Velociraptor
Defensive edr
Open Source
Endpoint monitoring and digital forensics
Platforms:
linux windows macos
Prerequisites:
forensics-basics endpoint-security
Pros and Cons
Ventajas
- + Very powerful VQL
- + Scales to thousands of endpoints
- + Predefined forensic artifacts
- + Open-source
- + Hunting capabilities
Desventajas
- - Learning curve for VQL
- - UI could improve
- - Requires infrastructure
Casos de Uso
- Incident response
- Threat hunting
- Digital forensics
- Endpoint monitoring