Velociraptor supports multiple orgs in a fully multi tenancy configuration.
Orgs
Org
is completely separated:By default the Velociraptor gui
command creates two orgs. Switch to
the second org sing the GUI's user preferences tab.
You can use the Server.Orgs.NewOrg artifact to create a new org
Roles
are bundles of permissions - just a convenience! Extra
permissions can also be given.The default roles:
org_admin
administrator
reader
api
analyst
investigator
artifact_writer
If using basic authentication you can change the user's password here as well.
By default the initial role assigned is reader
User roles and permissions are only effective within an org. The same user can have different roles in different orgs.
To delete a user, simply remove all their roles from an org.
Server.Utils.CreateMSI
artifact.The prepared MSI contains the relevant embedded config and is ready for installation.
Velociraptor is a very powerful platform and requires strong auditing.
It is also possible to forward audit events off system (remote syslog or Open Search server)