Velociraptor Deployment

# Velociraptor Notebooks

## Post processing

---

## What are Velociraptor Notbooks?

* Interactive evaluation environment
* Collaborative
* Allows for drilling into data
* Central place to document investigation

---

## Creating a notebook

![](create_new_notebook.png)

---

## Creating a notebook
### Select the initial template

![](create_new_notebook_template.png)

---

## Creating a notebook

![](new_notebook.png)

---

## Creating a custom template

* Notebooks are built from a template
* Templates are just a special kind of artifact
* You can get the notebook for this workshop <a href="artifact.yaml">Here</a>

---

## Exercise - Add notebook template

* Copy the template for this workshop into the artifact editor.
* Make sure to save the file and open it in notepad
    * Sometimes copy/paste does not work because the browser corrupts
      the text

---

## Exercise - Add notebook template

![](add_notebook_template.png)

---

## Exercise - Workshop template

![](workshop_template.png)

---

## Exercise - Workshop template

![](workshop.png)

---

## Types of notebook

1. Global Notebooks: Used to collect finished analysis cells
    * Usually contains information from multiple hunts/collections.

2. Flow Notebooks: Operate on the result of collections
3. Hunt Notebooks: Operate on the result of hunts.

---

## Exercise: Copy cell from collection

* Copy a cell from your collection to the global notebook.

![](copy_cell.png)

---

## Exercise: Copy cell from collection

![](copy_cell_2.png)

---

## Exercise: Copy cell from collection

![](copy_cell_3.png)

---

## Global notebooks

* Use global notebooks as a central place to collate findings
* Share the notebook with specific collaborators or publicly (to all
  users on the server).
* When ready, export the notebook for evidentiary storage.