<!-- .slide: class="content small-font" --> ## What did we not cover? * Velociraptor has a lot more than we were able to cover here: * Many more sources of data: Event logs, ETW, WMI eventing * Multi-Platform: Linux, MacOS, Windows, FreeBSD * Endpoint monitoring in real time: Detect and identify compromises in real time! * Automatic remediation: Apply active remediation to remove the driver and ensure all endpoints are clean. * Server automation and monitoring in real time with a python API. --- <!-- .slide: class="content" --> ## Conclusions * In this workshop we introduced Velociraptor - a powerful endpoint visibility solution, as used in a typical DFIR exercise. * We introduced VQL and gave some examples… * Searching for files, * registry keys and other endpoint state Hunting everywhere --- <!-- .slide: class="content" --> ## Conclusions We only scratched the surface of what Velociraptor can do! Check out the following links and join our community… <table class="noborder"> <tr> <td>Docs</td><td> <a href="https://docs.velociraptor.app/">https://docs.velociraptor.app/</a> </td> </tr> <tr> <td>Github</td><td> <a href="https://github.com/Velocidex/velociraptor">https://github.com/Velocidex/velociraptor</a> </td> </tr> <tr> <td>Discord</td><td> <a href="https://docs.velociraptor.app/discord/">https://docs.velociraptor.app/discord/</a> </td> </tr> <tr> <td>Mailing list</td><td> <a href="mailto:velociraptor-discuss@googlegroups.com">velociraptor-discuss@googlegroups.com</a> </td> </tr> </table>