Avoid markdown getting confused in code blocks by using plain html (V…

…elocidex#667)

content/artifact_references/pages/admin.client.remove.md

@@ -10,7 +10,7 @@ while.  All data for these clients will be removed.
 The artifact enumerates all the files that are removed.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Admin.Client.Remove
 description: |
   This artifact will remove clients that have not checked in for a
@@ -40,4 +40,5 @@ sources:
              client_id=client_id, really_do_it=ReallyDoIt)
       })
 
-```
+</code></pre>
+

content/artifact_references/pages/admin.client.uninstall.md

@@ -17,7 +17,7 @@ NOTE: Be careful with the DisplayNameRegex to ensure you do not
 uninstall another package accidentally.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Admin.Client.Uninstall
 description: |
   Uninstall Velociraptor from the endpoint.
@@ -106,4 +106,5 @@ sources:
         SELECT * FROM execve(argv=[me[0].Exe, "service", "remove"])
       })
 
-```
+</code></pre>
+

content/artifact_references/pages/admin.client.upgrade.md

@@ -15,7 +15,7 @@ client, you can install any other MSI as well by customizing this
 artifact or uploading a different msi file.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Admin.Client.Upgrade
 description: |
   Remotely push new client updates.
@@ -48,7 +48,7 @@ sources:
       // Force the file to be copied to the real temp directory since
       // we are just about to remove the Tools directory.
       LET bin <= SELECT copy(filename=OSPath,
-          dest=expand(path="%SYSTEMROOT%\\Temp\\") + OSPath.Basename) AS Dest
+          dest=expand(path="%SYSTEMROOT%\\Temp\\") + basename(path=OSPath)) AS Dest
       FROM Artifact.Generic.Utils.FetchBinary(
          ToolName="WindowsMSI", IsExecutable=FALSE,
          SleepDuration=SleepDuration)
@@ -62,4 +62,5 @@ sources:
               length=10000000)
       })
 
-```
+</code></pre>
+

content/artifact_references/pages/admin.events.postprocessuploads.md

@@ -16,7 +16,7 @@ files - we will just relay our stdout/stderr to the artifact's
 result set.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Admin.Events.PostProcessUploads
 description: |
   Sometimes we would like to post process uploads collected as part of
@@ -64,4 +64,5 @@ sources:
              FROM execve(argv=Argv)
           })
 
-```
+</code></pre>
+

content/artifact_references/pages/demo.plugins.fifo.md

@@ -53,7 +53,7 @@ Of course in the real artifact we would want to include more
 information than just times (i.e. who logged on to where etc).
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Demo.Plugins.Fifo
 description: |
   This is a demo of the fifo() plugin. The Fifo plugin collects and
@@ -137,4 +137,5 @@ sources:
            FROM last_5_events GROUP BY SuccessTime
           }) WHERE Count > 3
 
-```
+</code></pre>
+

content/artifact_references/pages/demo.plugins.gui.md

@@ -9,7 +9,7 @@ A demo plugin showing some GUI features.
 This plugin is also used for tests.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Demo.Plugins.GUI
 description: |
   A demo plugin showing some GUI features.
@@ -357,4 +357,5 @@ sources:
                         name="test.txt") AS Upload
           FROM source()
 
-```
+</code></pre>
+

content/artifact_references/pages/elastic.events.upload.md

@@ -13,7 +13,7 @@ clients by adding them to the "Client Events" GUI, or for server
 artifacts, the "Server Events" GUI.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Elastic.Events.Upload
 aliases:
 - Elastic.Events.Clients
@@ -98,4 +98,5 @@ sources:
           disable_ssl_security=DisableSSLSecurity,
           type="ClientEvents")
 
-```
+</code></pre>
+

content/artifact_references/pages/elastic.flows.upload.md

@@ -13,7 +13,7 @@ to adjust the index size/lifetime according to the artifact it is
 holding.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Elastic.Flows.Upload
 description: |
   This server side event monitoring artifact waits for new artifacts
@@ -90,4 +90,5 @@ sources:
             disable_ssl_security=DisableSSLSecurity,
             type="artifact")
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.applications.chrome.sessionstorage.md

@@ -12,7 +12,7 @@ has maintains a mapping between keys and values. The data is stored
 per website and can vary.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Applications.Chrome.SessionStorage
 description: |
   Session storage allows a web site to store permanent data in the
@@ -84,4 +84,5 @@ sources:
        FROM DumpSessionStorate(Data=Data)
     })
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.applications.office.keywords.md

@@ -27,7 +27,7 @@ https://en.wikipedia.org/wiki/List_of_Microsoft_Office_filename_extensions
 https://wiki.openoffice.org/wiki/Documentation/OOo3_User_Guides/Getting_Started/File_formats
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Applications.Office.Keywords
 description: |
   Microsoft Office documents among other document format (such as
@@ -104,4 +104,5 @@ sources:
                  accessor='zip')
         })
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.client.diskspace.md

@@ -11,7 +11,7 @@ to work equally on all architectures:
   2. On Windows we use WMI
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Client.DiskSpace
 description: |
   This artifact reports the amount of free disk space. It is designed
@@ -48,4 +48,5 @@ sources:
     then={ SELECT * FROM Windows},
     else={ SELECT * FROM NonWindows})
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.client.info.md

