What did we not cover?

  • Velociraptor has a lot more than we were able to cover here:
  • Many more sources of data: Event logs, ETW, WMI eventing
  • Multi-Platform: Linux, MacOS, Windows, FreeBSD
  • Endpoint monitoring in real time: Detect and identify compromises in real time!
  • Automatic remediation: Apply active remediation to remove the driver and ensure all endpoints are clean.
  • Server automation and monitoring in real time with a python API.
1
What did we not cover? Velociraptor has a lot more than we were able to cover here: Many more sources of data: Event logs, ETW, WMI eventing Multi-Platform: Linux, MacOS, Windows, FreeBSD Endpoint monitoring in real time: Detect and identify compromises in real time! Automatic remediation: Apply active remediation to remove the driver and ensure all endpoints are clean. Server automation and monitoring in real time with a python API.