icon depicting Query your devices

Query your devices

Using a flexible and powerful query language.

No need to modify code or deploy new endpoint software to collect new information.
icon depicting Centrally collect data

Centrally collect data

Collect ongoing monitoring telemetry.

Collect data such as event logs, file modification and process execution logs. You can customize what is monitored precisely.
icon depicting Trigger actions

Trigger actions

When certain conditions occur, trigger automated response actions.

Actions can be simple escalations such as email escalations or machine lockout. They can also be more complex like automating evidence acquisition.
icon depicting Triage

Triage

Automatically collect the most important information using Artifacts.

Artifacts embody tried and tested expert knowledge of forensic artifacts. You can use this knowledge at a press of a button, or write new artifacts to share with the community.
icon depicting Endpoint monitoring

Endpoint monitoring

Easily monitor your end points for high value events.

Monitoring is performed by the endpoint iteself. So it works even when the client is offline.
icon depicting Interactively investigate an endpoint

Interactively investigate an endpoint

Interactively examine end points remotely

Collect detailed state information for incident response or digital forensics (DFIR).

Velociraptor Artifacts

image depicting an example of Flexible and Fast

Flexible and Fast

Rapidly hunt for new specific threats across all your endpoints! Simply add a new artifact or modify an existing one and immediately hunt for it across your entire infrastructure.

Flexible and Fast

image depicting an example of  Free and Opensource software

Free and Opensource software

Velociraptor is released under the GNU Affero General Public License. This means you can use it, modify it and deploy it without restrictions.

View License.

Depoloy in minutes.

Velociraptor works on macOS, Windows, Linux, FreeBSD, and others.

Velociraptor is distributed as a statically linked single binary. This ensures it does not require run time dependencies like dlls, or libraries to be present on the system.

applecentosubuntuwindowslinux

Create new deployment in seconds.

$ velociraptor config generate > server.config.yaml

Add a GUI user

$ velociraptor --config server.config.yaml user add mic

Start the frontends

$ velociraptor --config server.config.yaml frontend -v
Github Logo

We welcome all contributions

Velociraptor is open-source and completely free.

Our community of contributors make Velociraptor great.