Velociraptor is a cool name for a dinosaur, let alone a software package. I did a course today with one of the developers, and it looks like a great FOSS solution to EDR and threat hunting.
First, download the package from the releases page. It’s a very small, self contained file.
Here’s my notes from the day.
To configure the client
rem make the install dir
mkdir "c:\Program Files\Velociraptor\"
rem make the config file
velociraptor.exe --config velo_client.yaml config client > velo_client.yaml
rem connect the client
velociraptor.exe --config velo_client.yaml client -v
To run the server
velociraptor --config velo.config.yaml frontend -v
API client configuration
velociraptor.exe --config velo.config.yaml config api_client > api_client.config.yaml
To mount a connection to the client as a filesystem..
velociraptor --api_config api_client.config.yaml -v fuse q: C.5eedea6daec2f84c
I’m sure I’ll write more on this one day, but … it’s late and I’m tired and the wolves are nipping at my heels. 😇