Velociraptor Blog

The Velociraptor API and FUSE


We have previously shown how the Velociraptor API provides a powerful mechanism to integrate and automate. In this post we demonstrate an example of a program which takes advantage of the API to present the client's VFS as a FUSE filesystem. »

Agentless hunting with Velociraptor


There has been a lot of interest lately in "Agentless hunting" especially using PowerShell. This blog post explores an agentless deployment scenario, where we do not want to install Velociraptor permanently on the end point, but rather push it to end points temporarily to collect specific artifacts. »

Alerting on event patterns


We have shown in earlier posts how Velociraptor uses VQL to define event queries that can detect specific conditions. These conditions can be used to create alerts and escalation actions. »

Velociraptor Performance


We are often asked how many resources does a Velociraptor deployment use? How should one spec a machine for a Velociraptor deployment? »

Velociraptor's client communications


In the latest point release of the Velociraptor IR tool (0.2.3) we have improved upon GRR's client communications protocol to deliver a fast and efficient, yet extremely responsive client communication. This post explains the design of the client communication and how it solves the problems with the old GRR's client communication. »

The Velociraptor Python API


Velociraptor usually is only a part of a wider solution which might include a SIEM and SOC integration. In order to facilitate interoperability with other tools, Velociraptor now offers an external API. »