@@ -17,7 +17,7 @@ NOTE: Do not modify the BasicInformation source since it is used to
 interrogate the clients.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Client.Info
 description: |
   Collect basic information about the client.
@@ -164,4 +164,5 @@ column_types:
   - name: LastLogin
     type: timestamp
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.client.profile.md

@@ -36,7 +36,7 @@ goroutines and heap profiles as distinct sources in a more readable
 way.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Client.Profile
 description: |
   This artifact collects profiling information about the running
@@ -173,4 +173,5 @@ column_types:
   - name: InUseBytes
     type: mb
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.client.rekey.md

@@ -21,7 +21,7 @@ client. Reduce this number if you need to rekey a lot of clients
 quickly.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Client.Rekey
 description: |
   This artifact forces the client to reinitialize it's client id.
@@ -53,4 +53,5 @@ sources:
   - query:
       SELECT rekey(wait=Wait) FROM scope()
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.client.stats.md

@@ -6,7 +6,7 @@ tags: [Client Event Artifact]
 
 An Event artifact which generates client's CPU and memory statistics.
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Client.Stats
 description: An Event artifact which generates client's CPU and memory statistics.
 parameters:
@@ -108,4 +108,5 @@ column_types:
   - name: ClientId
     type: client_id
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.client.trace.md

@@ -15,7 +15,7 @@ until the timeout is reached.
 Minimum Version: 0.6.8
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Client.Trace
 description: |
   This artifact collects profiling information about the running
@@ -41,4 +41,5 @@ sources:
        FROM clock(start=0, period=FrequencySec)
     })
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.client.vql.md

@@ -7,7 +7,7 @@ tags: [Client Artifact]
 Run arbitrary VQL on the endpoint.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Client.VQL
 description: |
   Run arbitrary VQL on the endpoint.
@@ -23,4 +23,5 @@ sources:
   - query: |
       SELECT * FROM query(query=Command)
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.collectors.file.md

@@ -9,7 +9,7 @@ device. The globs will be searched in one pass - so you can provide
 many globs at the same time.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Collectors.File
 description: |
    Collects files using a set of globs. All globs must be on the same
@@ -97,4 +97,5 @@ sources:
                Created, Modified, LastAccessed
         FROM uploaded_files
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.collectors.sqlecmd.md

@@ -28,7 +28,7 @@ This artifact is deprecated in favor of
 Generic.Forensic.SQLiteHunter and will be removed in future
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Collectors.SQLECmd
 description: |
   Many applications maintain internal state using SQLite
@@ -5327,4 +5327,5 @@ sources:
       SQLQuery=SQLQuery, FileType=FileType,
       IdentifyQuery=IdentifyQuery, IdentifyValue=IdentifyValue)
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.detection.hashhunter.md

@@ -15,7 +15,7 @@ For most performant searches leverage path, size and and date filters. By defaul
 the artifact leverages the 'auto' data accessor but can also be changed as desired.  
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Detection.HashHunter
 author: "Matt Green - @mgreen27"
 description: |
@@ -117,4 +117,5 @@ sources:
         FROM if(condition= HashSelector.Hash, then= find_files)
         WHERE 
             ( Hash.MD5 in MD5List OR Hash.SHA1 in SHA1List OR Hash.SHA256 in SHA256List )
-```
+</code></pre>
+

content/artifact_references/pages/generic.detection.yara.glob.md

@@ -35,7 +35,7 @@ If upload is selected NumberOfHits is redundant and not advised as hits are
 grouped by path to ensure files only downloaded once.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Detection.Yara.Glob
 author: Matt Green - @mgreen27
 description: |
@@ -185,4 +185,5 @@ sources:
 column_types:
   - name: HitContext
     type: preview_upload
-```
+</code></pre>
+

content/artifact_references/pages/generic.detection.yara.zip.md

@@ -32,7 +32,7 @@ symlinks. Yara is not applied to the containers, only contained contents
 that are not containers.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Detection.Yara.Zip
 author: "Matt Green - @mgreen27"
 description: |
@@ -168,4 +168,5 @@ sources:
 column_types:
   - name: HitContext
     type: preview_upload
-```
+</code></pre>
+

content/artifact_references/pages/generic.forensic.carving.urls.md

@@ -8,7 +8,7 @@ Carve URLs from files located in a glob. Note that we do not parse
 any files - we simply carve anything that looks like a URL.
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Forensic.Carving.URLs
 description: |
   Carve URLs from files located in a glob. Note that we do not parse
@@ -42,4 +42,5 @@ sources:
                regex="(?P<URL>https?:\\/\\/[\\w\\.-]+[\\/\\w \\.-]*)")
           })
 
-```
+</code></pre>
+

content/artifact_references/pages/generic.forensic.hashlookup.md

@@ -21,7 +21,7 @@ FROM source()
 ```
 
 
-```yaml
+<pre><code class="language-yaml">
 name: Generic.Forensic.HashLookup
 description: |
   This artifact is a server event artifact that collects hashes from
@@ -61,4 +61,5 @@ sources:
          })
       }, async=TRUE)
 
-```
+</code></pre>
+