Interrogation - Make the endpoint tell us what it knows!

Interrogation is the process of learning general information about the endpoint we are monitoring. Each endpoint is automatically interrogated when it first joins the Velociraptor server, and the GUI shows this general information about each client.

When writing Velociraptor we decided to keep things very simple - we did away with a lot of the information gathered during interrogate in favor of a much simpler data model.


Design differences between Velociraptor and GRR

One of the main motivators for developing Velociraptor is the opportunity to try different approaches than GRR. Velociraptor has a number of fundamental design differences in contrast with the GRR design which improve overall performance and scalability. We tried to keep it light weight cutting out the features we think we did not need and leaving behind a fast, lean and mean raptor!


Velocidex Query Language (VQL)

Velociraptor is powered by VQL and VQL is the killer feature which makes it so powerful. But what exactly is VQL? This section is a quick overview of VQL.


Introducing Velociraptor

Hunting and responding like a raptor!

At Velocidex we have been running open source endpoint monitoring tools for our clients in order to detect and respond to incidents. One of our favorite tools is GRR, developed by Google internally and then released as open source. GRR is a very powerful tool, with a polished UI and good documentation.

Unfortunately the open source version released by Google suffers from some shortcomings and so we have decided to develop a new project, built on the shoulders of giants called Velociraptor.