

@Schamper can you review the PR?

@Schamper
Copy link
Member

Schamper commented Jan 16, 2026

@Schamper can you review the PR?

If you ask nicely.

Schamper
Schamper requested changes Jan 16, 2026
View reviewed changes
@respondersGY respondersGY requested a review from Schamper January 21, 2026 20:11
@respondersGY
Copy link
Contributor Author

respondersGY commented Jan 21, 2026

@Schamper Can you please review the changes?

@respondersGY respondersGY changed the title Skip (nested) objects of Velociraptor records Skip nested objects of Velociraptor records Jan 21, 2026
@codecov
Copy link

codecov bot commented Jan 21, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.74%. Comparing base (a266fc5) to head (ab3076c).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1480      +/-   ##
==========================================
- Coverage   80.75%   80.74%   -0.02%     
==========================================
  Files         394      394              
  Lines       34644    34648       +4     
==========================================
- Hits        27977    27976       -1     
- Misses       6667     6672       +5
Flag Coverage Δ
unittests 80.74% <100.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@codspeed-hq
Copy link

codspeed-hq bot commented Jan 21, 2026

CodSpeed Performance Report

Merging this PR will not alter performance

Comparing respondersGY:fix/dissect_velo_plugin (ab3076c) with main (a266fc5)

Summary

✅ 11 untouched benchmarks

@Schamper Schamper merged commit b504da7 into fox-it:main Jan 21, 2026
18 of 22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Schamper Schamper Schamper approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@respondersGY @Schamper