-
-
+ </div> + </li> + </ul> + </div> + </nav> + + <main role="main" class="container"> + <div class="row section top-section"> + <div class="col"> {{ $data := Query "SELECT timestamp(epoch=now()).UTC.String AS Time, OS, Fqdn FROM info()" | Expand }} {{ Get $hostinfo "0.Fqdn" }} Artifact Collection -
-
{{- Get $data "0" -}}
-
+ </div> + <div class="col">{{- Get $data "0" -}}</div> + </div> {{ range .parts }} -
- - + <div class=""> + <a class="anchor" name="{{- .Artifact.Name -}}"></a> + <!-- If the artifact has its own report, just include it as is --> {{ if .HTML }} {{ .HTML }} {{ else }} - -

{{ .Artifact.Name }} -
{{ .Artifact.Author }} -
-

+ <!-- Default report in case the artifact does not have one --> + <h1>{{ .Artifact.Name }} + <div class="btn btn-primary-outline float-right">{{ .Artifact.Author }} + </div> + </h1> {{ $name := .Artifact.Name }} @@ -300,12 +300,12 @@ reports: {{ Markdown .Artifact.Description }} {{ if .Artifact.Reference }} -

References

-
    + <h3>References</h3> + <ul> {{ range .Artifact.Reference }} -
  • {{ . }}
    • + <li><a href="{{ . }}">{{ . }}</a></li> {{ end }} -
+ </ul> {{ end }} {{ template "hidden_paragraph_end" }} @@ -313,20 +313,20 @@ reports: {{ $source := print "source(\n source='" .Name "', artifact='" $name "')" }} {{ $query := print "SELECT * FROM " $source " \nLIMIT 100" }} - + <!-- There could be a huge number of rows just to get the count, so we cap at 10000 --> {{ $count := Get ( Query (print "LET X = SELECT * FROM " $source \ " LIMIT 10000 SELECT 1 AS ALL, count() AS Count FROM X Group BY ALL") | Expand ) \ "0.Count" }} {{ if $count }} {{ if .Name }} -

Source {{ $name }}/{{ .Name }}

+ <h3>Source {{ $name }}/{{ .Name }}</h3> {{ Markdown .Description }} {{ end }} - + <!-- Show the artifact source if required. --> {{ template "hidden_paragraph_start" dict "description" "Source" }} -
+ <div class="row card card-body noprint"> {{ if .Query }} {{ Markdown ( print "```vql\n" .Query "```\n") }} {{ else }} @@ -334,53 +334,53 @@ reports: {{ Markdown ( print "```vql\n" . "```\n") }} {{ end }} {{ end }} -
+ </div> {{ template "hidden_paragraph_end" }} - + <!-- If this is a flow show the parameters. --> {{ $flow := Query "LET X = SELECT Request.Parameters.env AS Env FROM flows(client_id=ClientId, flow_id=FlowId)" \ "SELECT * FROM foreach(row=X[0].Env, query={ SELECT Key, Value FROM scope()})" | Expand }} {{ if $flow }} {{ template "hidden_paragraph_start" dict "description" "Parameters" }} -
-

Parameters

+ <div class="row card card-body noprint"> + <h3> Parameters </h3> - - + <table class="table"><thead><th>Key</th><th>Value</th></thead> + <tbody> {{ range $flow }} - + <tr><td>{{ Get . "Key" }}</td><td>{{ Get . "Value" }}</td></tr> {{ end }} - -
KeyValue
{{ Get . "Key" }}{{ Get . "Value" }}
-
+ </tbody> + </table> + </div> {{ template "hidden_paragraph_end" }} {{ end }} {{ if gt $count 9999 }} -

The source produced more than {{ $count }} rows.

+ <p>The source produced more than {{ $count }} rows.</p> {{ else }} -

The source retrieved a total of {{ $count }} rows.

+ <p>The source retrieved a total of {{ $count }} rows.</p> {{ end }} {{ template "fold_start" }} -
-

Below you will find a table of the first 100 rows, obtained by the VQL query: -

+ <div class="noprint"> + <p> Below you will find a table of the first 100 rows, obtained by the VQL query: + </p> {{ Markdown (print "```vql\n" $query "\n```\n" ) }} -
+ </div> {{ Query $query | Table }} {{ template "fold_end" }} {{ else }} -

No rows returned

+ <p>No rows returned</p> {{ end }} {{ end }} {{ end }} -
+ </div> {{ end }} -