ir-velociraptor

Solid

Endpoint visibility, digital forensics, and incident response using Velociraptor Query Language (VQL) for evidence collection and threat hunting at scale. Use when: (1) Conducting forensic investigations across multiple endpoints, (2) Hunting for indicators of compromise or suspicious activities, (3) Collecting endpoint telemetry and artifacts for incident analysis, (4) Performing live response and evidence preservation, (5) Monitoring endpoints for security events, (6) Creating custom forensic artifacts for specific threat scenarios.

DevOps & Infrastructure 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%
84
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
0
Description 5%
100

Skill Content

# Velociraptor Incident Response ## Overview Velociraptor is an endpoint visibility and forensics platform for collecting host-based state information using Velociraptor Query Language (VQL). It operates in three core modes: **Collect** (targeted evidence gathering), **Monitor** (continuous event capture), and **Hunt** (proactive threat hunting). **When to use this skill**: - Active incident response requiring endpoint evidence collection - Threat hunting across enterprise infrastructure - Digital forensics investigations and timeline analysis - Endpoint monitoring and anomaly detection - Custom forensic artifact development for specific threats ## Quick Start ### Local Forensic Triage (Standalone Mode) ```bash # Download Velociraptor binary for your platform # https://github.com/Velocidex/velociraptor/releases # Run GUI mode for interactive investigation velociraptor gui # Access web interface at https://127.0.0.1:8889/ # Default admin credentials shown in console output ``` ### Enterprise Server Deployment ```bash # Generate server configuration velociraptor config generate > server.config.yaml # Start server velociraptor --config server.config.yaml frontend # Generate client configuration velociraptor --config server.config.yaml config client > client.config.yaml # Deploy clients across endpoints velociraptor --config client.config.yaml client ``` ## Core Incident Response Workflows ### Workflow 1: Initial Compromise Investigation Progress: [ ] 1. Identify ...

Details

Author
aiskillstore
Repository
aiskillstore/marketplace
Created
5 months ago
Last Updated
today
Language
Python
License
None

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

implementing-velociraptor-for-ir-collection

Deploy and configure Velociraptor for scalable endpoint forensic artifact collection during incident response using VQL queries, hunts, and pre-built artifact packs across Windows, Linux, and macOS environments.

13,115 Updated today
mukul975
API & Backend Featured

performing-endpoint-forensics-investigation

Performs digital forensics investigation on compromised endpoints including memory acquisition, disk imaging, artifact analysis, and timeline reconstruction. Use when investigating security incidents, collecting evidence for legal proceedings, or analyzing endpoint compromise scope. Activates for requests involving endpoint forensics, memory analysis, disk forensics, or incident investigation.

13,115 Updated today
mukul975
AI & Automation Listed

dfir

Digital forensics and incident response - Windows event log analysis, PCAP forensics, filesystem artifact analysis, AD attack detection, and timeline correlation. Use when investigating security incidents, analyzing Sherlocks, or performing threat hunting on provided evidence files.

6 Updated yesterday
26zl
API & Backend Solid

forensics-osquery

SQL-powered forensic investigation and system interrogation using osquery to query operating systems as relational databases. Enables rapid evidence collection, threat hunting, and incident response across Linux, macOS, and Windows endpoints. Use when: (1) Investigating security incidents and collecting forensic artifacts, (2) Threat hunting across endpoints for suspicious activity, (3) Analyzing running processes, network connections, and persistence mechanisms, (4) Collecting system state during incident response, (5) Querying file hashes, user activity, and system configuration for compromise indicators, (6) Building detection queries for continuous monitoring with osqueryd.

335 Updated today
aiskillstore
AI & Automation Listed

forensics-assist

Digital-forensics assistant for IR context — memory analysis via Volatility 3, disk-imaging hygiene (write-blocker, hash validation), timeline reconstruction via plaso/log2timeline, file-system artifacts per OS. Audit-grade evidence; courtroom-grade chain of custody requires additional specialized forensics work.

4 Updated 1 weeks ago
roodlicht