This is used by VQL plugins that change server state to make sure the VQL query is running inside a valid frontend. Since VQL queries can run with the velociraptor query command it is possible they are just running on the same server as Velociraptor (and therefore the data store is still visible) but it is important to make sure the datastore is not modified outside the proper frontend process.
This is because many services are now caching data in memory and changing the underlying data stored will not be immediately visible to them causing confusion to users.
This is used by VQL plugins that change server state to make sure the VQL query is running inside a valid frontend. Since VQL queries can run with the
velociraptor querycommand it is possible they are just running on the same server as Velociraptor (and therefore the data store is still visible) but it is important to make sure the datastore is not modified outside the proper frontend process.This is because many services are now caching data in memory and changing the underlying data stored will not be immediately visible to them causing confusion to users.