velociraptor
by Velocidex
Velociraptor is a powerful tool for endpoint visibility and data collection using VQL queries.
Digging Deeper....
Primary Use Case
Velociraptor is primarily used by security professionals for endpoint protection and threat hunting. It allows users to collect and analyze host-based state information to detect and respond to security threats effectively.
- Endpoint visibility and data collection
- Uses Velociraptor Query Language (VQL) for queries
- Supports multiple platforms: Windows, Linux, MacOS
- GUI for easy management and deployment
- Docker support for server deployment
- Local triage tool capabilities
Installation
- Download the binary from the release page for your platform.
- Start the GUI with the command: velociraptor gui
- For Docker deployment, follow instructions at: https://github.com/weslambert/velociraptor-docker
- To build from source, ensure Golang, gcc, make, and Node.js are installed.
- Clone the repository: git clone https://github.com/Velocidex/velociraptor.git
- Build the GUI elements: cd gui/velociraptor/ and npm install
- Build the webpack bundle: make build
- Build production binaries: make linux or make windows
Usage
>_ velociraptor guiStarts the Velociraptor GUI, Frontend, and a local client for artifact collection.
>_ make buildBuilds the webpack bundle for the GUI.
>_ make linuxBuilds production binaries for Linux.
>_ make windowsBuilds production binaries for Windows.
- Repurposing: Velociraptor can be adapted for digital forensics by using its data collection capabilities to gather evidence for post-incident analysis.
- Chaining: Combine Velociraptor with SIEM tools like Splunk for real-time alerting and deeper insights by correlating endpoint data with network logs.
- Evasion/Detection: Attackers might attempt to disable Velociraptor agents or obfuscate their activities. Implementing integrity checks and monitoring agent status can help detect such attempts.
- Data Fusion: Integrate Velociraptor outputs with threat intelligence platforms to enrich collected data with contextual threat information, enhancing threat hunting capabilities.
- Automation: Use orchestration tools like Ansible or Puppet to automate the deployment and configuration of Velociraptor across large environments, ensuring consistent and rapid deployment.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about velociraptor. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
rustdesk
rustdesk/rustdesk
An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
osquery
osquery/osquery
SQL powered operating system instrumentation, monitoring, and analytics.
macOS-Security-and-Privacy-Guide
drduh/macOS-Security-and-Privacy-Guide
Community guide to securing and improving privacy on macOS.
How-To-Secure-A-Linux-Server
imthenachoman/How-To-Secure-A-Linux-Server
An evolving how-to guide for securing a Linux server.
Atlas
Atlas-OS/Atlas
🚀 An open and lightweight modification to Windows, designed to optimize performance, privacy and usability.
fail2ban
fail2ban/fail2ban
Daemon to ban hosts that cause multiple authentication errors