What Is Velociraptor?
Velociraptor is an open-source endpoint monitoring, digital forensic and cyber response platform. It has agents on the endpoints that allow you to query endpoint data before, during, and after an attack.
Integration Actions
Velociraptor can launch Cyber Triage collections remotely using a PowerShell script and a custom “Velociraptor Artifact”, which is the name for the Velociraptor plug-in infrastructure.
Why Is It Useful?
Velociraptor allows you to analyze networks at scale and hunt for endpoints to investigate. Once you’ve decided to investigate and triage a single host, then you can use Cyber Triage to automate the process. This integration will deploy the Cyber Triage Collector to the endpoint, send data back to S3 (or some other location), and then into Cyber Triage for an in-depth analysis.
What Are the Deployment Options?
The integration can adapt to your environment. You’ll pick:
- Where the results go. You can save them to a local file, upload to cloud storage (S3/Azure), or send to a Cyber Triage server.
What Is the Required Cyber Triage Version?
Team.
Additional Links
For more information about this integration contact our sales team: sales@cybertriage.com.